Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Baidu Problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Baidu Problem

Unread postby erik8mwr » June 12th, 2010, 4:41 am

When I simply type any address like 'a' except proper address in IE, the page is redirected to baidu page. Here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 4:39:16 PM, on 12/6/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Mozilla Firefox\FirefoxPreloader\FirefoxPreloader.exe
C:\Program Files\Window Hide Tool\Window Hide Tool.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\IObit\Game Booster\gbtray.exe
C:\Program Files\Lingoes\Translator2\Lingoes.exe
C:\Program Files\HiJackThis\TrendMicro\HiJackThis\HiJackThis.exe

R3 - URLSearchHook: PIPI Link Helper - {1E315374-71A5-471A-B683-4C4ADB5C588B} - C:\Program Files\StarTV\core\pipi\JfCheck.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PIPI Link Helper - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Program Files\StarTV\core\pipi\JfCheck.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: QvodExtend - {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} - C:\Program Files\Common Files\System\Extend.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Thunder ToolbarBrowserHelper - {D2F8A635-8B0F-47BF-915E-6F456767A300} - C:\Program Files\Thunder Network\MiniThunder\ToolBarNow.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: Window Hide Tool.lnk = C:\Program Files\Window Hide Tool\Window Hide Tool.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Firefox Preloader.lnk = C:\Program Files\Mozilla Firefox\FirefoxPreloader\FirefoxPreloader.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: 使用光影编辑和美化 - C:\Program Files\nEO iMAGING\NeoOpenNeo.htm
O8 - Extra context menu item: 使用迷你迅雷下载 - C:\Program Files\Thunder Network\MiniThunder\geturl.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8882 bytes


Here my uninstall list:

??????à×3
?§?§?2ìy 5.6?yê?°?
1aó°?§ê?ê? 3.1.2.101
3àμà?àD?μ?êó
3D Ebook Cover 1.0
á÷D?í???μ?êó2.71.1
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9.3.2
Adobe Setup
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Audio FX Engine
Advanced SystemCare 3
Advanced Video FX Engine
Animated Wallpaper Maker
AnyBizSoft PDF to PowerPoint (Build 2.0.0)
AnyBizSoft PDF to Word (Build 2.5.4)
Broadcom Management Programs
CCleaner
Chinese Simplified Fonts Support For Adobe Reader 9
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CleanMem
CleanMem
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
Digital Line Detect
Doomi
Doomi
FastStone Image Viewer 4.2
Firefox Preloader
FotoSketcher 1.96
Game Booster
GetDataBack for NTFS
Google Toolbar for Internet Explorer
Google Update Helper
Google μ??ò
GoToAssist 8.0.0.514
HD Tune Pro 3.50
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iToolSoft PPT To Video V3.1.1.2
Java(TM) 6 Update 20
jetAudio Plus VX
K-Lite Codec Pack 6.0.4 (Full)
Laptop Integrated Webcam Driver (1.04.01.1011)
Lingoes 2.6.2
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
LogonStudio
Malwarebytes' Anti-Malware
Media Cope 1.0
MediaDirect
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft AppLocale
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Application Compatibility Database
Microsoft Works
Microsoft WSE 3.0 Runtime
Modem Diagnostic Tool
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyMediaBookmarks
neroxml
NetWaiting
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
ò?à????ú ó2?ì°?
Orbit Downloader
OutlookAddinSetup
PDF OCR 4.0
PDF Settings
Power MP3 Cutter Joiner 1.12
PPSó°ò? V2.6.86.9034 ?yê?°?
Pro Evolution Soccer 2010
QuickSet
RaySource 2.1.10.8366
RealPlayer
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
ShadowExplorer 0.4
SigmaTel Audio
Smart Defrag
Songr
Sothink Logo Maker
Spelling Dictionaries Support For Adobe Reader 9
STREET FIGHTER IV
Sublight (1.7.0)
SweetIM for Messenger 2.8
System Requirements Lab
Taskbar Shuffle version 2.5
Total Video Converter 3.12 080330
TVUPlayer 2.4.8.2
UBitMenu UK
Universal Viewer
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981726)
VirtualCloneDrive
Vista Shortcut Manager
VLC media player 1.0.5
WIDCOMM Bluetooth Software 6.0.1.3100
Window Hide Tool 2.0
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Winning Eleven 9
WinRAR archiver
erik8mwr
Regular Member
 
Posts: 22
Joined: June 12th, 2010, 4:25 am
Advertisement
Register to Remove

Re: Baidu Problem

Unread postby MWR 3 day Mod » June 15th, 2010, 5:13 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Baidu Problem

Unread postby deltalima » June 18th, 2010, 6:46 am

Hi erik8mwr,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Baidu Problem

Unread postby erik8mwr » June 18th, 2010, 10:20 am

Here's the MGADiag log:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {4B5C756E-2C0E-4E78-9169-A20BAFDE4783}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.100218-0019
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: Registered, 1.6.28.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{4B5C756E-2C0E-4E78-9169-A20BAFDE4783}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-1087390416-3780635448-2520622250</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 1420 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A09</Version><SMBIOSVersion major="2" minor="4"/><Date>20080711000000.000000+000</Date></BIOS><HWID>9F313507018400F8</HWID><UserLCID>4409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M08 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65074</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500204-02-17417-6001.0000-2192008
Installation ID: 000883308891404610884412753845728406011255960904221263
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: B9HD2
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: QAAAAAIABwABAAEAAgABAAAAAwABAAEAJJSa43oQTjQa0+pNJJagXK5/RoP8kLjF3Oby9N6I5vet7hRurFZGyg==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL M08
FACP DELL M08
HPET DELL M08
BOOT DELL M08
MCFG DELL M08
SLIC DELL M08
SSDT PmRef CpuPm


And Here's the CKScanner log:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\audiosurf\engine\channels\crypt.dll
c:\program files\dassault systemes\3dvia shape\intel_a\resources\graphic\textures\cracked_paint_diffuse.dds
c:\program files\dassault systemes\3dvia shape\intel_a\resources\graphic\textures\cracked_paint_normal.dds
c:\program files\dassault systemes\3dvia shape\intel_a\resources\graphic\textures\cracked_paint_thumbnail.dds
c:\program files\dassault systemes\3dvia shape\intel_a\resources\graphic\textures\cracked_tarmac_diffuse.dds
c:\program files\dassault systemes\3dvia shape\intel_a\resources\graphic\textures\cracked_tarmac_normal.dds
c:\program files\dassault systemes\3dvia shape\intel_a\resources\graphic\textures\cracked_tarmac_thumbnail.dds
c:\program files\garena\plugins\ui\avoidcrackplugin.dll
c:\program files\ttplayer\lyrics\snow patrol - crack the shutters.lrc
c:\users\public\thunder network\thunder_37468a76-dfee-4004-a938-94734cdd66df_\profiles\torrents\hd tune pro v3.50 + crack rezman1984.7z [mininova].torrent
c:\users\public\thunder network\thunder_37468a76-dfee-4004-a938-94734cdd66df_\profiles\torrents\[isohunt] tuneup_utilities_2008_keygen.3984755.tpb.torrent
scanner sequence 3.EF.11
----- EOF -----
erik8mwr
Regular Member
 
Posts: 22
Joined: June 12th, 2010, 4:25 am

Re: Baidu Problem

Unread postby deltalima » June 18th, 2010, 12:51 pm

Hi erik8mwr,

Cracked/Keygen related software detected!!!

While going through your logs I found out that you have downloaded various keygen/cracked software and that you are actively using it.

Our forum policy Here says we will not help people who use cracked or pirated software.
You likely got infected by using cracked software or visiting crack sites.
Hence, i would like you to remove all the crack/keygen applications that are present on your system

NOTE: If you give me advice that the software/Keygens have been removed & I find it has not (the tools we use can & will detect it) then I will have no choice but to have this thread closed.
Please decide what you are going to do & let me know.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Baidu Problem

Unread postby erik8mwr » June 20th, 2010, 1:12 pm

Here's the latest MGDiag log:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {4B5C756E-2C0E-4E78-9169-A20BAFDE4783}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.100218-0019
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 1.6.28.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{4B5C756E-2C0E-4E78-9169-A20BAFDE4783}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-1087390416-3780635448-2520622250</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 1420 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A09</Version><SMBIOSVersion major="2" minor="4"/><Date>20080711000000.000000+000</Date></BIOS><HWID>9F313507018400F8</HWID><UserLCID>4409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M08 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500204-02-17417-6001.0000-2192008
Installation ID: 008654441845252401887751410995479466255452368575865704
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: B9HD2
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: QgAAAAIABwABAAEAAgABAAAABAABAAEAJJSa43oQTjQa0+pNJJagXK5/RoP8kLjF3Oby9N6I5vet7u7/FG6sVkbK

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL M08
FACP DELL M08
HPET DELL M08
BOOT DELL M08
MCFG DELL M08
SLIC DELL M08
SSDT PmRef CpuPm


And here's the latest CKScanner log:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----
erik8mwr
Regular Member
 
Posts: 22
Joined: June 12th, 2010, 4:25 am

Re: Baidu Problem

Unread postby deltalima » June 20th, 2010, 1:30 pm

Hi erik8mwr,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Baidu Problem

Unread postby erik8mwr » June 21st, 2010, 4:15 am

Here's the GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-21 16:08:39
Windows 6.0.6001 Service Pack 1
Running: hpit2mlr.exe; Driver: C:\Users\user\AppData\Local\Temp\pxldapob.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\fastfat \Fat 8C2F3A7A
Device \FileSystem\fastfat \Fat 8C3055F4

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2da874e
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe2da874e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001fe2da874e (not active ControlSet)

---- EOF - GMER 1.0.15 ----


And here's the OTL.txt:

OTL logfile created on: 21/6/2010 2:10:34 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.28 Gb Total Space | 79.25 Gb Free Space | 35.98% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.07 Gb Free Space | 20.68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
PRC - C:\Program Files\Window Hide Tool\Window Hide Tool.exe (FOMINE SOFTWARE)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\Mozilla Firefox\FirefoxPreloader\FirefoxPreloader.exe (6XGate Incorporated)


========== Modules (SafeList) ==========

MOD - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll (SweetIM Technologies Ltd.)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\SweetIM\Messenger\msvcr71.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NMIndexingService) -- File not found
SRV - (AcronisOSSReinstallSvc) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (vvdsvc) -- C:\Program Files\StarTV\core\najia\vjocx.dll (南京纳加软件有限公司)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)


========== Driver Services (SafeList) ==========

DRV - (GarenaPEngine) -- C:\Users\user\AppData\Local\Temp\DSI3303.tmp ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (9158CAP) -- C:\Windows\System32\drivers\9158cap.sys (http://www.9158.com)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.my180.com/Search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.my180.com/Search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local



IE - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ap.dell.com/content/default ... l=en&s=gen
IE - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.baidu.com/index.php?tn=avantcn_dg
IE - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\..\URLSearchHook: {1E315374-71A5-471A-B683-4C4ADB5C588B} - C:\Program Files\StarTV\core\pipi\JfCheck.dll (PIPI Tech.)
IE - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.23
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: sidebarBookmarkSelector@alice:2.1
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:4.1.12s
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: {DAD0F81A-CF67-4eed-98D6-26F6E47274CA}:1.4.2
FF - prefs.js..extensions.enabledItems: {1B33E42F-EF14-4cd3-B6DC-174571C4349C}:3.5
FF - prefs.js..extensions.enabledItems: easelink@ashi.cn:1.0.2.3
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.8.4
FF - prefs.js..extensions.enabledItems: resizeit@sonej:3.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..network.proxy.autoconfig_url: "http://localhost:9000/proxy.pac"
FF - prefs.js..network.proxy.http: "219.93.178.162 "
FF - prefs.js..network.proxy.http_port: 3128

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/16 17:57:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/16 17:57:13 | 000,000,000 | ---D | M]

[2009/06/03 17:41:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2010/06/20 23:56:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions
[2010/06/07 17:38:13 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/24 05:25:47 | 000,000,000 | ---D | M] (Thunder Extension) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
[2010/05/06 16:13:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/18 16:47:42 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/07/01 15:16:40 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}(230)
[2010/05/06 16:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/02/24 12:57:03 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
[2010/01/27 08:42:13 | 000,000,000 | ---D | M] (Tweak Network) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA}
[2010/06/05 05:59:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/27 10:25:53 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010/03/12 18:53:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\easelink@ashi.cn
[2010/04/25 15:32:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\foxyproxy-basic@eric.h.jung-trash
[2010/05/01 01:57:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\resizeit@sonej
[2009/11/10 12:51:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\sidebarBookmarkSelector@alice
[2010/05/22 21:40:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\SkipScreen@SkipScreen
[2009/12/28 17:31:18 | 000,000,938 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\dlpr6r4t.default\searchplugins\facebook.xml
[2009/08/15 20:50:35 | 000,004,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\dlpr6r4t.default\searchplugins\google-images.xml
[2009/08/15 20:49:56 | 000,001,512 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\dlpr6r4t.default\searchplugins\imdb.xml
[2009/06/13 04:25:23 | 000,002,298 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\dlpr6r4t.default\searchplugins\lastfm.xml
[2009/06/03 22:43:26 | 000,004,140 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\dlpr6r4t.default\searchplugins\youtube.xml
[2010/06/20 23:05:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 06:47:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/02/25 10:59:16 | 000,253,952 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\CheckTudouVa.dll
[2010/02/05 14:50:28 | 000,079,664 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) -- C:\Program Files\Mozilla Firefox\components\ThunderComponent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/10 22:42:18 | 000,000,789 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WebThunder Browser Helper) - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - Reg Error: Value error. File not found
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Program Files\StarTV\core\pipi\JfCheck.dll (PIPI Tech.)
O2 - BHO: (QvodExtend) - {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} - C:\Program Files\Common Files\System\Extend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (ToolbarBrowserHelper Class) - {D2F8A635-8B0F-47BF-915E-6F456767A300} - C:\Program Files\Thunder Network\MiniThunder\ToolBarNow.dll (深圳市迅雷网络技术有限公司)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Window Hide Tool.lnk = C:\Program Files\Window Hide Tool\Window Hide Tool.exe (FOMINE SOFTWARE)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: 使用光影编辑和美化 - C:\Program Files\nEO iMAGING\NeoOpenNeo.htm ()
O8 - Extra context menu item: 使用迷你迅雷下载 - C:\Program Files\Thunder Network\MiniThunder\geturl.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/ ... ontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {39B15A4A-8C87-43B7-9859-E98F429DDEBB} - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {AF2C392C-AC67-43E3-9B71-FAAF85C36892} - Reg Error: Value error. File not found
O30 - LSA: Authentication Packages - (C:\Windows\system32\geBqNdbC) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1920e0bf-5f8c-11dd-aac1-001ec9089b10}\Shell\AutoRun\command - "" = MadFona.exe
O33 - MountPoints2\{1920e0bf-5f8c-11dd-aac1-001ec9089b10}\Shell\explore\Command - "" = MadFona.exe
O33 - MountPoints2\{1920e0bf-5f8c-11dd-aac1-001ec9089b10}\Shell\open\Command - "" = MadFona.exe
O33 - MountPoints2\{2e89beaa-0621-11de-bf83-001ec9089b10}\Shell\AutoRun\command - "" = flash.exe D:\
O33 - MountPoints2\{2e89beaa-0621-11de-bf83-001ec9089b10}\Shell\Explore\command - "" = flash.exe D:\
O33 - MountPoints2\{2e89beaa-0621-11de-bf83-001ec9089b10}\Shell\Open\command - "" = flash.exe D:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/21 14:08:54 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2010/06/21 00:49:47 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/06/21 00:45:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Template
[2010/06/21 00:35:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/18 22:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/06/18 14:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI
[2010/06/16 18:11:17 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/06/16 18:11:17 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/06/16 18:11:17 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/06/16 18:11:12 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2010/06/16 18:11:12 | 000,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\Windows\System32\divxa32.acm
[2010/06/16 18:11:12 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\mp3fhg.acm
[2010/06/16 18:11:12 | 000,217,088 | ---- | C] (http://www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010/06/16 18:11:12 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\Windows\System32\huffyuv.dll
[2010/06/16 18:11:11 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2010/06/16 18:11:11 | 000,438,272 | ---- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2010/06/16 18:11:11 | 000,391,680 | ---- | C] (Intel Corporation) -- C:\Windows\System32\I263_32.drv
[2010/06/16 18:11:10 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll
[2010/06/16 18:11:10 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2010/06/16 18:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/06/16 13:39:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\DassaultSystemes
[2010/06/16 13:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes
[2010/06/12 20:04:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Tencent
[2010/06/12 20:03:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PPLive
[2010/06/12 15:39:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PIPI
[2010/06/12 08:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Left 4 Dead 2
[2010/06/11 13:56:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\vlc
[2010/06/11 13:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/06/10 16:25:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/06/10 10:39:31 | 000,000,000 | -H-D | C] -- C:\VJVod_Cache
[2010/06/09 22:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/06/09 19:39:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Media Player Classic
[2010/06/09 13:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2010/06/07 19:44:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2010/06/07 19:44:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/07 19:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/07 19:44:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/07 19:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/07 17:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/06/06 18:03:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\Death_Aboard_II_V1
[2010/06/04 22:18:58 | 000,498,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdoclc.dll
[2010/06/04 22:18:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\tools
[2010/06/04 22:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\StarTV
[2010/06/04 22:18:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\core
[2010/06/04 22:18:19 | 000,066,896 | ---- | C] (ft) -- C:\Windows\System32\FT_ET99_API.dll
[2010/06/03 09:19:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\FastStone
[2010/06/03 09:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\FastStone Image Viewer
[2010/06/03 08:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\FotoSketcher
[2010/06/01 22:46:15 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010/06/01 20:32:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\YCanPDF
[2010/06/01 20:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\PDF OCR
[2010/05/31 20:42:08 | 000,032,768 | ---- | C] (Shine) -- C:\Windows\System32\mydownload.ocx
[2010/05/31 20:42:06 | 000,577,536 | ---- | C] (DivXNetworks, Inc.) -- C:\Windows\System32\divxdec.ax
[2010/05/31 20:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\iToolSoft Software
[2010/05/31 06:29:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/29 18:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\Null DC 1.6
[2010/05/29 06:03:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PPStream
[2010/05/29 06:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\PPS.tv
[2010/05/28 19:55:39 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\AnyBizSoft PDF to PowerPoint
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/21 14:10:09 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{81A76683-2D7E-4FFC-996D-F04B3F4A2DC7}.job
[2010/06/21 14:09:58 | 008,388,608 | -HS- | M] () -- C:\Users\user\ntuser.dat
[2010/06/21 14:09:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2010/06/21 14:08:17 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/21 14:08:17 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/21 14:08:17 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/21 14:03:58 | 000,181,067 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/06/21 14:03:58 | 000,181,067 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/06/21 14:03:48 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/21 14:03:38 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/21 14:03:37 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/21 14:03:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/21 14:03:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/21 14:03:27 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/21 06:11:13 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{e9b5cc02-078e-11df-bcf0-001ec9015298}.TMContainer00000000000000000001.regtrans-ms
[2010/06/21 06:11:13 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{e9b5cc02-078e-11df-bcf0-001ec9015298}.TM.blf
[2010/06/21 06:10:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/06/21 06:10:44 | 006,291,456 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db
[2010/06/21 06:10:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/06/21 05:37:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/21 05:09:16 | 000,090,624 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/21 00:45:20 | 000,000,000 | ---- | M] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2010/06/21 00:44:11 | 001,730,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/21 00:42:31 | 000,104,712 | ---- | M] () -- C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/21 00:35:30 | 000,001,075 | ---- | M] () -- C:\Windows\win.ini
[2010/06/20 17:39:29 | 000,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010/06/18 14:45:07 | 000,001,289 | ---- | M] () -- C:\Windows\psnetwork.ini
[2010/06/18 14:45:06 | 000,000,373 | ---- | M] () -- C:\Windows\powerplayer.ini
[2010/06/18 14:38:16 | 1073,741,824 | ---- | M] () -- C:\ppsds.pgf
[2010/06/13 21:07:37 | 000,000,013 | ---- | M] () -- C:\Windows\msgtn.ini
[2010/06/12 20:04:35 | 000,000,087 | ---- | M] () -- C:\Windows\user.ini
[2010/06/10 22:42:18 | 000,000,789 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/09 22:29:06 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010/06/09 14:18:06 | 000,000,221 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/07 17:17:55 | 008,388,608 | -HS- | M] () -- C:\Users\user\ntuser.dat_previous
[2010/06/05 16:38:18 | 000,000,863 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2010/06/04 14:54:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/06/04 03:52:41 | 000,000,019 | ---- | M] () -- C:\Windows\powerlist.ini
[2010/06/03 15:53:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/06/03 15:53:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/06/02 16:00:00 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/06/02 16:00:00 | 000,108,032 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2010/06/02 16:00:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/06/02 16:00:00 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/06/02 16:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010/06/01 22:46:15 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010/05/31 21:05:54 | 000,000,125 | ---- | M] () -- C:\Windows\iToolSoft PPT To Video.ini
[2010/05/31 21:05:54 | 000,000,116 | ---- | M] () -- C:\Windows\pro iToolSoft PPT To Video.ini
[2010/05/31 20:43:11 | 000,000,001 | ---- | M] () -- C:\Windows\System32\iToolSoft PPT To Video.dat
[2010/05/30 13:48:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/05/29 06:05:45 | 000,000,043 | ---- | M] () -- C:\Windows\PPSMediaList.ini
[2010/05/27 19:31:22 | 000,003,892 | ---- | M] () -- C:\Windows\System32\prfcg0804
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/21 05:10:49 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010/06/21 00:45:20 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2010/06/16 18:11:14 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/06/16 18:11:12 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2010/06/16 18:11:11 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/16 18:11:11 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/06/16 18:11:10 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/06/16 18:11:10 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010/06/12 20:04:35 | 000,000,087 | ---- | C] () -- C:\Windows\user.ini
[2010/06/10 22:43:16 | 2145,431,552 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/09 13:39:05 | 000,000,221 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/05 16:38:18 | 000,000,863 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2010/06/05 05:48:17 | 1073,741,824 | ---- | C] () -- C:\ppsds.pgf
[2010/06/04 22:18:19 | 000,045,056 | ---- | C] () -- C:\Windows\System32\et99_full.dll
[2010/06/04 12:55:04 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010/06/04 03:52:41 | 000,000,019 | ---- | C] () -- C:\Windows\powerlist.ini
[2010/06/04 03:52:41 | 000,000,013 | ---- | C] () -- C:\Windows\msgtn.ini
[2010/06/04 01:05:49 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ET99_MOD.dll
[2010/06/04 01:05:49 | 000,000,135 | ---- | C] () -- C:\Windows\System32\b.bat
[2010/06/03 21:08:35 | 000,001,289 | ---- | C] () -- C:\Windows\psnetwork.ini
[2010/06/03 12:53:18 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010/06/03 12:53:17 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010/05/31 20:43:10 | 000,000,125 | ---- | C] () -- C:\Windows\iToolSoft PPT To Video.ini
[2010/05/31 20:43:10 | 000,000,116 | ---- | C] () -- C:\Windows\pro iToolSoft PPT To Video.ini
[2010/05/31 20:42:38 | 000,000,001 | ---- | C] () -- C:\Windows\System32\iToolSoft PPT To Video.dat
[2010/05/31 20:42:08 | 000,002,407 | ---- | C] () -- C:\Windows\System32\MSINET.DEP
[2010/05/31 00:39:02 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010/05/30 09:48:28 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010/05/29 06:05:54 | 000,000,373 | ---- | C] () -- C:\Windows\powerplayer.ini
[2010/05/29 06:05:45 | 000,000,043 | ---- | C] () -- C:\Windows\PPSMediaList.ini
[2010/05/27 19:31:22 | 000,003,892 | ---- | C] () -- C:\Windows\System32\prfcg0804
[2010/05/22 22:25:49 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/22 22:25:47 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/18 01:51:29 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/02/15 00:23:05 | 000,114,688 | ---- | C] () -- C:\Windows\9158ADSP.DLL
[2010/02/15 00:23:04 | 000,118,784 | ---- | C] () -- C:\Windows\9158DSP.DLL
[2009/11/01 15:31:01 | 000,000,055 | ---- | C] () -- C:\Windows\WinWSD.INI
[2009/10/15 00:01:23 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/10/07 21:32:22 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/10/04 01:36:01 | 006,021,120 | ---- | C] () -- C:\Windows\System32\common_res.dll
[2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/05/16 21:57:07 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/04/16 21:22:58 | 000,000,675 | ---- | C] () -- C:\Windows\langorig.ini
[2009/04/16 21:21:49 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2009/03/24 17:40:03 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/03/12 15:27:42 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/03/12 15:27:42 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2009/03/12 15:27:42 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/03/12 15:27:42 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/03/12 15:27:42 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/03/12 15:27:42 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/03/12 15:27:42 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/03/12 15:27:42 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/03/12 15:27:42 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2009/03/12 15:27:42 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/03/12 15:27:42 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/03/12 15:27:42 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/03/12 15:27:42 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2009/03/12 15:27:42 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/03/12 15:27:42 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/03/12 15:27:42 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/03/12 15:27:42 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/01/04 03:45:59 | 000,000,028 | ---- | C] () -- C:\Windows\funshionplugin2.INI
[2008/12/31 17:04:42 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2008/12/31 03:32:04 | 000,000,089 | ---- | C] () -- C:\Windows\TeenSpirit.INI
[2008/12/18 19:11:41 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/11/02 17:10:32 | 000,000,241 | ---- | C] () -- C:\Windows\kaillera.ini
[2008/10/26 23:17:18 | 000,307,926 | -HS- | C] () -- C:\Windows\System32\CbdNqBeg.ini2
[2008/10/26 23:17:18 | 000,307,926 | -HS- | C] () -- C:\Windows\System32\CbdNqBeg.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/20 01:22:17 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2008/08/06 14:31:05 | 001,299,730 | -HS- | C] () -- C:\Windows\System32\thfwpdxe.ini
[2008/08/06 13:53:07 | 001,299,730 | -HS- | C] () -- C:\Windows\System32\xdeawwip.ini
[2008/08/05 00:37:48 | 000,000,242 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/04 21:42:35 | 001,301,858 | -HS- | C] () -- C:\Windows\System32\dgntrbje.ini
[2008/08/04 20:25:00 | 000,000,135 | ---- | C] () -- C:\Windows\Mp3CutterJoiner.ini
[2008/07/30 09:05:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/07/29 17:30:24 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/12/30 18:48:38 | 000,000,579 | ---- | C] () -- C:\Windows\powermp3cutterjoiner.ini
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/01/12 11:08:50 | 000,032,768 | ---- | C] () -- C:\Windows\System32\SafeIE.dll
[2003/08/07 14:01:52 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
< End of report >


Finally, here's the Extras log:

OTL Extras logfile created on: 21/6/2010 2:10:34 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.28 Gb Total Space | 79.25 Gb Free Space | 35.98% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.07 Gb Free Space | 20.68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1087390416-3780635448-2520622250-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Playback] -- "C:\Program Files\TTPlayer\TTPlayer.exe" "%1" (Alen Soft)
Directory [PlayList] -- "C:\Program Files\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Universal Viewer] -- "C:\Program Files\Universal Viewer\Viewer.exe" "@@%1" (UVViewSoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1087390416-3780635448-2520622250-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{787508FE-1085-4D36-A41C-B771E89CA0DB}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{CE296F31-57AD-421A-9E16-C4AD5937F107}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{10479E5C-2EC2-4A70-A816-4B0FF3D90FCD}_is1" = 3D Ebook Cover 1.0
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A6F734D-84CD-4472-877A-A070D76FAE74}_is1" = AnyBizSoft PDF to PowerPoint (Build 2.0.0)
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D122AF9-1E02-4035-8003-334D378C1B62}_is1" = PDF OCR 4.0
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40DA1E98-DA56-46D6-85F8-74EB227D2030}_is1" = 赤道卫星电视
"{44A69352-33DD-405E-ADB8-2D768643BBAE}_is1" = AnyBizSoft PDF to Word (Build 2.5.4)
"{47609E69-4C5E-48B1-A889-24C6B82B5C04}" = Vista Shortcut Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{645DEE8D-9C73-A3EE-A82F-1CF81C81F89C}" = Doomi
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C8748FFB-1713-4e95-B3DF-4F1622D96F93}_is1" = UBitMenu UK
"{C8F4904F-51F4-4312-BE64-FF1D23606E86}_is1" = Sothink Logo Maker
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCDE4A69-0A46-4CF2-93FA-096B60E31059}_is1" = Sublight (1.7.0)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Plus VX
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1" = FotoSketcher 1.96
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google 地球
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Advanced Video FX Engine" = Advanced Video FX Engine
"Animated Wallpaper Maker" = Animated Wallpaper Maker
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CleanMem" = CleanMem
"CleanMem1.3.0" = CleanMem
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Doomi.809F847005C7832B69625A614BB25CA209244440.1" = Doomi
"FastStone Image Viewer" = FastStone Image Viewer 4.2
"Firefox Preloader_is1" = Firefox Preloader
"Game Booster_is1" = Game Booster
"Garena" = Garena
"GoToAssist" = GoToAssist 8.0.0.514
"HD Tune Pro_is1" = HD Tune Pro 3.50
"iToolSoft PPT To Video_is1" = iToolSoft PPT To Video V3.1.1.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.0.4
"Lingoes Translator_is1" = Lingoes 2.6.2
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Cope_is1" = Media Cope 1.0
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MiniThunder3" = 迷你迅雷3
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MyMediaBookmarks_is1" = MyMediaBookmarks
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"Power MP3 Cutter Joiner_is1" = Power MP3 Cutter Joiner 1.12
"PPStream" = PPS影音 V2.6.86.9034 正式版
"RaySource" = RaySource 2.1.10.8366
"ShadowExplorer_is1" = ShadowExplorer 0.4
"Smart Defrag_is1" = Smart Defrag
"Songr" = Songr
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"Total Video Converter 3.12_is1" = Total Video Converter 3.12 080330
"TTPlayer" = 千千静听 5.6正式版
"TVUPlayer" = TVUPlayer 2.4.8.2
"Universal Viewer" = Universal Viewer
"Unlocker" = Unlocker 1.8.7
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"Window Hide Tool_is1" = Window Hide Tool 2.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winning Eleven 9_is1" = Winning Eleven 9
"WinRAR archiver" = WinRAR archiver
"光影魔术手_is1" = 光影魔术手 3.1.2.101
"流星网络电视_is1" = 流星网络电视2.71.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1087390416-3780635448-2520622250-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/7/2009 1:05:24 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/7/2009 10:07:38 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/7/2009 11:15:01 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/7/2009 4:05:38 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/7/2009 4:42:55 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/7/2009 9:28:45 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/7/2009 3:50:26 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/7/2009 2:30:46 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/7/2009 1:29:55 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/7/2009 8:10:07 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application nfs.exe, version 1.0.0.1, time stamp 0x4903d933,
faulting module nfs.exe, version 1.0.0.1, time stamp 0x4903d933, exception code
0xc0000005, fault offset 0x00357dd9, process id 0xeb0, application start time 0x01c9fef821c82880.

[ Broadcom Wireless LAN Events ]
Error - 24/2/2010 12:40:20 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 12:40:20, Wed, Feb 24, 10 Error - Unable to set country code, setting
code "ZZ" for an unknown region

Error - 24/2/2010 3:39:02 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 15:39:02, Wed, Feb 24, 10 Error - Unable to set country code, setting
code "ZZ" for an unknown region

Error - 24/2/2010 11:57:03 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 23:57:03, Wed, Feb 24, 10 Error - Unable to set country code, setting
code "ZZ" for an unknown region

Error - 25/2/2010 2:46:16 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 14:46:16, Thu, Feb 25, 10 Error - Unable to set country code, setting
code "ZZ" for an unknown region

Error - 26/2/2010 2:33:02 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 14:33:02, Fri, Feb 26, 10 Error - Unable to set country code, setting
code "ZZ" for an unknown region

Error - 28/2/2010 4:35:08 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 16:35:08, Sun, Feb 28, 10 Error - Unable to gain access to user store


Error - 11/5/2010 8:00:26 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 20:00:25, Tue, May 11, 10 Error - Unable to gain access to user store


Error - 12/5/2010 12:20:01 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 12:20:01, Wed, May 12, 10 Error - Unable to set country code, setting
code "ZZ" for an unknown region

Error - 7/6/2010 3:08:00 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 15:07:59, Mon, Jun 07, 10 Error - Unable to gain access to user store


Error - 20/6/2010 11:54:34 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 23:54:33, Sun, Jun 20, 10 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 19/5/2010 10:03:22 AM | Computer Name = user-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 21/6/2010 2:03:25 AM | Computer Name = user-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 21/6/2010 2:03:31 AM | Computer Name = user-PC | Source = HTTP | ID = 15016
Description =

Error - 21/6/2010 2:05:10 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/6/2010 2:05:10 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/6/2010 2:05:10 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/6/2010 2:05:10 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/6/2010 2:05:10 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/6/2010 2:05:10 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/6/2010 2:05:10 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/6/2010 2:05:10 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

[ TuneUp Events ]
Error - 14/4/2009 9:43:47 AM | Computer Name = user-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 14/4/2009 10:55:08 AM | Computer Name = user-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 14/4/2009 10:55:25 PM | Computer Name = user-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 14/4/2009 10:57:25 PM | Computer Name = user-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 15/4/2009 1:17:27 AM | Computer Name = user-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 16/4/2009 2:51:57 AM | Computer Name = user-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 16/4/2009 10:16:00 AM | Computer Name = user-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 22/5/2009 3:23:06 AM | Computer Name = user-PC | Source = TuneUp Program Statistics | ID = 131840
Description =


< End of report >
erik8mwr
Regular Member
 
Posts: 22
Joined: June 12th, 2010, 4:25 am

Re: Baidu Problem

Unread postby deltalima » June 21st, 2010, 6:12 am

Hi erik8mwr,

Create a batch file
  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    Code: Select all
    @echo off
    schtasks /query /v /fo list >> results.txt 2>>&1
    start notepad results.txt
    Del %0
    
  3. Save the file as xxx.bat on your desktop. Save it with the file type... all types *.*.
  4. Right click the file xxx.bat and select Run as Administrator

results.txt should open in Notepad automatically when the script has complete, post the contents of this file in your next response.

Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present):

O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - (no file)
O2 - BHO: QvodExtend - {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} - C:\Program Files\Common Files\System\Extend.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Thunder ToolbarBrowserHelper - {D2F8A635-8B0F-47BF-915E-6F456767A300} - C:\Program Files\Thunder Network\MiniThunder\ToolBarNow.dll
O8 - Extra context menu item: 使用迷你迅雷下载 - C:\Program Files\Thunder Network\MiniThunder\geturl.htm


Now close all other open windows and then click on Fix Checked. Close HijackThis.

Now reboot the computer and post a new HijackThis log and results.txt, also please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Baidu Problem

Unread postby erik8mwr » June 21st, 2010, 9:52 am

The address I simply type like 'a' on Internet Explorer adress bar doesn't redirected to Baidu page already. The page is redirected to my router page.
erik8mwr
Regular Member
 
Posts: 22
Joined: June 12th, 2010, 4:25 am

Re: Baidu Problem

Unread postby deltalima » June 21st, 2010, 9:57 am

Hi erik8mwr,

Please post results.txt from the last post.

Next

Create a batch file
  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    Code: Select all
    @echo off
    ipconfig /all >> results.txt 2>>&1
    start notepad results.txt
    Del %0
    
  3. Save the file as xxx.bat on your desktop. Save it with the file type... all types *.*.
  4. Right click the file xxx.bat and select Run as Administrator

results.txt should open in Notepad automatically when the script has complete, post the contents of this file in your next response.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Baidu Problem

Unread postby erik8mwr » June 21st, 2010, 12:36 pm

I can't post the result.txt here because text too long so i upload the file.
You do not have the required permissions to view the files attached to this post.
erik8mwr
Regular Member
 
Posts: 22
Joined: June 12th, 2010, 4:25 am

Re: Baidu Problem

Unread postby erik8mwr » June 21st, 2010, 12:41 pm

Another problem is I cannot connect to Internet by using 192.168.1.1. But when I change my current static IP address from 192.168.1.1 to 192.168.1.2 on my router page and then reboot my computer, I can connect to Internet by using 192.168.1.2 with ethernet cable. Is this the cause of malware on IP address?
erik8mwr
Regular Member
 
Posts: 22
Joined: June 12th, 2010, 4:25 am

Re: Baidu Problem

Unread postby deltalima » June 21st, 2010, 1:03 pm

Hi erik8mwr,


Create a batch file
  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    Code: Select all
    @echo off
    ipconfig /all >> network.txt 2>>&1
    set >> network.txt 2>>&1
    start notepad network.txt
    Del %0
    
  3. Save the file as xxx.bat on your desktop. Save it with the file type... all types *.*.
  4. Right click the file xxx.bat and select Run as Administrator

network.txt should open in Notepad automatically when the script has complete, post the contents of this file in your next response.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Baidu Problem

Unread postby erik8mwr » June 21st, 2010, 1:12 pm

Here's the network.txt:


Windows IP Configuration

Host Name . . . . . . . . . . . . : user-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-16-44-F4-99-E8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink (TM) Fast Ethernet
Physical Address. . . . . . . . . : 00-1E-C9-01-52-98
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b058:720:5336:cec0%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, 21 June, 2010 11:14:52 PM
Lease Expires . . . . . . . . . . : Tuesday, 22 June, 2010 1:58:57 AM
Default Gateway . . . . . . . . . : 192.168.1.2
DHCP Server . . . . . . . . . . . : 192.168.1.2
DNS Servers . . . . . . . . . . . : 192.168.1.2
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{14FD0A45-9C45-4471-B795-5ABE95555EC0}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.ums.edu.my
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\user\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-PC
ComSpec=C:\Windows\system32\cmd.exe
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\user
LOCALAPPDATA=C:\Users\user\AppData\Local
LOGONSERVER=\\USER-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Thunder Network\KanKan\Codecs;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files\Microsoft Shared\Windows Live
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\user\AppData\Local\Temp
TMP=C:\Users\user\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
USERDOMAIN=user-PC
USERNAME=user
USERPROFILE=C:\Users\user
windir=C:\Windows
erik8mwr
Regular Member
 
Posts: 22
Joined: June 12th, 2010, 4:25 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 337 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware