Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

searchqu set as homepage

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

searchqu set as homepage

Unread postby Koorana » May 31st, 2011, 6:05 am

hi Malware Removal,
i have recieved the searchqu virus and after several attempts i have failed to remove it.
i would appreciate it if you could help get rid of this annoyance before i literally throw my computer out the window.

DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048
Run by at 19:54:20 on 2011-05-31
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2047.841 [GMT 10:00]
.
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\cracked steam\steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Liam\Documents\dds.com
C:\Windows\system32\WSCRIPT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=ASUS
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=ASUS
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=ASUS
uInternet Settings,ProxyServer = hxxp:5555
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfir.dll
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfir.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfir.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi371a~1\datamngr\IEBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfir.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dll
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Cracked Steam Service] "c:\program files\cracked steam\Cracked Steam.exe" /SERVICE
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [P2Go_Menu] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/rende ... 0.5.03.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll c:\progra~1\google\google~1\GOEC62~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2009-4-4 15416]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-6 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-6 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-6 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110527.001\IDSvix86.sys [2011-5-28 353912]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-5-25 1336712]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-6 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-10 105592]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2007-6-20 47616]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-2-6 48688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-25 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-4-4 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-31 06:32:14 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-05-30 10:12:47 -------- d-----w- c:\users\liam\appdata\roaming\SUPERAntiSpyware.com
2011-05-30 10:12:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-30 10:12:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-30 09:33:32 388096 ----a-r- c:\users\liam\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-30 09:33:28 -------- d-----w- c:\program files\Trend Micro
2011-05-30 06:39:07 -------- d-----w- c:\program files\Windows iLivid Toolbar
2011-05-30 06:38:44 -------- d-----w- c:\users\liam\appdata\local\PackageAware
2011-05-29 07:26:15 -------- d-----w- C:\CFLog
2011-05-26 10:30:49 -------- d-----w- c:\program files\Convert AVI to MP4
2011-05-26 04:30:22 -------- d-----w- c:\program files\common files\Steam
2011-05-26 04:29:15 -------- d-----w- c:\program files\Cracked Steam
2011-05-26 03:52:08 -------- d-----w- c:\program files\Lame For Audacity
2011-05-23 09:57:52 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-05-23 09:57:47 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-05-23 09:57:40 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-05-23 09:57:40 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-05-23 09:57:12 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-05-23 09:49:58 -------- d-----w- c:\program files\Microsoft XNA
2011-05-23 09:43:54 -------- d-----w- c:\program files\Microsoft SQL Server
2011-05-23 09:43:22 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-05-23 09:42:05 188128 ----a-w- c:\programdata\microsoft\vcsexpress\10.0\1033\ResourceCache.dll
2011-05-23 09:37:59 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-05-23 09:37:58 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-05-23 09:10:09 2560 ----a-w- c:\windows\system32\msimsg.dll
2011-05-23 09:09:35 73216 ----a-w- c:\windows\system32\msiexec.exe
2011-05-23 09:09:35 332800 ----a-w- c:\windows\system32\msihnd.dll
2011-05-23 09:09:35 16384 ----a-w- c:\windows\system32\msisip.dll
2011-05-23 09:09:34 2241536 ----a-w- c:\windows\system32\msi.dll
2011-05-23 06:45:09 -------- d-----w- c:\program files\Audacity
2011-05-21 11:46:33 -------- d-----w- c:\users\liam\appdata\local\PunkBuster
2011-05-21 10:51:07 -------- d-----w- c:\program files\Activision
2011-05-15 08:43:00 -------- d-----w- c:\program files\PowerISO
2011-05-12 06:55:33 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-08 05:35:31 -------- d-----w- c:\program files\YouTube Downloader
.
==================== Find3M ====================
.
2011-05-21 11:47:01 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-21 11:47:01 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-21 11:46:46 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-21 11:07:06 22328 ----a-w- c:\users\liam\appdata\roaming\PnkBstrK.sys
2011-04-21 00:35:11 98816 ----a-w- c:\users\liam\gv_helper.exe
2011-04-14 07:47:32 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-04-09 08:55:44 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 08:55:42 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-06 06:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 06:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 14:56:29 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56:26 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56:25 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56:25 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:01:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2008-07-02 02:28:38 61440 ----a-w- c:\program files\common files\CPInstallAction.dll
.
============= FINISH: 19:56:52.53 ===============
Koorana
Active Member
 
Posts: 9
Joined: May 31st, 2011, 5:58 am
Advertisement
Register to Remove

Re: searchqu set as homepage

Unread postby deltalima » June 2nd, 2011, 3:40 am

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: searchqu set as homepage

Unread postby deltalima » June 2nd, 2011, 3:54 am

Hi Koorana,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select: Run as Administrator.. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: searchqu set as homepage

Unread postby Koorana » June 3rd, 2011, 6:29 pm

Hi Delta here are the logs you requested,

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-04 06:50:16
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9250320AS rev.0303
Running: v041zz53.exe; Driver: C:\Users\Liam\AppData\Local\Temp\kwtdapoc.sys


---- System - GMER 1.0.15 ----

SSDT 86AC3788 ZwAlertResumeThread
SSDT 86AB7068 ZwAlertThread
SSDT 86AD4220 ZwAllocateVirtualMemory
SSDT 8695B8A8 ZwAlpcConnectPort
SSDT 86AD4910 ZwAssignProcessToJobObject
SSDT 86AE54B8 ZwCreateMutant
SSDT 86A40E50 ZwCreateSymbolicLinkObject
SSDT 86A71A40 ZwCreateThread
SSDT 86AD6EF0 ZwDebugActiveProcess
SSDT 86A16B68 ZwDuplicateObject
SSDT 86ADB2A0 ZwFreeVirtualMemory
SSDT 86ACAD20 ZwImpersonateAnonymousToken
SSDT 86ACA110 ZwImpersonateThread
SSDT 868EF2B8 ZwLoadDriver
SSDT 86ADDBE0 ZwMapViewOfSection
SSDT 86AC4078 ZwOpenEvent
SSDT \??\C:\Windows\system32\drivers\EagleXNt.sys ZwOpenProcess [0xC561BE90]
SSDT 86A7D698 ZwOpenProcessToken
SSDT 86ACE630 ZwOpenSection
SSDT 86AD9DF0 ZwOpenThread
SSDT 86AD9748 ZwProtectVirtualMemory
SSDT 86A6E5F8 ZwResumeThread
SSDT 86A6D6E0 ZwSetContextThread
SSDT 86ADE180 ZwSetInformationProcess
SSDT 86ACFF70 ZwSetSystemInformation
SSDT 86ACFAE8 ZwSuspendProcess
SSDT \??\C:\Windows\system32\drivers\EagleXNt.sys ZwSuspendThread [0xC561BFE0]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8E4E1620]
SSDT \??\C:\Windows\system32\drivers\EagleXNt.sys ZwTerminateThread [0xC561C230]
SSDT 86A71410 ZwUnmapViewOfSection
SSDT \??\C:\Windows\system32\drivers\EagleXNt.sys ZwWriteVirtualMemory [0xC561BD20]
SSDT 86AE5248 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ExfAcquirePushLockExclusive + 75E 8263C9CC 4 Bytes CALL 858E5AC9
.text ntkrnlpa.exe!KeSetTimerEx + 350 826BB974 8 Bytes [88, 37, AC, 86, 68, 70, AB, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 364 826BB988 4 Bytes [20, 42, AD, 86]
.text ntkrnlpa.exe!KeSetTimerEx + 370 826BB994 4 Bytes [A8, B8, 95, 86]
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 826BB9E8 4 Bytes [10, 49, AD, 86]
.text ntkrnlpa.exe!KeSetTimerEx + 428 826BBA4C 4 Bytes [B8, 54, AE, 86]
.text ...
PAGE ntkrnlpa.exe!ZwReadVirtualMemory + 8 827DE1D1 4 Bytes CALL 855FF3C1
PAGE ntkrnlpa.exe!ZwWriteVirtualMemory + 8 8281103B 4 Bytes CALL 854631E9
PAGE ntkrnlpa.exe!NtOpenProcess + 29 82814F1B 4 Bytes CALL 80FE01B9
PAGE ntkrnlpa.exe!NtClose + 1C 82820CC1 4 Bytes CALL 84F8FE79
PAGE ntkrnlpa.exe!NtDeviceIoControlFile + 26 82839E39 4 Bytes CALL 858A0A31
PAGE ntkrnlpa.exe!ZwQueryPerformanceCounter + E2 8284F80F 4 Bytes CALL 850877A1
PAGE ntkrnlpa.exe!ZwQueryPerformanceCounter + BF7 82850324 4 Bytes CALL 855F0269
PAGE ntkrnlpa.exe!ZwGetContextThread + 2C 82855CAA 4 Bytes CALL 858A09B1
PAGE ntkrnlpa.exe!ZwGetContextThread + 5B 82855CD9 4 Bytes CALL 858A0991
PAGE ntkrnlpa.exe!ZwSuspendThread + EC 82855DD6 4 Bytes CALL 85841321
PAGE ntkrnlpa.exe!ZwSetContextThread + 2C 8289825F 4 Bytes CALL 858BFC09
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8D40D000, 0x1F875A, 0xE8000020]
? C:\Windows\system32\drivers\EagleXNt.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!LdrLoadDll 77A279B3 5 Bytes JMP 02220780 C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll (IEHelper/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtClose 77A57BB8 5 Bytes JMP 10047D70 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtCreateKey 77A57CB8 2 Bytes JMP 10047CF0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtCreateKey + 3 77A57CBB 2 Bytes [5F, 98] {POP EDI; CWDE }
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtDeleteKey 77A58068 5 Bytes JMP 10047D90 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtDeleteValueKey 77A58098 5 Bytes JMP 10047DB0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtMapViewOfSection 77A583C8 5 Bytes JMP 044C003A
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtOpenKey 77A58488 5 Bytes JMP 10047D20 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtQueryValueKey 77A58878 5 Bytes JMP 10047C90 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtSetValueKey 77A58CF8 5 Bytes JMP 10047CC0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!SetWindowsHookExW 776D7B69 5 Bytes JMP 6EA89B01 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!CallNextHookEx 776D8C33 5 Bytes JMP 6EA7D125 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!DialogBoxIndirectParamW 776DBD25 5 Bytes JMP 6EB85117 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!CreateWindowExW 776E3D67 5 Bytes JMP 6EA8DB5C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!DialogBoxParamW 776F1FD5 5 Bytes JMP 6E9B54BD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!UnhookWindowsHookEx 777008BE 5 Bytes JMP 6E9F4664 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!DialogBoxParamA 777180B2 5 Bytes JMP 6EB850B4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!DialogBoxIndirectParamA 777183DD 5 Bytes JMP 6EB8517A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxIndirectA 7772D471 5 Bytes JMP 6EB85049 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxIndirectW 7772D56B 5 Bytes JMP 6EB84FDE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxExA 7772D5D1 5 Bytes JMP 6EB84F7C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxExW 7772D5F5 5 Bytes JMP 6EB84F1A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ole32.dll!OleLoadFromStream 76129794 5 Bytes JMP 6EB8547F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ole32.dll!CoRevokeInitializeSpy + 109 76146173 7 Bytes JMP 044C00F7
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ole32.dll!CoCreateInstance 7615E2D8 5 Bytes JMP 6EA8DBB8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ole32.dll!CoCreateInstance + 3E 7615E316 7 Bytes JMP 044C01B1
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!LdrLoadDll 77A279B3 5 Bytes JMP 02430780 C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll (IEHelper/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!NtClose 77A57BB8 5 Bytes JMP 10047D70 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!NtCreateKey 77A57CB8 2 Bytes JMP 10047CF0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!NtCreateKey + 3 77A57CBB 2 Bytes [5F, 98] {POP EDI; CWDE }
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!NtDeleteKey 77A58068 5 Bytes JMP 10047D90 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!NtDeleteValueKey 77A58098 5 Bytes JMP 10047DB0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!NtOpenKey 77A58488 5 Bytes JMP 10047D20 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!NtQueryValueKey 77A58878 5 Bytes JMP 10047C90 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!NtSetValueKey 77A58CF8 5 Bytes JMP 10047CC0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!DialogBoxIndirectParamW 776DBD25 5 Bytes JMP 6EB85117 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!CreateWindowExW 776E3D67 5 Bytes JMP 6EA8DB5C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!DialogBoxParamW 776F1FD5 5 Bytes JMP 6E9B54BD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!DialogBoxParamA 777180B2 5 Bytes JMP 6EB850B4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!DialogBoxIndirectParamA 777183DD 5 Bytes JMP 6EB8517A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!MessageBoxIndirectA 7772D471 5 Bytes JMP 6EB85049 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!MessageBoxIndirectW 7772D56B 5 Bytes JMP 6EB84FDE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!MessageBoxExA 7772D5D1 5 Bytes JMP 6EB84F7C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!MessageBoxExW 7772D5F5 5 Bytes JMP 6EB84F1A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ole32.dll!CoCreateInstance 7615E2D8 5 Bytes JMP 02432C50 C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll (IEHelper/Discordia, LTD)
.text c:\program files\cracked steam\steam.exe[4600] kernel32.dll!CreateProcessW 77081C01 5 Bytes JMP 65FBBF00 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] kernel32.dll!CreateProcessA 77081C36 5 Bytes JMP 65FBBD40 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] kernel32.dll!LoadLibraryExW 770A30C3 7 Bytes JMP 65FBC230 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] kernel32.dll!LoadLibraryW 770A361F 5 Bytes JMP 65FBC120 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] kernel32.dll!LoadLibraryExA 770A9469 5 Bytes JMP 65FBC1A0 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] kernel32.dll!LoadLibraryA 770A9491 5 Bytes JMP 65FBC0A0 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] kernel32.dll!GetEnvironmentVariableA 770ACD38 5 Bytes JMP 65FBC550 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] kernel32.dll!GetProcAddress 770CB8B6 5 Bytes JMP 65FBC2D0 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] ADVAPI32.dll!RegOpenKeyExW 7763F09D 5 Bytes JMP 65FBC380 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] ole32.dll!StringFromGUID2 7615E6EE 5 Bytes JMP 65FBC460 c:\program files\cracked steam\SmartSteam.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

Device \Driver\kbdclass \Device\KeyboardClass0 A30DA1A8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes

---- EOF - GMER 1.0.15 ----

here is the OTL,

OTL logfile created on: 3/06/2011 4:33:04 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Liam\Documents
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.78% Memory free
4.23 Gb Paging File | 3.09 Gb Available in Paging File | 72.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 16.08 Gb Free Space | 13.81% Space Free | Partition Type: NTFS
Drive D: | 104.73 Gb Total Space | 85.18 Gb Free Space | 81.34% Space Free | Partition Type: NTFS
Drive I: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 930.86 Gb Total Space | 572.90 Gb Free Space | 61.54% Space Free | Partition Type: NTFS

Computer Name: LIAM-PC | User Name: Liam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Liam\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
PRC - c:\Program Files\Cracked Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Liam\Documents\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Norton Internet Security) -- File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll ()
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110602.019\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110602.019\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110602.001\IDSvix86.sys (Symantec Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (msloop) -- C:\Windows\System32\drivers\loop.sys (Microsoft Corporation)
DRV - (RTL8187) -- C:\Windows\System32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=ASUS
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 6E 4D FD 7E EF CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http:5555
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = ninemsn.com.au

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/01/18 16:26:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge

[2011/04/01 18:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Liam\AppData\Roaming\Mozilla\Firefox\extensions
[2011/04/01 18:18:29 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Liam\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Cracked Steam Service] C:\Program Files\Cracked Steam\Cracked Steam.exe (Anti-Valve Software )
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://nxcache.nexon.net/mabinogi/rende ... 0.5.03.cab (MabinogiWebAvatarRenderer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Liam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Liam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/29 06:00:27 | 000,000,088 | ---- | M] () - I:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{1492de04-d42f-11df-9741-00248c8208aa}\Shell - "" = AutoRun
O33 - MountPoints2\{1492de04-d42f-11df-9741-00248c8208aa}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- [2010/01/22 10:13:40 | 003,330,848 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/03 16:04:11 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Liam\Documents\OTL.exe
[2011/05/31 19:54:06 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Liam\Documents\dds.com
[2011/05/31 16:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/05/31 16:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/05/31 16:31:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/30 20:12:47 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/30 20:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/30 20:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/30 20:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/30 19:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/30 19:33:28 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/30 16:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2011/05/30 16:38:44 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\PackageAware
[2011/05/29 17:26:27 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Cross Fire
[2011/05/29 17:26:15 | 000,000,000 | ---D | C] -- C:\CFLog
[2011/05/26 20:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convert AVI to MP4
[2011/05/26 20:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Convert AVI to MP4
[2011/05/26 14:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cracked Steam
[2011/05/26 14:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/05/26 14:29:15 | 000,000,000 | ---D | C] -- C:\Program Files\Cracked Steam
[2011/05/26 13:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2011/05/23 20:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft XNA Game Studio 4.0
[2011/05/23 19:57:52 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011/05/23 19:57:47 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011/05/23 19:57:40 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011/05/23 19:57:40 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011/05/23 19:57:12 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011/05/23 19:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/05/23 19:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2011/05/23 19:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/05/23 19:41:01 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Visual Studio 2010
[2011/05/23 19:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011/05/23 19:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011/05/23 19:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2011/05/23 19:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/05/23 19:10:09 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2011/05/23 19:09:35 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011/05/23 19:09:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2011/05/23 16:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2011/05/21 21:46:33 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\PunkBuster
[2011/05/21 21:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2011/05/21 20:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2011/05/18 18:13:24 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Kingdom Hearts Piano Collections Field & Battle
[2011/05/15 18:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2011/05/15 18:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2011/05/15 18:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/05/15 18:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/05/13 20:07:28 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Shark Picture
[2011/05/08 19:37:25 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/05/08 15:57:11 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Quick Music
[2011/05/08 15:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
[2011/05/08 15:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2011/05/08 09:30:57 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\My Games
[2011/05/07 21:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Halo Combat Evolved
[2011/05/06 17:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2008/06/03 16:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2008/05/22 09:38:59 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Users\Liam\Documents\*.tmp files -> C:\Users\Liam\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/03 16:26:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/03 16:26:16 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 16:26:16 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 16:26:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/03 16:26:02 | 2146,721,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/03 16:04:54 | 000,302,592 | ---- | M] () -- C:\Users\Liam\Documents\v041zz53.exe
[2011/06/03 16:04:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Liam\Documents\OTL.exe
[2011/06/03 08:19:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/02 20:27:32 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2D4ECED4-F694-4FEB-A786-9B14DD895488}.job
[2011/06/01 20:41:59 | 000,138,240 | ---- | M] () -- C:\Users\Liam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/31 19:54:16 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Liam\Documents\dds.com
[2011/05/31 19:52:52 | 000,002,521 | ---- | M] () -- C:\Users\Liam\Desktop\HiJackThis.lnk
[2011/05/30 20:12:38 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/28 15:16:43 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/27 17:34:40 | 000,000,700 | ---- | M] () -- C:\Users\Liam\Desktop\Fraps.lnk
[2011/05/26 14:35:59 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\Cracked Steam.lnk
[2011/05/24 20:18:38 | 000,627,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/24 20:18:38 | 000,116,318 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/24 15:53:48 | 000,391,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/23 16:45:11 | 000,000,759 | ---- | M] () -- C:\Users\Liam\Desktop\Audacity.lnk
[2011/05/22 18:55:11 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Liam.job
[2011/05/21 21:47:01 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/05/21 21:32:50 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk
[2011/05/21 21:32:50 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk
[2011/05/21 21:07:06 | 000,022,328 | ---- | M] () -- C:\Users\Liam\AppData\Roaming\PnkBstrK.sys
[2011/05/21 21:06:17 | 000,000,319 | ---- | M] () -- C:\Windows\game.ini
[2011/05/21 15:03:36 | 000,001,940 | ---- | M] () -- C:\Users\Liam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/20 07:36:38 | 005,144,978 | ---- | M] () -- C:\Users\Liam\Documents\Goofy goober rock!.mp3
[2011/05/20 07:33:08 | 003,368,162 | ---- | M] () -- C:\Users\Liam\Documents\Goofy goober rock!.flv
[2011/05/18 18:53:19 | 113,055,541 | ---- | M] () -- C:\Users\Liam\Documents\KH Piano Collections - Sheet Music.zip
[2011/05/18 17:56:19 | 091,564,854 | ---- | M] () -- C:\Users\Liam\Documents\kingdom hearts piano collections field & battle.rar
[2011/05/15 18:43:01 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/05/09 19:59:50 | 000,086,991 | ---- | M] () -- C:\Users\Liam\Documents\Dearly-Beloved.pdf
[2011/05/09 19:55:03 | 000,128,887 | ---- | M] () -- C:\Users\Liam\Documents\Reviving-Hollow-Bastion.pdf
[2011/05/08 15:35:32 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2011/05/07 21:43:28 | 000,000,617 | ---- | M] () -- C:\Users\Public\Desktop\Halo .lnk
[1 C:\Users\Liam\Documents\*.tmp files -> C:\Users\Liam\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/03 16:04:36 | 000,302,592 | ---- | C] () -- C:\Users\Liam\Documents\v041zz53.exe
[2011/05/30 20:12:38 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/30 19:33:28 | 000,002,521 | ---- | C] () -- C:\Users\Liam\Desktop\HiJackThis.lnk
[2011/05/26 14:29:48 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\Cracked Steam.lnk
[2011/05/23 16:45:11 | 000,000,771 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/05/23 16:45:11 | 000,000,759 | ---- | C] () -- C:\Users\Liam\Desktop\Audacity.lnk
[2011/05/21 21:32:50 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk
[2011/05/21 21:32:50 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk
[2011/05/21 21:06:17 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2011/05/20 07:33:18 | 005,144,978 | ---- | C] () -- C:\Users\Liam\Documents\Goofy goober rock!.mp3
[2011/05/20 07:33:08 | 003,368,162 | ---- | C] () -- C:\Users\Liam\Documents\Goofy goober rock!.flv
[2011/05/19 16:09:16 | 000,001,940 | ---- | C] () -- C:\Users\Liam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 18:53:17 | 113,055,541 | ---- | C] () -- C:\Users\Liam\Documents\KH Piano Collections - Sheet Music.zip
[2011/05/18 17:56:18 | 091,564,854 | ---- | C] () -- C:\Users\Liam\Documents\kingdom hearts piano collections field & battle.rar
[2011/05/15 18:43:01 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/05/09 19:59:49 | 000,086,991 | ---- | C] () -- C:\Users\Liam\Documents\Dearly-Beloved.pdf
[2011/05/09 19:55:02 | 000,128,887 | ---- | C] () -- C:\Users\Liam\Documents\Reviving-Hollow-Bastion.pdf
[2011/05/08 19:37:26 | 000,000,700 | ---- | C] () -- C:\Users\Liam\Desktop\Fraps.lnk
[2011/05/08 15:35:32 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2011/05/07 21:43:28 | 000,000,617 | ---- | C] () -- C:\Users\Public\Desktop\Halo .lnk
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/03 15:49:09 | 000,000,276 | ---- | C] () -- C:\Windows\System32\ms-securea.ini
[2011/01/18 17:27:02 | 000,000,006 | ---- | C] () -- C:\Users\Liam\AppData\Roaming\start_pal
[2010/12/25 11:59:35 | 000,006,123 | ---- | C] () -- C:\Users\Liam\AppData\Roaming\NMM-MetaData.db
[2010/05/09 11:16:06 | 000,000,552 | ---- | C] () -- C:\Users\Liam\AppData\Local\d3d8caps.dat
[2010/04/25 14:12:25 | 000,010,064 | -HS- | C] () -- C:\Users\Liam\AppData\Local\b5bq8uC1G1B
[2010/04/25 14:12:25 | 000,010,064 | -HS- | C] () -- C:\ProgramData\b5bq8uC1G1B
[2010/04/24 16:30:03 | 000,011,014 | -HS- | C] () -- C:\Users\Liam\AppData\Local\1171927190
[2010/04/24 16:30:03 | 000,011,014 | -HS- | C] () -- C:\ProgramData\1171927190
[2010/04/24 16:07:35 | 000,002,604 | -HS- | C] () -- C:\Users\Liam\AppData\Local\O5poq8wPv8FxG
[2010/04/24 16:07:35 | 000,002,604 | -HS- | C] () -- C:\ProgramData\O5poq8wPv8FxG
[2010/03/27 05:04:54 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/03/18 16:39:29 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/18 16:39:28 | 000,022,328 | ---- | C] () -- C:\Users\Liam\AppData\Roaming\PnkBstrK.sys
[2010/03/18 16:39:14 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/03/18 16:39:12 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/03/18 16:39:11 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/02/12 16:54:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/12 09:32:23 | 000,001,356 | ---- | C] () -- C:\Users\Liam\AppData\Local\d3d9caps.dat
[2010/01/05 13:13:03 | 000,138,240 | ---- | C] () -- C:\Users\Liam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/04 15:00:34 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2009/04/04 15:00:24 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/04/04 14:29:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/04 14:03:00 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/04 14:03:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/02 12:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008/05/23 02:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008/05/22 09:40:59 | 001,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/05/22 09:38:59 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/05/22 09:38:59 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/04/23 16:02:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/03/10 00:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/03/09 23:32:51 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/04 21:01:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/02/28 12:14:03 | 000,168,886 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/08/07 03:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 000,391,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,627,494 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,116,318 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 11:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/12/07 11:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll

========== Files - Unicode (All) ==========
[2009/04/04 14:05:32 | 000,000,899 | ---- | C] ()(C:\Users\Liam\Desktop\????????.lnk) -- C:\Users\Liam\Desktop\華碩獨家軟體介紹.lnk
[2009/01/23 16:13:21 | 000,000,899 | ---- | M] ()(C:\Users\Liam\Desktop\????????.lnk) -- C:\Users\Liam\Desktop\華碩獨家軟體介紹.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A2947BEA

< End of report >

and the Extra,

OTL Extras logfile created on: 3/06/2011 4:33:04 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Liam\Documents
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.78% Memory free
4.23 Gb Paging File | 3.09 Gb Available in Paging File | 72.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 16.08 Gb Free Space | 13.81% Space Free | Partition Type: NTFS
Drive D: | 104.73 Gb Total Space | 85.18 Gb Free Space | 81.34% Space Free | Partition Type: NTFS
Drive I: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 930.86 Gb Total Space | 572.90 Gb Free Space | 61.54% Space Free | Partition Type: NTFS

Computer Name: LIAM-PC | User Name: Liam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{132A3949-0FC1-4B27-A758-C1F87958E6A6}" = lport=49185 | protocol=6 | dir=in | name=akamai netsession interface |
"{14A8193A-15E2-44AC-B64B-19B600486849}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{63CD866D-5B9F-4B3E-92EB-3D4C7C2EA2A5}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{69F0E68B-66B1-493C-B80B-AD9FDF472CA7}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{93ACDB43-EE15-46F6-BB61-83360F69E941}" = lport=49612 | protocol=6 | dir=in | name=akamai netsession interface |
"{ABF91C54-B926-4D38-95C4-B4FD7D642634}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E74C2E42-AA7C-4169-BD84-D2CFEE183F8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F0276580-6CDA-4EE1-846F-6E4B186B5F04}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E70EF1-2B15-466F-B2A1-FE91220F5A52}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{080B5B40-8861-4065-961C-A99641BDC19D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{092C5E8B-F31E-49D3-9C61-6741470BED5B}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
"{09B12AC3-B093-4B04-A8BC-891F91F7B9FD}" = protocol=6 | dir=in | app=c:\nexon\combat arms\combatarms.exe |
"{0FABE5CA-BD73-4559-A1B6-EE82880ED43D}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{1C9CAC86-6C5A-4209-960D-472F3B0303B1}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1D97BE90-C214-4B4A-97BE-33CCF0149D45}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2118EFC2-2579-4833-AA9A-F81FB0F1560C}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{2311AC31-524E-434A-ACE0-22C5DAB36E81}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{27BC2017-1AAF-49CB-9BD1-6106686B94F4}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{2E3D2BF7-9DCC-463E-BDD5-C6EA1E31FD7E}" = dir=in | app=c:\program files\common files\microsoft shared\xna\xnatrans\v3.0\xnatransx.exe |
"{2F30994B-ADB9-4B97-9380-1CFAE1E5605A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3B028F37-D8EC-472B-A35C-4F6F2CB69DE2}" = protocol=17 | dir=in | app=c:\program files\cracked steam\steam.exe |
"{3B4A30D8-F1F1-4020-B6F0-8091224D25B5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{422EBC5D-B06B-407C-B24E-831278132594}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{4D17D53D-20C9-40ED-92E3-3627EE9CEC88}" = protocol=6 | dir=in | app=c:\program files\cracked steam\steam.exe |
"{4F066E71-903A-469F-BC17-04B0EF8F22EB}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{50659084-20F5-487F-B724-9696EC5FFFE3}" = protocol=6 | dir=in | app=c:\users\liam\appdata\local\temp\~os39d0.tmp\rlvknlg.exe |
"{535CB1FE-1C4D-40E7-BA0D-8F234FF9E535}" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"{54332BAA-B017-42F7-926C-8108507AF87B}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{54F2AB38-109D-496A-9406-A5516F6A54BB}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{5E18FAD0-29D7-4C3E-8C8E-A28ED6123FE6}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{5E8665B2-91FE-4912-83C6-796E4CD7AEA4}" = protocol=6 | dir=in | app=c:\users\liam\appdata\local\temp\~osb5a9.tmp\rlvknlg.exe |
"{65545FF7-8898-48BE-A78D-97980B63A331}" = dir=in | app=c:\program files\microsoft xna\xna game studio\v4.0\bin\xnaliveproxy.exe |
"{7BA4D0E4-0C2B-4A94-9BB2-CF428FC9FA24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8168CDF0-F6D3-4182-8659-CB0C3F41A88E}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{82EBAECD-3183-4D72-95A3-F5C8521B7A6D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{92577F1D-83CE-4320-A743-391E79FBD71B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{93F5D84B-3CDE-46E1-86C1-4D07661311D5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{94732CA9-22FE-47E2-AF63-86E479DFC58D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9F632EC6-7ECA-4319-B500-BBBD0253C9BE}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A1FAA0BC-ABB3-493D-97F9-886A7894AC62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A4AD047D-EFD7-4231-86A9-75BEF882F6EF}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{AE25DEB5-283D-45D7-A1FB-06E5D4030C6A}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{B8C249C3-A7E5-4784-8D3F-9A0321237FC5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B9469EE3-B931-4058-A7FE-EC50512EC03B}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{CC2D3F1B-691E-4273-AB5F-7F4012EC2D49}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D0483B01-4823-4677-A257-72594A966521}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{D087A2BD-36A6-4BB4-8764-6D266DAB079A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D128F010-2418-4808-AD35-ED15181EDA45}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
"{D8A0D670-76EC-48C8-ABFF-678FC02DBCDA}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{DDD6BFF2-853D-4FDE-96E0-48370AEC3F43}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E0EDC131-F4D0-433B-8353-0BC7AB593EF9}" = protocol=17 | dir=in | app=c:\nexon\combat arms\combatarms.exe |
"{E92531BF-50A2-41AB-AE33-C87CFA854C6C}" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"{E9F39D04-5572-4043-ADC1-7A227FF4D64F}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{EC712AAB-112C-4B57-B574-CCFB05351D3F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EEE8712B-E714-4716-AAB6-5092EE448385}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{FBD7A14A-A9EA-4B2F-BFDC-334326312F11}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{FCC1CB33-E6B2-43E3-AD48-4D1F64D06429}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FCD99FE1-B993-4793-9DAB-4006D682201E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0EDB29CF-5FFC-4824-9F13-3D1C4286CA98}_is1" = Audio Transcoder
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai
"{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French
"{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch
"{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech
"{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager
"{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian
"{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai
"{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0C04-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0C04-0000-0000000FF1CE}_PROHYBRIDR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C04-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0C04-0000-0000000FF1CE}_PROHYBRIDR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C04-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0C04-0000-0000000FF1CE}_PROHYBRIDR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0C04-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0C04-0000-0000000FF1CE}_PROHYBRIDR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0C04-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0C04-0000-0000000FF1CE}_PROHYBRIDR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C04-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0C04-0000-0000000FF1CE}_PROHYBRIDR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_PROHYBRIDR_{33FA7680-10ED-444E-BC72-214064317283}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_PROHYBRIDR_{5E6C6E79-40BE-491B-9ABF-C665667E1B07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0C04-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}_PROHYBRIDR_{3F96DD0A-F509-4CBD-8130-B3B3194A9C3D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C04-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0C04-0000-0000000FF1CE}_PROHYBRIDR_{364CCAC1-F404-461B-8025-8586FC7CA772}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4
"{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish
"{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish
"{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese
"{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB000D9F-3BBA-4361-A550-7DCCED1409AC}" = MapleStory
"{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista
"{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish
"{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard
"{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light
"{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"6F64DF2E-3B8E-41DB-89E4-75BD3F370CDE_is1" = Cracked Steam
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Atlantica" = Atlantica
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"CamStudio" = CamStudio
"Combat Arms" = Combat Arms
"conduitEngine" = Conduit Engine
"Cross Fire_is1" = Cross Fire En
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Halo Combat Evolved" = Halo Combat Evolved
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"N360" = Norton 360
"Nokia PC Suite" = Nokia PC Suite
"NSS" = Norton Security Scan
"Picasa2" = Picasa 2
"PowerISO" = PowerISO
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinX Free VOB to MP4 Converter_is1" = WinX Free VOB to MP4 Converter 2.0.5
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

thank you heaps for the help.
Koorana
Active Member
 
Posts: 9
Joined: May 31st, 2011, 5:58 am

Re: searchqu set as homepage

Unread postby deltalima » June 3rd, 2011, 6:48 pm

Hi Koorana,

What is the Cracked Steam program?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: searchqu set as homepage

Unread postby Koorana » June 3rd, 2011, 10:33 pm

Cracked steam allows me to download games.
Koorana
Active Member
 
Posts: 9
Joined: May 31st, 2011, 5:58 am

Re: searchqu set as homepage

Unread postby deltalima » June 4th, 2011, 5:57 am

Cracked steam allows me to download games.


Is that used to avoid paying for games that should be paid for?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: searchqu set as homepage

Unread postby Koorana » June 4th, 2011, 11:34 pm

It can be but I haven't used it for that purpose. I have used it to access the forums.
Koorana
Active Member
 
Posts: 9
Joined: May 31st, 2011, 5:58 am

Re: searchqu set as homepage

Unread postby deltalima » June 5th, 2011, 7:27 am

Hi Koorana,

It can be but I haven't used it for that purpose.


Please see here

Please fully uninstall Cracked Steam

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Right click on CKScanner.exe and select: Run as Administrator then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select: Run as Administrator.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: searchqu set as homepage

Unread postby Koorana » June 6th, 2011, 4:03 am

Hi,
I uninstalled Steam as you said.

CKScanner - Additional Security Risks - These are not necessarily bad
c:\windows\prefetch\cracked steam.tmp-904024f7.pf
c:\windows\prefetch\cracked steam.tmp-b0e47497.pf
c:\windows\prefetch\cracked steam.tmp-cf7d298a.pf
c:\windows\prefetch\cracked steam.tmp-d0e20091.pf
c:\windows\prefetch\cracked steam.tmp-d68f1397.pf
c:\windows\prefetch\cracked steam.tmp-ddb06718.pf
scanner sequence 3.FA.11
----- EOF -----

i uninstalled it but that CKS scanner said i still have it.
for some reason when i try to copy the second scan it says "failed to create output files".
Koorana
Active Member
 
Posts: 9
Joined: May 31st, 2011, 5:58 am

Re: searchqu set as homepage

Unread postby deltalima » June 6th, 2011, 4:37 am

Hi Koorana,

Please post the complete log from CKScanner, please do not edit the log.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: searchqu set as homepage

Unread postby Koorana » June 6th, 2011, 5:17 am

CKScanner - Additional Security Risks - These are not necessarily bad
c:\windows\prefetch\cracked steam.tmp-904024f7.pf
c:\windows\prefetch\cracked steam.tmp-b0e47497.pf
c:\windows\prefetch\cracked steam.tmp-cf7d298a.pf
c:\windows\prefetch\cracked steam.tmp-d0e20091.pf
c:\windows\prefetch\cracked steam.tmp-d68f1397.pf
c:\windows\prefetch\cracked steam.tmp-ddb06718.pf
scanner sequence 3.FN.11
----- EOF -----

*EDIT*

i found out how to get the second scan.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-4JJQP-TP64Y-RPFFV
Windows Product Key Hash: W7I5PeTN2iJuvTTU9QmIXc6iQqY=
Windows Product ID: 89578-OEM-7332157-00043
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {AB6B1E62-A5BE-47BB-B68F-1DC3F05E2C71}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.101014-0432
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
2007 Microsoft Office system - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_B4D0AA8B-920-80070057

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{AB6B1E62-A5BE-47BB-B68F-1DC3F05E2C71}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RPFFV</PKey><PID>89578-OEM-7332157-00043</PID><PIDType>2</PIDType><SID>S-1-5-21-3756973964-1497226898-4133958051</SID><SYSTEM><Manufacturer>ASUSTeK Computer Inc. </Manufacturer><Model>F5SR </Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>208 </Version><SMBIOSVersion major="2" minor="4"/><Date>20090316000000.000000+000</Date></BIOS><HWID>C2303507018400FA</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>8710F0A71BE8F34</Val><Hash>iB+bA7FVXzaEiDDGPXjYIJda4Qk=</Hash><Pid>81602-922-9371186-68520</Pid><PidType>1</PidType></Product><Product GUID="{91120000-0031-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>2007 Microsoft Office system</Name><Ver>12</Ver><PidType>19</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500043-02-1033-6001.0000-3592009
Installation ID: 092652151272055322887474146825928471594685595194631021
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: RPFFV
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: OAAAAAIABAABAAEAAQABAAAAAwABAAEAJJT6aMTdrwz0ktywvsEAonJZGsby9G6IlomwTVTUKoU=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 031609 APIC1430
FACP 031609 FACP1430
BOOT 031609 BOOT1430
MCFG 031609 OEMMCFG
WDRT 031609 OEMWDRT
SLIC _ASUS_ Notebook
OEMB 031609 OEMB1430


i found out how to paste it.
Koorana
Active Member
 
Posts: 9
Joined: May 31st, 2011, 5:58 am

Re: searchqu set as homepage

Unread postby deltalima » June 6th, 2011, 6:15 am

Hi Koorana,

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs,
    highlight Windows iLivid Toolbar
    highlight Conduit Engine
    click Remove
  • Close the Add or Remove Programs and the Control Panel windows.

Please download SystemLook from one of the links below and save it to your Desktop.

Download links for 32 bit Windows:
Download Mirror #1
Download Mirror #2


  • Right click SystemLook.exe and select: Run as Administrator.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: searchqu set as homepage

Unread postby Koorana » June 6th, 2011, 5:33 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 07:07 on 07/06/2011 by Liam
Administrator - Elevation successful

No Context: filefind

No Context: *Fun4IM*

No Context: *Bandoo*

No Context: *Searchqu*

No Context: *iLivid*

No Context: *whitesmoke*

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\Users\Liam\AppData\LocalLow\searchquband d------ [06:41 30/05/2011]
C:\Users\Liam\AppData\LocalLow\searchqutoolbar d------ [06:39 30/05/2011]

Searching for "*iLivid*"
C:\Program Files\Windows iLivid Toolbar d------ [06:39 30/05/2011]

Searching for "*whitesmoke*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
@="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32]
@="C:\PROGRA~1\WI371A~1\ToolBar\searchqudtx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
@="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqudatamngr"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqutoolbar"="cmd.exe /c RD /S /Q """
[HKEY_USERS\S-1-5-21-3756973964-1497226898-4133958051-1000\Software\AppDataLow\Software\searchqutoolbar]
[HKEY_USERS\S-1-5-21-3756973964-1497226898-4133958051-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"
[HKEY_USERS\S-1-5-21-3756973964-1497226898-4133958051-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqudatamngr"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar""
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File41"="C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@stats.ilivid[1].txt"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{092C5E8B-F31E-49D3-9C61-6741470BED5B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D128F010-2418-4808-AD35-ED15181EDA45}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{092C5E8B-F31E-49D3-9C61-6741470BED5B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D128F010-2418-4808-AD35-ED15181EDA45}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{092C5E8B-F31E-49D3-9C61-6741470BED5B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D128F010-2418-4808-AD35-ED15181EDA45}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"

Searching for "whitesmoke"
No data found.

-= EOF =-
Koorana
Active Member
 
Posts: 9
Joined: May 31st, 2011, 5:58 am

Re: searchqu set as homepage

Unread postby deltalima » June 6th, 2011, 6:24 pm

Hi Koorana,

Backup Your Registry:
* Download ERUNT to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
* Right-click erunt.zip, choose Extract All... and follow the prompts to unzip the program
* Open the erunt folder on your Desktop and double-click ERUNT.exe to start the program
* OK all the prompts to back up your registry to the default location.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :otl
    IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http:5555
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
    O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
    O4 - HKCU..\Run: [Cracked Steam Service] C:\Program Files\Cracked Steam\Cracked Steam.exe (Anti-Valve Software )
    :reg
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "removeSearchqudatamngr"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "removeSearchqutoolbar"=-
    [-HKEY_USERS\S-1-5-21-3756973964-1497226898-4133958051-1000\Software\AppDataLow\Software\searchqutoolbar]
    [-HKEY_USERS\S-1-5-21-3756973964-1497226898-4133958051-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_USERS\S-1-5-21-3756973964-1497226898-4133958051-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "removeSearchqudatamngr"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{092C5E8B-F31E-49D3-9C61-6741470BED5B}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{D128F010-2418-4808-AD35-ED15181EDA45}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{092C5E8B-F31E-49D3-9C61-6741470BED5B}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{D128F010-2418-4808-AD35-ED15181EDA45}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{092C5E8B-F31E-49D3-9C61-6741470BED5B}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{D128F010-2418-4808-AD35-ED15181EDA45}"=-
    :files
    C:\Users\Liam\AppData\LocalLow\searchquband
    C:\Users\Liam\AppData\LocalLow\searchqutoolbar
    C:\Program Files\Windows iLivid Toolbar 
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware