[RESOLVED] Conduit - Visual Bee Search - Page 2
Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 51

Thread: [RESOLVED] Conduit - Visual Bee Search

  1. #16
    Join Date
    Sep 2001
    Location
    Toronto, Ontario, Canada
    Posts
    202
    And for Mozilla Firefox (browser), the Conduit Toolbar and Visual Bee search are showing.

    This is in the URL line >>
    http://search.conduit.com/?ctid=CT29...earchSource=13

    For IE, Conduit and Visual Bee search no longer there.

    = = =
    Newbie

  2. #17
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    20,794
    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/...-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/windo...ystem-restore/
    - XP: http://support.microsoft.com/kb/948247

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.



    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.



    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"


    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.



    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

  3. #18
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    20,794
    Still with me?

  4. #19
    Join Date
    Sep 2001
    Location
    Toronto, Ontario, Canada
    Posts
    202
    Hi Broni,
    Sorry for the absence for several days. I was in hospital for a surgery.
    Will continue with the clean-up today.
    Newbie

  5. #20
    Join Date
    Sep 2001
    Location
    Toronto, Ontario, Canada
    Posts
    202
    Hi Broni,

    I have done as you have instructed.
    Encountered a problem with ComboFix doing the first scan, because I used AVG as anti-Virus.
    According to your instructions **Note 2, turning off AVG is not enough, I had to uninstall it.
    So I had to use rKill.exe too.
    Here are the logs.

    rKill.txt
    =====
    Rkill 2.4.7 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 04/11/2013 08:18:50 AM in x86 mode.
    Windows Version: Microsoft Windows XP Service Pack 3

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Firewall Disabled

    [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = dword:00000000

    Checking Windows Service Integrity:

    * AFD (AFD) is not Running.
    Startup Type set to: System

    * DHCP Client (Dhcp) is not Running.
    Startup Type set to: Automatic

    * DNS Client (Dnscache) is not Running.
    Startup Type set to: Automatic

    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Manual

    * Network Connections (Netman) is not Running.
    Startup Type set to: Manual

    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic

    * Automatic Updates (wuauserv) is not Running.
    Startup Type set to: Automatic

    * AFD (AFD) is not Running.
    Startup Type set to: System

    * IPSEC driver (IPSec) is not Running.
    Startup Type set to: System

    * NetBios over Tcpip (NetBT) is not Running.
    Startup Type set to: System

    * TCP/IP Protocol Driver (Tcpip) is not Running.
    Startup Type set to: System

    * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

    Searching for Missing Digital Signatures:

    * C:\WINDOWS\System32\drivers\mqac.sys [NoSig]
    +-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 00:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
    +-> C:\WINDOWS\$NtUninstallKB971032$\mqac.sys : 72,960 : 08/04/2004 00:00 AM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]
    +-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 02:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
    +-> C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mqac.sys : 92,544 : 04/13/2008 02:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
    +-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 02:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost

    Program finished at: 04/11/2013 08:20:32 AM
    Execution time: 0 hours(s), 1 minute(s), and 41 seconds(s)
    =====

    ComboFix log.txt in next message (too many characters)
    ===========
    I tried Chrome: Conduit - Visual Bee search is stil there.
    And for Firefox: Conduit tool bar and Visual Bee search are still there.
    Newbie

  6. #21
    Join Date
    Sep 2001
    Location
    Toronto, Ontario, Canada
    Posts
    202
    Hi Broni,

    Here is the ComboFix log.txt - FIRST PART
    ==================

    ComboFix 13-04-10.02 - ADMIN 04/11/2013 8:32.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3191.2698 [GMT -4:00]
    Running from: c:\documents and settings\ADMIN\Desktop\ComboFixOne.exe
    .
    ADS - WINDOWS: deleted 24 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\ADMIN\Application Data\baidu\hao123
    c:\documents and settings\ADMIN\Application Data\PriceGong
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\1.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\7251.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\a.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\b.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\c.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\d.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\e.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\f.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\g.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\h.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\i.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\j.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\k.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\l.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\m.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\n.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\o.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\p.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\q.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\r.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\s.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\t.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\u.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\v.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\w.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\wlu.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\x.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\y.txt
    c:\documents and settings\ADMIN\Application Data\PriceGong\Data\z.txt
    c:\documents and settings\ADMIN\Application Data\SogouExplorer
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\acc.splenkey
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Bin\bsecfg.dat
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Bin\flash_wk.dll
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Bin\malurl.dat
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Bin\seinstdll.dll
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\CommCfg.xml
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\config.xml
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\configlocal.xml
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\datapack1
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\datapack2
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\datapack3
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Dynamark.db
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension.db
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter.sext
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\config.xml
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\css\balloon.css
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\css\base.css
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\css\index.css
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\css\login-box.css
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\css\reg-box.css
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\default-big.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\default.ico
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\html\back.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\html\balloon.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\html\collect.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\html\manage.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\html\open.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\html\pop.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\images\ball_icon.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\images\button_32.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\images\close_7.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\images\collect-16.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\images\collect.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\images\config.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\images\loginbox-bg-32.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\images\logo-16.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\images\logo-20.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\images\logoutbox-bg-32.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\images\manage.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\images\mycoll-bg-32.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\images\open.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\images\regbox-bg-32.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\images\setbox-bg-32.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\images\sprites-32.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\js\back.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\js\balloon.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\js\jquery-1.8.2.min.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\js\jquery.min.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\js\pop.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\js\util.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\manifest.xml
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\npgamecenterlauncher.dll
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\segamecenter.exe
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\segamewindow.exe
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\v3\images\add.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\v3\images\bg.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\v3\images\bg_line.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\v3\images\close.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\v3\images\close_gray.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\v3\images\hot.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\v3\images\icon_close_min.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\v3\images\icon_manage.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\v3\images\logo.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\v3\images\logo_menu.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\v3\images\play.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\v3\images\reg.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.gamecenter\0.4.2\v3\images\smile.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.privateSurf.sext
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\backgroundpage.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\default-big.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\default.ico
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\manifest.xml
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\privacy_on.ico
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\thumbs.db
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.quicklink.sext
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\backgroundpage.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\default-big.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\default.ico
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\manifest.xml
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\popup.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.secondAccount.sext
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\backgroundpage.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\default-big.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\default.ico
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\manifest.xml
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.share.sext
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\backgroundpage.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\default-big.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\default.ico
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\manifest.xml
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\qzone.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\renren.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\sina.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\sohu.ico
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\tencent.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\thumbs.db
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker.sext
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\background.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\callback.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\default-big.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\default.ico
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\manifest.xml
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\npprintscreen.dll
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\pop.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\ajax-loader.gif
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\bg_rextop.jpg
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\btn_at.gif
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\logo.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\logo__.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\oauth.css
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\background.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\consumer.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\contentscript.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\error_handler.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\jquery-1.6.1.min.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\md5-min.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_form.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_observer.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_observer_renren.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_observer_sina.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_observer_tencent.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_worker.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_worker_renren.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_worker_tencent.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\sha1.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\tranfer_thumdata.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\xml2json.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\signin.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator.sext
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\ translate.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\backgroundpage.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\css\translate.css
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\default-big.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\default.ico
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\google_translate.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\ajax-loader.gif
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_left.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_left_active.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_left_hover.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_mid.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_mid_active.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_mid_hover.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_right.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_right_active.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_right_hover.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\change.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\swap.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\swap_hover.png
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\thumbs.db
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\title_option_google.jpg
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\title_option_youdao.jpg
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\translate_logo.gif
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\before_googleapi.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\before_youdaoapi.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\jquery.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\translate.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\translate.js_
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\youdao_translate.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\manifest.xml
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\translate.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\translator.js
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\youdao_translate.html
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\FavIcon\FavorIcon.db
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Favorite2.dat
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\FormData.dat
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\HistoryUrl.db
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\liteupdater.dll
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\LocalPage\Error404.zip
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\LocalPage\MyFavorStartPage.zip
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\LocalPage\PassportLogin.zip
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\LocalPage\WKInspector.zip
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\LocalStorage.db
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\MCPattern.db
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\MetaSearch\MetaSearch
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\MetaSearch\metasearchupdate1
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\MetaSearch\metasearchupdate2
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\netopt.se
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\playevent.pat
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\rk.dat
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\script.dat
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\se_setup.ini
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\seacc_pattern.txt
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Skin\??.setheme
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Skin\???.setheme
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Skin\???????????.seskin
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Skin\?????Chrome?.seskin
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Skin\?????IE???.seskin
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Skin\bluesky.setheme
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Skin\dolphin.setheme
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Skin\miss.setheme
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Skin\popo.setheme
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Temp\acc.splenkey
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Temp\MyFavorStartPage.zip
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Temp\Patches
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Temp\sogouexplorerup.exe
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\uhistory.db
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\urlblack.dat
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\urlcache.dat
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Webkit\Cache2\data_0
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Webkit\Cache2\data_1
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Webkit\Cache2\data_2
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Webkit\Cache2\data_3
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Webkit\Cache2\f_000001
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Webkit\Cache2\index
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Webkit\Cookies
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Webkit\Patches
    c:\documents and settings\ADMIN\Application Data\SogouExplorer\Webkit\VisitedLinks
    c:\documents and settings\All Users\Application Data\SogouExplorer
    c:\documents and settings\All Users\Application Data\SogouExplorer\Bin\flash_wk.dll
    c:\documents and settings\All Users\Application Data\SogouExplorer\Bin\malurl.dat
    c:\documents and settings\All Users\Application Data\SogouExplorer\datapack1
    c:\documents and settings\All Users\Application Data\SogouExplorer\datapack2
    c:\documents and settings\All Users\Application Data\SogouExplorer\datapack3
    c:\documents and settings\All Users\Application Data\SogouExplorer\LocalPage\MyFavorStartPage.zip
    c:\documents and settings\All Users\Application Data\SogouExplorer\MetaSearch\metasearchupdate1
    c:\documents and settings\All Users\Application Data\SogouExplorer\MetaSearch\metasearchupdate2
    c:\documents and settings\All Users\Application Data\SogouExplorer\script.dat
    c:\documents and settings\All Users\Application Data\SogouExplorer\urlblack.dat
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Start Menu\Programs\Startup\HPMonitor.exe.lnk
    c:\documents and settings\Default User\Application Data\SogouExplorer
    c:\documents and settings\Default User\Application Data\SogouExplorer\Bin\flash_wk.dll
    c:\documents and settings\Default User\Application Data\SogouExplorer\Bin\malurl.dat
    c:\documents and settings\Default User\Application Data\SogouExplorer\datapack1
    c:\documents and settings\Default User\Application Data\SogouExplorer\datapack2
    c:\documents and settings\Default User\Application Data\SogouExplorer\datapack3
    c:\documents and settings\Default User\Application Data\SogouExplorer\LocalPage\MyFavorStartPage.zip
    c:\documents and settings\Default User\Application Data\SogouExplorer\MetaSearch\metasearchupdate1
    c:\documents and settings\Default User\Application Data\SogouExplorer\MetaSearch\metasearchupdate2
    c:\documents and settings\Default User\Application Data\SogouExplorer\script.dat
    c:\documents and settings\Default User\Application Data\SogouExplorer\urlblack.dat
    c:\documents and settings\LocalService\Application Data\SogouExplorer
    c:\documents and settings\LocalService\Application Data\SogouExplorer\Bin\flash_wk.dll
    c:\documents and settings\LocalService\Application Data\SogouExplorer\Bin\malurl.dat
    c:\documents and settings\LocalService\Application Data\SogouExplorer\datapack1
    c:\documents and settings\LocalService\Application Data\SogouExplorer\datapack2
    c:\documents and settings\LocalService\Application Data\SogouExplorer\datapack3
    c:\documents and settings\LocalService\Application Data\SogouExplorer\LocalPage\MyFavorStartPage.zip
    c:\documents and settings\LocalService\Application Data\SogouExplorer\MetaSearch\metasearchupdate1
    c:\documents and settings\LocalService\Application Data\SogouExplorer\MetaSearch\metasearchupdate2
    c:\documents and settings\LocalService\Application Data\SogouExplorer\script.dat
    c:\documents and settings\LocalService\Application Data\SogouExplorer\urlblack.dat
    c:\documents and settings\NetworkService\Application Data\SogouExplorer
    c:\documents and settings\NetworkService\Application Data\SogouExplorer\Bin\flash_wk.dll
    c:\documents and settings\NetworkService\Application Data\SogouExplorer\Bin\malurl.dat
    c:\documents and settings\NetworkService\Application Data\SogouExplorer\datapack1
    c:\documents and settings\NetworkService\Application Data\SogouExplorer\datapack2
    c:\documents and settings\NetworkService\Application Data\SogouExplorer\datapack3
    c:\documents and settings\NetworkService\Application Data\SogouExplorer\LocalPage\MyFavorStartPage.zip
    c:\documents and settings\NetworkService\Application Data\SogouExplorer\MetaSearch\metasearchupdate1
    c:\documents and settings\NetworkService\Application Data\SogouExplorer\MetaSearch\metasearchupdate2
    c:\documents and settings\NetworkService\Application Data\SogouExplorer\script.dat
    c:\documents and settings\NetworkService\Application Data\SogouExplorer\urlblack.dat
    c:\program files\DealPly
    c:\program files\DealPly\DealPly.crx
    c:\program files\DealPly\DealPly.xpi
    c:\program files\DealPly\DealPlyIE.dll
    c:\program files\DealPly\DealPlyUpdate.exe
    c:\program files\DealPly\DealPlyUpdate.log
    c:\program files\DealPly\DealPlyUpdateRun.exe
    c:\program files\DealPly\icon.ico
    c:\program files\DealPly\uninst.exe
    c:\windows\Downloaded Program Files\52292484
    c:\windows\Downloaded Program Files\52292484\BaiduSetupAx_1.dll
    c:\windows\Downloaded Program Files\61669843
    c:\windows\Downloaded Program Files\61669843\BaiduSetupAx_1.dll
    c:\windows\Downloaded Program Files\61669843\npxbdsetup.dll
    c:\windows\system32\Cache
    c:\windows\system32\Cache\0482b27f04643226.fb
    c:\windows\system32\Cache\26c630d098e22dd5.fb
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\2b28da23cbe8f261.fb
    c:\windows\system32\Cache\2c53092c95605355.fb
    c:\windows\system32\Cache\2dfc58ff740a973d.fb
    c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
    c:\windows\system32\Cache\32c84fe32bb74d60.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\5fcb3b49e9eb2035.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\6d03dad1035885d3.fb
    c:\windows\system32\Cache\95f567698be8a182.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\ad56594a67e2c9b0.fb
    c:\windows\system32\Cache\bdeb483bfe38a3dc.fb
    c:\windows\system32\Cache\c1fa887b03019701.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\d9edf5bb0e382044.fb
    c:\windows\system32\Cache\dae06f0af4f03bb2.fb
    c:\windows\system32\Cache\e0de16f883bea794.fb
    c:\windows\system32\Cache\e32be222943e805e.fb
    c:\windows\system32\Cache\ee3615ff43227f89.fb
    c:\windows\system32\Cache\f998975c9cc711ee.fb
    c:\windows\system32\msssc.dll
    c:\windows\system32\ndisapi.dll
    c:\windows\system32\SET77C.tmp
    c:\windows\system32\SET781.tmp
    c:\windows\system32\SET788.tmp
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    c:\documents and settings\All Users\Start Menu\?????????? .lnk . . . . Failed to delete
    .
    .
    === SECOND PART TO FOLLOW ===
    Newbie

  7. #22
    Join Date
    Sep 2001
    Location
    Toronto, Ontario, Canada
    Posts
    202
    Hi Broni,

    SECOND PART OF ComboFix log.txt
    ======================
    ((((((((((((((((((((((((( Files Created from 2013-03-11 to 2013-04-11 )))))))))))))))))))))))))))))))
    .
    .
    2013-04-10 19:31 . 2013-04-10 19:33 -------- dc-h--w- c:\windows\ie8
    2013-04-10 13:48 . 2013-04-10 13:48 -------- d-----w- C:\New Folder
    2013-04-05 12:52 . 2013-04-05 12:56 -------- d-----w- C:\SOFTWARE-AVG 2013
    2013-04-05 00:06 . 2013-04-05 00:06 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2013-04-04 15:07 . 2013-04-04 15:07 -------- d-----w- C:\SOFTWARE-AVAST Anti-Virus
    2013-04-01 20:52 . 2013-04-01 20:52 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Malwarebytes
    2013-04-01 20:51 . 2013-04-01 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2013-04-01 20:51 . 2013-04-01 20:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-04-01 20:51 . 2012-12-14 20:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-04-01 20:32 . 2013-04-11 11:43 -------- d-----w- C:\SOFTWARE-MalwarebytesAnti-Malware
    2013-03-31 11:42 . 2013-04-01 13:14 -------- d-----w- c:\program files\Optimizer Pro
    2013-03-21 18:28 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
    2013-03-21 18:28 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
    2013-03-20 14:07 . 2013-03-20 14:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
    2013-03-20 14:07 . 2013-03-20 14:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
    2013-03-20 14:07 . 2013-03-20 14:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
    2013-03-20 14:07 . 2013-03-20 14:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
    2013-03-20 14:07 . 2013-03-20 14:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
    2013-03-20 14:07 . 2013-03-20 14:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
    2013-03-20 14:07 . 2013-03-20 14:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
    2013-03-20 14:06 . 2013-03-20 14:07 -------- d-----w- c:\program files\QuickTime
    2013-03-19 17:44 . 2013-03-19 17:44 -------- d-----w- C:\sr
    2013-03-13 22:55 . 2013-03-13 22:55 0 ----a-w- c:\windows\system32\nsc109.tmp
    2013-03-13 22:36 . 2013-03-13 22:36 -------- d-----w- c:\documents and settings\ADMIN\Application Data\SogouInput
    2013-03-13 12:35 . 2013-03-13 12:35 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Search Settings
    2013-03-13 12:35 . 2013-03-13 12:35 -------- d-----w- c:\program files\Application Updater
    2013-03-13 12:35 . 2013-03-13 12:35 -------- d-----w- c:\program files\YTD Toolbar
    2013-03-13 12:35 . 2013-03-13 12:35 -------- d-----w- c:\program files\Common Files\Spigot
    2013-03-12 21:54 . 2013-03-12 21:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland
    2013-03-12 21:54 . 2013-03-12 21:54 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Softland
    2013-03-12 21:54 . 2013-02-13 18:21 24384 ----a-w- c:\windows\system32\dopdfmn7.dll
    2013-03-12 21:54 . 2013-02-13 18:21 21312 ----a-w- c:\windows\system32\dopdfmi7.dll
    2013-03-12 21:54 . 2013-03-12 21:54 -------- d-----w- c:\program files\doPDF 7
    2013-03-12 21:49 . 2013-03-12 21:51 -------- d-----w- C:\SOFTWARE-doPDF
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-13 15:55 . 2012-04-04 21:29 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-03-13 15:55 . 2012-01-07 04:17 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-03-11 07:27 . 2013-03-11 07:27 2972272 ----a-w- c:\windows\system32\SogouPY.ime
    2013-03-08 08:36 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2013-03-07 09:49 . 2013-03-07 09:49 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-03-07 09:49 . 2013-03-07 09:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-03-07 09:49 . 2012-06-18 11:09 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-03-07 09:49 . 2012-02-20 13:37 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-03-07 01:32 . 2004-08-04 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-07 00:50 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-03-02 02:06 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2013-03-02 02:06 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2013-03-02 02:06 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-03-02 01:25 . 2004-08-04 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-03-02 01:08 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
    2013-02-27 07:56 . 2008-07-11 20:28 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2013-02-12 00:32 . 2011-01-19 18:38 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
    2013-02-12 00:32 . 2004-08-04 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-01-26 03:55 . 2004-08-04 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2004-10-01 19:00 . 2008-07-28 18:13 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    2012-04-29 05:05 . 2012-03-23 10:19 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{E71596B0-A83B-453D-82C1-4BE99947C65F}]
    2012-03-23 08:13 107328 ----a-w- c:\documents and settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]
    @="{4562B511-62E9-4533-B7B2-56A8BB10B482}"
    [HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]
    2012-05-30 02:56 247760 ----a-w- c:\program files\Common Files\Thunder Network\Kankan\xappex.1.1.1.38.(333).dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-26 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
    "Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-03-04 209216]
    "QQPCTray"="c:\program files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe" [2012-11-16 964128]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-02-23 1297728]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
    Ime File REG_SZ SOGOUPY.IME
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2006-11-16 23:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-05-24 17:20 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QvodTerminal]
    2012-10-31 09:38 1177520 ----a-w- c:\program files\QvodPlayer\QvodTerminal.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-05-26 00:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
    2008-01-30 09:50 438272 ----a-w- c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouTube to MP3 Converter Updater]
    2012-11-05 13:55 2898792 ----a-w- c:\documents and settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\yt2mp3_updater.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Documents and Settings\\ADMIN\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Tencent\\QQMusic\\QQMusicExternal.exe"=
    "c:\\Program Files\\Tencent\\QQMusic\\QQMusicUpdate.exe"=
    "c:\\Program Files\\Tencent\\QQMusic\\QQMusicIE.exe"=
    "c:\\Program Files\\Tencent\\QQMusic\\QzoneMusic.exe"=
    "c:\\Program Files\\Tencent\\QQMusic\\DataTransform.exe"=
    "c:\\Program Files\\Tencent\\QQMusic\\QQMusic.exe"=
    "c:\\Documents and Settings\\ADMIN\\Application Data\\Tencent\\QQPCMgr\\Download\\QQPCDownload.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QMLoader\\QQPCDetector.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCmgrInstallGuide.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCTray.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCMgr.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCRTP.exe"=
    "c:\\Program Files\\Common Files\\Tencent\\QQDownload\\121\\Tencentdl.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCFileOpen.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\bugreport.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCLeakScan.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPConfig.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCSoftMgr.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCLoader.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCSPlash.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\plugins\\QMNetMon\\QQPCNetFlow.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QDeskSetup.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCClinic.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCBTU.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCLaunch.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QMUpdate\\QQPCMgrUpdate.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCProtect.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCPatch.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCSysOptimize.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQRepair.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCUpdateAVLib.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCUrlLoader.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.2.8081.210\\QQPCSoftGame.exe"=
    "c:\\Program Files\\QvodPlayer\\QvodTerminal.exe"=
    "c:\\Program Files\\QvodPlayer\\QvodPlayer.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QMLoader\\QQPCDetector.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCTray.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCMgr.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCmgrInstallGuide.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCRTP.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\bugreport.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCFileOpen.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCLeakScan.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCLoader.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QDeskSetup.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPConfig.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\plugins\\QMNetMon\\QQPCNetFlow.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCClinic.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCSoftMgr.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCLaunch.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCBTU.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCProtect.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QMUpdate\\QQPCMgrUpdate.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCSoftGame.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCUrlLoader.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQRepair.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\Uninst.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCPatch.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCUpdateAVLib.exe"=
    "c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCSysOptimize.exe"=
    "c:\\Program Files\\Baidu\\BaiduBrowser\\baidusetupax_1.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\SogouInput\\6.5.0.9181\\PinyinUp.exe"=
    "c:\\Program Files\\SogouInput\\6.5.0.9181\\SGDownload.exe"=
    "c:\\Program Files\\SogouInput\\6.5.0.9181\\ImeUtil.exe"=
    "c:\\Program Files\\SogouInput\\6.5.0.9181\\SGTool.exe"=
    "c:\\Program Files\\SogouInput\\Components\\SogouComMgr.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "113:TCP"= 113:TCP:IdentD
    "1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
    "1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
    "1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
    "1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
    "1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
    "1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
    "1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
    "1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
    "1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
    "1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
    "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
    "1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
    "5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
    .
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [12/23/2012 11:13 PM 65848]
    R0 TsFltMgr;TsFltMgr;c:\windows\system32\drivers\TsFltMgr.sys [11/16/2012 7:19 AM 73024]
    R0 TSysCare;TSysCare;c:\windows\system32\drivers\TSysCare.sys [11/8/2012 8:34 AM 24824]
    R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [10/30/2012 4:55 AM 272216]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [12/23/2012 11:13 PM 71480]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [12/23/2012 11:13 PM 166840]
    R1 TSDefenseBt;TSDefenseBt;c:\windows\system32\drivers\TSDefenseBt.sys [11/16/2012 1:35 PM 60448]
    R1 TSKSP;TSKSP;c:\program files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys [11/16/2012 7:18 AM 166112]
    R1 TSSysKit;TSSysKit;c:\program files\Tencent\QQPCMgr\7.3.8099.213\TSSysKit.sys [11/16/2012 7:18 AM 92832]
    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2/23/2013 4:54 PM 805752]
    R2 OkiPar;OkiPar;c:\windows\system32\drivers\OkiPar.sys [12/23/2011 1:47 PM 43656]
    R2 QQPCRTP;QQPCMgr RTP Service;c:\program files\Tencent\QQPCMgr\7.3.8099.213\QQPCRtp.exe -r --> c:\program files\Tencent\QQPCMgr\7.3.8099.213\QQPCRtp.exe -r [?]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [12/23/2012 11:13 PM 976728]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3/19/2013 10:26 PM 3289208]
    R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 5:52 AM 106496]
    R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\drivers\HP8207_8307.sys [12/16/2011 12:36 PM 13952]
    R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [5/28/2012 4:44 PM 21520]
    R3 TcHardWare;TcHardWare;c:\program files\Tencent\QQPCMgr\7.3.8099.213\QQPCHW.sys [11/16/2012 7:19 AM 28280]
    R3 TFsFlt;TFsFlt;c:\windows\system32\drivers\TFsFlt.sys [11/16/2012 1:35 PM 117920]
    S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 1:55 PM 161536]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [7/15/2011 5:53 AM 167264]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/3/2009 10:56 PM 30192]
    S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [1/19/2011 2:02 PM 627072]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    XLServicePlatform REG_MULTI_SZ XLServicePlatform
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-04-09 20:20 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:55]
    .
    2013-04-10 c:\windows\Tasks\BaiduBrowserUpdater.job
    - c:\program files\Baidu\BaiduBrowser\bdupdate.exe [2012-11-20 03:13]
    .
    2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-31 21:14]
    .
    2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-31 21:14]
    .
    2013-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1935655697-839522115-1003Core.job
    - c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-15 10:28]
    .
    2013-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1935655697-839522115-1003UA.job
    - c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-15 10:28]
    .
    2013-04-11 c:\windows\Tasks\SogouImeMgr.job
    - c:\progra~1\SOGOUI~1\SogouExe\SogouExe.exe [2013-03-11 07:27]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\documents and settings\ADMIN\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\documents and settings\ADMIN\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    TCP: DhcpNameServer = 204.197.191.194 38.117.85.2
    DPF: HighSpeedDownloadIE - hxxp://st1.dbank.com/netdisk/plugin/1031/DBankPlugin.CAB
    DPF: {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} - hxxps://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=64163164
    FF - ProfilePath - c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2998365&CUI=UN18541191321461118&UM=2&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Trustworthy Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2998365&CUI=UN18541191321461118&UM=2&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2998365&SearchSource=2&CUI=UN18541191321461118&UM=2&q=
    FF - ExtSQL: 2013-03-31 07:49; {ad32743c-16ef-46ec-977b-dce0c3c85b20}; c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions\{ad32743c-16ef-46ec-977b-dce0c3c85b20}
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: security.csp.enable - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    HKLM-Run-WinampAgent - c:\program files\Winamp\Winampa.exe
    ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - c:\program files\Eudora\EuShlExt.dll
    MSConfigStartUp-DBank_ClickUp - c:\program files\DBank\ClickUp\DBank_ClickUp.exe
    MSConfigStartUp-PPS Accelerator - c:\program files\PPStream\PPSKernel.exe
    MSConfigStartUp-Thunder - c:\program files\Thunder Network\Thunder\Program\Thunder.exe
    MSConfigStartUp-XLDaQuan - c:\program files\Thunder Network\XLDaQuan\Program\XLDaQuan.exe
    HKLM_ActiveSetup-Nitro PDF Professional - //B
    AddRemove-Convert PDF To Image_is1 - c:\program files\Softinterface
    AddRemove-DealPly - c:\program files\DealPly\uninst.exe
    AddRemove-UnityWebPlayer - c:\documents and settings\ADMIN\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe
    AddRemove-?????? - c:\program files\????\XLGameBox\Uninstaller.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-04-11 08:51
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    " QQPCTray"="\"c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCTray.exe\" /regrun"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TFsFlt]
    "ImagePath"=multi:"system32\Drivers\TFsFlt.sys\00"
    --
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSysCare]
    "ImagePath"=multi:"system32\Drivers\TSysCare.sys\00"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TFsFlt]
    "ImagePath"=multi:"system32\Drivers\TFsFlt.sys\00"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSysCare]
    "ImagePath"=multi:"system32\Drivers\TSysCare.sys\00"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1202660629-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\~oN\Q*Q*PN]
    "Order"=hex:08,00,00,00,02,00,00,00,f6,00,00,00,01,00,00,00,02,00,00,00,72,00,
    00,00,00,00,00,00,64,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,52,00,32,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1508)
    c:\windows\system32\WININET.dll
    c:\program files\Common Files\Thunder Network\KanKan\xappex.1.1.1.38.(333).dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Tencent\QQPCMgr\7.3.8099.213\QQPCRtp.exe
    c:\progra~1\SOGOUI~1\650~1.918\SGTool.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Java\jre7\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2013-04-11 08:58:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-04-11 12:58
    .
    Pre-Run: 40,651,448,320 bytes free
    Post-Run: 47,133,265,920 bytes free
    .
    - - End Of File - - 8E41C324D01FD00EF57210C625A45AFB

    =============================================================
    Newbie

  8. #23
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    20,794
    I hope you're doing better

    Combofix log looks good.

    How is computer doing?

    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

  9. #24
    Join Date
    Sep 2001
    Location
    Toronto, Ontario, Canada
    Posts
    202
    Hi Broni,

    I would say, I have found some success now getting of this hated
    Conduit - Visual Bee Search, after running AdwCleaner (and without
    running the Junkware Removal Too and OTL yet).

    Here is the AdwCleaner log:

    ============
    # AdwCleaner v2.200 - Logfile created 04/14/2013 at 08:38:44
    # Updated 02/04/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : ADMIN - TEST-0EDA6CF69E
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\ADMIN\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : Application Updater

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kheelobnibmchifldedamogdmhemfjio
    Deleted on reboot : C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kheelobnibmchifldedamogdmhemfjio
    Deleted on reboot : C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh
    Deleted on reboot : C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh
    Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
    File Deleted : C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\searchplugins\Conduit.xml
    File Deleted : C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
    File Deleted : C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
    File Deleted : C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
    File Deleted : C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
    File Deleted : C:\Documents and Settings\ADMIN\Start Menu\Programs\iLivid.lnk
    File Deleted : C:\Documents and Settings\All Users\Desktop\Get The Best Facebook Chat Messenger.lnk
    File Deleted : C:\END
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    Folder Deleted : C:\Documents and Settings\ADMIN\Application Data\DealPly
    Folder Deleted : C:\Documents and Settings\ADMIN\Application Data\dvdvideosoftiehelpers
    Folder Deleted : C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\CT2998365
    Folder Deleted : C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions\{ad32743c-16ef-46ec-977b-dce0c3c85b20}
    Folder Deleted : C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
    Folder Deleted : C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\Smartbar
    Folder Deleted : C:\Documents and Settings\ADMIN\Application Data\OpenCandy
    Folder Deleted : C:\Documents and Settings\ADMIN\Application Data\Search Settings
    Folder Deleted : C:\Documents and Settings\ADMIN\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\ADMIN\Local Settings\Application Data\Ilivid
    Folder Deleted : C:\Documents and Settings\ADMIN\Start Menu\Programs\DealPly
    Folder Deleted : C:\Documents and Settings\ADMIN\Start Menu\Programs\FreeRIP3
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\FreeRIP
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Deleted : C:\Documents and Settings\NetworkService\Application Data\DealPly
    Folder Deleted : C:\Program Files\Application Updater
    Folder Deleted : C:\Program Files\Common Files\spigot
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\Coupon Companion Plugin
    Folder Deleted : C:\Program Files\FreeRIP3
    Folder Deleted : C:\Program Files\Optimizer Pro

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKCU\Software\AVG Security Toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\DealPly
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\kheelobnibmchifldedamogdmhemfjio
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    Key Deleted : HKCU\Software\Search Settings
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\TENCENT
    Key Deleted : HKLM\Software\Application Updater
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2998365
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3268494
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kheelobnibmchifldedamogdmhemfjio
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\Search Settings
    Key Deleted : HKLM\Software\TENCENT
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v12.0 (en-US)

    File : C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\prefs.js

    C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\user.js ... Deleted !

    Deleted : user_pref("CT2998365.1000082.isPlayDisplay", "true");
    Deleted : user_pref("CT2998365.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
    Deleted : user_pref("CT2998365.1000234.TWC_TMP_city", "NORTH YORK");
    Deleted : user_pref("CT2998365.1000234.TWC_TMP_country", "CA");
    Deleted : user_pref("CT2998365.1000234.TWC_country", "CANADA");
    Deleted : user_pref("CT2998365.1000234.TWC_locId", "CAXX0330");
    Deleted : user_pref("CT2998365.1000234.TWC_location", "North York, Canada");
    Deleted : user_pref("CT2998365.1000234.TWC_region", "OT");
    Deleted : user_pref("CT2998365.1000234.TWC_temp_dis", "c");
    Deleted : user_pref("CT2998365.1000234.TWC_wind_dis", "kmh");
    Deleted : user_pref("CT2998365.1000234.weatherData", "{\"icon\":\"16.png\",\"temperature\":\"0C\",\"temperatu[...]
    Deleted : user_pref("CT2998365.2998365a130081428431926001000000paramsGK0.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzY1Nj[...]
    Deleted : user_pref("CT2998365.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2998365.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT2998365.FF19Solved", "true");
    Deleted : user_pref("CT2998365.FirstTime", "true");
    Deleted : user_pref("CT2998365.FirstTimeFF3", "true");
    Deleted : user_pref("CT2998365.PG_ENABLE", "dHJ1ZQ==");
    Deleted : user_pref("CT2998365.RSS_Pub_Config.enc", "eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3N0b3JhZ2UuY29uZHVpd[...]
    Deleted : user_pref("CT2998365.RSSapp2998365a130081428431926001000000embeddedVersion.enc", "Mi40LjA=");
    Deleted : user_pref("CT2998365.RSSapp2998365a130081428431926001000000lastReportTime.enc", "MTM2NTY4ODcwOTYzOSA[...]
    Deleted : user_pref("CT2998365.RSSapp2998365a130081428431926001000000newFeeds.enc", "bmV3RmVlZHM=");
    Deleted : user_pref("CT2998365.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT299[...]
    Deleted : user_pref("CT2998365.UserID", "UN18541191321461118");
    Deleted : user_pref("CT2998365.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT2998365.autoDisableScopes", 10);
    Deleted : user_pref("CT2998365.browser.search.defaultthis.engineName", "true");
    Deleted : user_pref("CT2998365.defaultSearch", "true");
    Deleted : user_pref("CT2998365.embeddedsData", "[{\"appId\":\"129484477948531726\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT2998365.enableAlerts", "true");
    Deleted : user_pref("CT2998365.enableFix404ByUser", "FALSE");
    Deleted : user_pref("CT2998365.enableSearchFromAddressBar", "true");
    Deleted : user_pref("CT2998365.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT2998365.fixPageNotFoundError", "true");
    Deleted : user_pref("CT2998365.fixPageNotFoundErrorByUser", "true");
    Deleted : user_pref("CT2998365.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT2998365.fixUrls", true);
    Deleted : user_pref("CT2998365.installDate", "31/3/2013 7:48:45");
    Deleted : user_pref("CT2998365.installId", "cidoc");
    Deleted : user_pref("CT2998365.installType", "conduitnsisintegration");
    Deleted : user_pref("CT2998365.installUsage", "2013-04-02T22:13:19.3244854+03:00");
    Deleted : user_pref("CT2998365.installUsageEarly", "2013-04-02T22:13:08.5446781+03:00");
    Deleted : user_pref("CT2998365.installerVersion", "1.3.7.3");
    Deleted : user_pref("CT2998365.isCheckedStartAsHidden", true);
    Deleted : user_pref("CT2998365.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2998365.isFirstTimeToolbarLoading", "false");
    Deleted : user_pref("CT2998365.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT2998365.keyword", "true");
    Deleted : user_pref("CT2998365.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
    Deleted : user_pref("CT2998365.lastVersion", "10.15.2.523");
    Deleted : user_pref("CT2998365.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
    Deleted : user_pref("CT2998365.migrateAppsAndComponents", true);
    Deleted : user_pref("CT2998365.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.c[...]
    Deleted : user_pref("CT2998365.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT2998365.openThankYouPage", "false");
    Deleted : user_pref("CT2998365.openUninstallPage", "true");
    Deleted : user_pref("CT2998365.price-gong.isManagedApp", "true");
    Deleted : user_pref("CT2998365.revertSettingsEnabled", "true");
    Deleted : user_pref("CT2998365.search.searchAppId", "129484477948531726");
    Deleted : user_pref("CT2998365.search.searchCount", "0");
    Deleted : user_pref("CT2998365.searchFromAddressBarEnabledByUser", "true");
    Deleted : user_pref("CT2998365.searchInNewTabEnabledByUser", "true");
    Deleted : user_pref("CT2998365.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT2998365.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2998365.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT2998365.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Deleted : user_pref("CT2998365.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT2998365.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2998365.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2998365.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT2998365.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1364930004157");
    Deleted : user_pref("CT2998365.serviceLayer_services_appsMetadata_lastUpdate", "1365686989588");
    Deleted : user_pref("CT2998365.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1364930005674");
    Deleted : user_pref("CT2998365.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1364930000[...]
    Deleted : user_pref("CT2998365.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1364930007223")[...]
    Deleted : user_pref("CT2998365.serviceLayer_services_location_lastUpdate", "1365686988810");
    Deleted : user_pref("CT2998365.serviceLayer_services_login_10.15.0.62_lastUpdate", "1364930004872");
    Deleted : user_pref("CT2998365.serviceLayer_services_login_10.15.2.523_lastUpdate", "1365686989253");
    Deleted : user_pref("CT2998365.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1364930006323");
    Deleted : user_pref("CT2998365.serviceLayer_services_searchAPI_lastUpdate", "1365686988855");
    Deleted : user_pref("CT2998365.serviceLayer_services_serviceMap_lastUpdate", "1365686988673");
    Deleted : user_pref("CT2998365.serviceLayer_services_toolbarContextMenu_lastUpdate", "1364930005575");
    Deleted : user_pref("CT2998365.serviceLayer_services_toolbarSettings_lastUpdate", "1365686989816");
    Deleted : user_pref("CT2998365.serviceLayer_services_translation_lastUpdate", "1365686989553");
    Deleted : user_pref("CT2998365.settingsINI", true);
    Deleted : user_pref("CT2998365.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT2998365.showToolbarPermission", "false");
    Deleted : user_pref("CT2998365.smartbar.CTID", "CT2998365");
    Deleted : user_pref("CT2998365.smartbar.Uninstall", "0");
    Deleted : user_pref("CT2998365.smartbar.homepage", true);
    Deleted : user_pref("CT2998365.smartbar.toolbarName", "Trustworthy ");
    Deleted : user_pref("CT2998365.startPage", "true");
    Deleted : user_pref("CT2998365.toolbarBornServerTime", "2-4-2013");
    Deleted : user_pref("CT2998365.toolbarCurrentServerTime", "11-4-2013");
    Deleted : user_pref("CT2998365.toolbarLoginClientTime", "Tue Apr 02 2013 15:13:24 GMT-0400 (Eastern Daylight T[...]
    Deleted : user_pref("CT2998365.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
    Deleted : user_pref("CT2998365_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Deleted : user_pref("CT3268494.1000082.isPlayDisplay", "true");
    Deleted : user_pref("CT3268494.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
    Deleted : user_pref("CT3268494.CBOpenMAMSettings.enc", "MA==");
    Deleted : user_pref("CT3268494.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3268494.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT3268494.FirstTime", "true");
    Deleted : user_pref("CT3268494.FirstTimeFF3", "true");
    Deleted : user_pref("CT3268494.LoginRevertSettingsEnabled", true);
    Deleted : user_pref("CT3268494.PG_ENABLE", "dHJ1ZQ==");
    Deleted : user_pref("CT3268494.RevertSettingsEnabled", true);
    Deleted : user_pref("CT3268494.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT326[...]
    Deleted : user_pref("CT3268494.UserID", "UN11138640747109460");
    Deleted : user_pref("CT3268494.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT3268494.autoDisableScopes", 10);
    Deleted : user_pref("CT3268494.browser.search.defaultthis.engineName", "true");
    Deleted : user_pref("CT3268494.cbcountry_001.enc", "Q0E=");
    Deleted : user_pref("CT3268494.cbfirsttime.enc", "U2F0IEZlYiAwMiAyMDEzIDEyOjUzOjI3IEdNVC0wNTAwIChFYXN0ZXJuIFN0[...]
    Deleted : user_pref("CT3268494.defaultSearch", "true");
    Deleted : user_pref("CT3268494.embeddedsData", "[{\"appId\":\"129989109966145536\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT3268494.enableAlerts", "always");
    Deleted : user_pref("CT3268494.enableFix404ByUser", "TRUE");
    Deleted : user_pref("CT3268494.enableSearchFromAddressBar", "true");
    Deleted : user_pref("CT3268494.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT3268494.fixPageNotFoundError", "true");
    Deleted : user_pref("CT3268494.fixPageNotFoundErrorByUser", "true");
    Deleted : user_pref("CT3268494.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT3268494.fixUrls", true);
    Deleted : user_pref("CT3268494.installDate", "29/1/2013 15:04:14");
    Deleted : user_pref("CT3268494.installId", "116302");
    Deleted : user_pref("CT3268494.installType", "conduitnsisintegration");
    Deleted : user_pref("CT3268494.isCheckedStartAsHidden", true);
    Deleted : user_pref("CT3268494.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3268494.isFirstTimeToolbarLoading", "false");
    Deleted : user_pref("CT3268494.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT3268494.keyword", "true");
    Deleted : user_pref("CT3268494.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
    Deleted : user_pref("CT3268494.lastVersion", "10.14.42.7");
    Deleted : user_pref("CT3268494.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
    Deleted : user_pref("CT3268494.migrateAppsAndComponents", true);
    Deleted : user_pref("CT3268494.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
    Deleted : user_pref("CT3268494.openThankYouPage", "false");
    Deleted : user_pref("CT3268494.openUninstallPage", "true");
    Deleted : user_pref("CT3268494.price-gong.isManagedApp", "true");
    Deleted : user_pref("CT3268494.revertSettingsEnabled", "false");
    Deleted : user_pref("CT3268494.search.searchAppId", "129989109966145536");
    Deleted : user_pref("CT3268494.search.searchCount", "0");
    Deleted : user_pref("CT3268494.searchInNewTabEnabledByUser", "true");
    Deleted : user_pref("CT3268494.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT3268494.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3268494.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT3268494.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT3268494.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1359598706091");
    Deleted : user_pref("CT3268494.serviceLayer_services_appsMetadata_lastUpdate", "1359598705783");
    Deleted : user_pref("CT3268494.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1359598705930");
    Deleted : user_pref("CT3268494.serviceLayer_services_login_10.14.42.7_lastUpdate", "1359598707389");
    Deleted : user_pref("CT3268494.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1359598706012");
    Deleted : user_pref("CT3268494.serviceLayer_services_searchAPI_lastUpdate", "1359598701443");
    Deleted : user_pref("CT3268494.serviceLayer_services_serviceMap_lastUpdate", "1359598701253");
    Deleted : user_pref("CT3268494.serviceLayer_services_toolbarContextMenu_lastUpdate", "1359598705801");
    Deleted : user_pref("CT3268494.serviceLayer_services_toolbarSettings_lastUpdate", "1359598701510");
    Deleted : user_pref("CT3268494.serviceLayer_services_translation_lastUpdate", "1359598706134");
    Deleted : user_pref("CT3268494.settingsINI", true);
    Deleted : user_pref("CT3268494.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT3268494.smartbar.CTID", "CT3268494");
    Deleted : user_pref("CT3268494.smartbar.Uninstall", "0");
    Deleted : user_pref("CT3268494.smartbar.homepage", true);
    Deleted : user_pref("CT3268494.smartbar.toolbarName", "VisualBee V.1 ");
    Deleted : user_pref("CT3268494.startPage", "true");
    Deleted : user_pref("CT3268494.toolbarBornServerTime", "31-1-2013");
    Deleted : user_pref("CT3268494.toolbarCurrentServerTime", "31-1-2013");
    Deleted : user_pref("CT3268494.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
    Deleted : user_pref("CT3268494_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2998365&CUI=UN18541191[...]
    Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Trustworthy Customized Web Search");
    Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2998365[...]
    Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
    Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2998365");
    Deleted : user_pref("browser.search.defaultthis.engineName", "Trustworthy Customized Web Search");
    Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2998365&CUI[...]
    Deleted : user_pref("browser.search.selectedEngine", "Trustworthy Customized Web Search");
    Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2998365&CUI=UN1854119132146[...]
    Deleted : user_pref("ct3268494.UserID", "UN11138640747109460");
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1363217950);
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1363217950");
    Deleted : user_pref("extensions.crossriderapp21804.adsOldValue", 10);
    Deleted : user_pref("extensions.crossriderapp21804.bic", "13d661f23bf51191c278bf235e0c239e");
    Deleted : user_pref("extensions.crossriderapp21804.firstrun", false);
    Deleted : user_pref("extensions.crossriderapp21804.installationdate", 1363217950);
    Deleted : user_pref("extensions.crossriderapp21804.lastcheck", 22753040);
    Deleted : user_pref("extensions.crossriderapp21804.lastcheckitem", 22753040);
    Deleted : user_pref("extensions.crossriderapp21804.reportInstall", true);
    Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2998365&SearchSource=2&CU[...]
    Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3268494&octid=CT3268494[...]
    Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
    Deleted : user_pref("smartbar.machineId", "MCIGRYVJZSQCKUMMJHWAYKYCLVTHWI2MWMWQAOM+RIZAM+LJVJ+CSTQXWS04OITQYBS[...]
    Deleted : user_pref("smartbar.originalHomepage", "about:home");
    Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT326[...]
    Deleted : user_pref("smartbar.originalSearchEngine", "Yahoo");

    -\\ Google Chrome v26.0.1410.64

    File : C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    Deleted [l.3275] : urls_to_restore_on_startup = [ "hxxp://www.google.ca/", "hxxp://search.conduit.com/?ctid=CT29[...]

    *************************

    AdwCleaner[S1].txt - [29235 octets] - [14/04/2013 08:38:44]

    ########## EOF - C:\AdwCleaner[S1].txt - [29296 octets] ##########

    ==============

    I shall continue with your two other recommended clean-up tools later on.
    Thanks,
    Newbie

  10. #25
    Join Date
    Sep 2001
    Location
    Toronto, Ontario, Canada
    Posts
    202
    Hi Broni,

    Here is the log of the Junkware Removal Tool - JRT.txt

    =====
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.8.3 (04.05.2013:1)
    OS: Microsoft Windows XP x86
    Ran by ADMIN on Sun 04/14/2013 at 8:59:51.96
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_current_user\software\baidu
    Successfully deleted: [Registry Key] hkey_local_machine\software\baidu
    Successfully deleted: [Registry Key] hkey_current_user\software\visualbee
    Successfully deleted: [Registry Key] hkey_local_machine\software\visualbee
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\bho.dll



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\visualbee"
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\baidu"
    Failed to delete: [Folder] "C:\Documents and Settings\All Users\application data\tencent"
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ytd video downloader"
    Successfully deleted: [Folder] "C:\Documents and Settings\ADMIN\Application Data\baidu"
    Successfully deleted: [Folder] "C:\Documents and Settings\ADMIN\Application Data\tencent"
    Successfully deleted: [Folder] "C:\Documents and Settings\ADMIN\Local Settings\Application Data\updater21804"
    Successfully deleted: [Folder] "C:\Documents and Settings\ADMIN\Local Settings\Application Data\visualbeeexe"
    Successfully deleted: [Folder] "C:\Documents and Settings\ADMIN\Local Settings\Application Data\visualbee_v.1"
    Successfully deleted: [Folder] "C:\Documents and Settings\ADMIN\Local Settings\Application Data\wiseconvert"
    Successfully deleted: [Folder] "C:\Program Files\baidu"
    Failed to delete: [Folder] "C:\Program Files\tencent"
    Successfully deleted: [Folder] "C:\Program Files\wiseconvert"
    Successfully deleted: [Folder] "C:\Program Files\ytd toolbar"
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\ytd video downloader"



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Documents and Settings\ADMIN\Application Data\mozilla\firefox\profiles\1scr8ssh.default\extensions\extension21804@extension21804.com
    Failed to delete: [Folder] C:\Documents and Settings\ADMIN\Application Data\mozilla\firefox\profiles\1scr8ssh.default\extensions\ytd@mybrowserbar.com
    Successfully deleted the following from C:\Documents and Settings\ADMIN\Application Data\mozilla\firefox\profiles\1scr8ssh.default\prefs.js

    user_pref("extensions.crossrider.bic", "13d661f23bf51191c278bf235e0c239e");



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 04/14/2013 at 9:14:34.56
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ===
    Thanks for your help.
    Newbie

  11. #26
    Join Date
    Sep 2001
    Location
    Toronto, Ontario, Canada
    Posts
    202
    Hi Broni,

    Here is the first part of OTL log - OTL.txt
    the second part will follow in another message;
    and the Extras.txt will be in the third message.

    = = = = OTL txt - First Part = = = =

    OTL logfile created on: 4/14/2013 9:23:01 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ADMIN\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.12 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 82.92% Memory free
    4.96 Gb Paging File | 4.51 Gb Available in Paging File | 90.98% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 45.63 Gb Free Space | 61.23% Space Free | Partition Type: NTFS
    Drive E: | 1863.01 Gb Total Space | 1051.11 Gb Free Space | 56.42% Space Free | Partition Type: NTFS
    Drive F: | 465.75 Gb Total Space | 463.55 Gb Free Space | 99.53% Space Free | Partition Type: NTFS

    Computer Name: TEST-0EDA6CF69E | User Name: ADMIN | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/04/14 09:22:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
    PRC - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2013/03/13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
    PRC - [2013/03/07 05:49:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/12/23 23:13:16 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2012/12/23 23:13:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2012/11/16 07:19:00 | 000,822,768 | ---- | M] (Tencent) -- C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCRTP.exe
    PRC - [2009/09/08 18:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2009/03/04 17:27:10 | 000,209,216 | ---- | M] () -- C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
    PRC - [2009/02/16 05:44:55 | 001,358,384 | R--- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/01/30 05:52:22 | 000,106,496 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    PRC - [2002/09/20 18:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/16 07:18:52 | 000,099,744 | ---- | M] () -- C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\tinyxml.dll
    MOD - [2012/11/16 07:18:50 | 000,480,672 | ---- | M] () -- C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\sqlite.dll
    MOD - [2012/08/21 18:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
    MOD - [2012/05/28 16:44:32 | 000,520,464 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
    MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/03/04 17:27:10 | 000,209,216 | ---- | M] () -- C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
    MOD - [2008/12/12 17:48:50 | 000,507,904 | ---- | M] () -- C:\Program Files\Common Files\BCL Technologies\NitroPDF6\bepprint.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
    SRV - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2013/03/13 11:55:47 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/03/07 05:49:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/12/23 23:13:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2012/11/16 07:19:00 | 000,822,768 | ---- | M] (Tencent) [Auto | Running] -- C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCRTP.exe -- (QQPCRTP)
    SRV - [2012/04/29 01:05:50 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2011/11/10 09:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2009/09/08 18:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2008/01/30 05:52:22 | 000,106,496 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
    SRV - [2002/09/20 18:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [File_System | Boot | Running] -- Reg Error: Invalid data type. -- (TSysCare)
    DRV - File not found [Kernel | System | Running] -- C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSSysKit.sys -- (TSSysKit)
    DRV - File not found [Kernel | System | Running] -- C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys -- (TSKSP)
    DRV - File not found [File_System | On_Demand | Running] -- Reg Error: Invalid data type. -- (TFsFlt)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCHW.sys -- (TcHardWare)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMIN\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2013/04/12 10:15:20 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2013/04/04 20:06:15 | 000,015,616 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
    DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2013/02/26 23:40:46 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2013/02/14 03:52:46 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
    DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2012/12/23 23:13:34 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2012/12/23 23:13:34 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2012/12/23 23:13:32 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2012/11/16 07:19:06 | 000,073,024 | ---- | M] (Tencent) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TsFltMgr.sys -- (TsFltMgr)
    DRV - [2012/11/08 08:06:52 | 000,060,448 | ---- | M] (Tencent) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSDefenseBt.sys -- (TSDefenseBt)
    DRV - [2012/10/30 04:55:27 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
    DRV - [2012/05/28 16:44:32 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
    DRV - [2010/02/04 17:20:20 | 000,013,952 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HP8207_8307.sys -- (HP8207_8307)
    DRV - [2008/12/04 09:17:15 | 000,627,072 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
    DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
    DRV - [2007/11/29 20:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2007/11/14 16:18:30 | 000,043,656 | ---- | M] (Oki Data Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\OkiPar.sys -- (OkiPar)
    DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
    DRV - [2003/12/05 05:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes\{4754DC77-D9B7-4947-A0C9-F65E634C5151}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GGLJ_en
    IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes\{5963563E-FF37-4CD7-AEDA-F37A0290387F}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2998365&CUI=UN24496117639987170&UM=2
    IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_adr&ch=33
    IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.param.yahoo-fr: ""
    FF - prefs.js..extensions.enabledAddons: {B18B1E5C-4D81-11E1-9C00-AFEB4824019B}:1.1.4
    FF - prefs.js..extensions.enabledAddons: {1B33E42F-EF14-4cd3-B6DC-174571C4349C}:4.2
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdsetup: C:\WINDOWS\Downloaded Program Files\61669843\npxbdsetup.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@kingsfot.com/npkws: C:\program files\kingsoft\kingsoft antivirus\npkws.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll File not found
    FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.42\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
    FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\ADMIN\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\ADMIN\Application Data\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\ADMIN\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B18B1E5C-4D81-11E1-9C00-AFEB4824019B}: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\Firefox [2012/08/03 19:03:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/31 08:04:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2012/03/23 06:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Extensions
    [2012/02/15 08:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\extensions
    [2012/02/15 08:45:58 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2013/04/14 09:17:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions
    [2012/11/26 18:54:16 | 000,000,000 | ---D | M] (Thunder Extension) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
    [2012/08/08 14:04:08 | 000,000,000 | ---D | M] ("Youtube to MP3 Converter") -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions\{B18B1E5C-4D81-11E1-9C00-AFEB4824019B}
    [2013/02/02 13:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/06/18 07:10:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012/09/12 06:00:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/09/10 10:38:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}(2)
    [2012/10/19 01:48:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2012/04/29 01:05:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2013/04/11 09:14:55 | 000,000,000 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
    [2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.ca/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\ADMIN\Application Data\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\ADMIN\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Bloomberg - Business & Financial News, Breaking News Headlines = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jghjhehcpkgdodmcjaiifmagnodnbcgk\2012.2.15.29992_0\
    CHR - Extension: Youtube to MP3 Converter = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jnlpomffplbggocdfbghngdfkingkkpg\1.1.3_0\
    CHR - Extension: Skype Click to Call = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.7.0.12055_0\

    O1 HOSTS File: ([2013/04/11 08:51:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (YouTube to MP3 Converter) - {E71596B0-A83B-453D-82C1-4BE99947C65F} - C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll (Sevas-S LLC)
    O2 - BHO: (GretechBHO Class) - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files\GRETECH\GomPicker\GomPickerBHO1.dll (Gretech Corporation)
    O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
    O4 - HKLM..\Run: [ QQPCTray] C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe (Tencent)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
    O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\ADMIN\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\ADMIN\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O15 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} https://col0-sec.mail.live.com/mail/...spx?n=64163164 (Mail Migration)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: HighSpeedDownloadIE http://st1.dbank.com/netdisk/plugin/...BankPlugin.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.197.191.194 38.117.85.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECE18B44-B075-4E67-9D65-BBC70BFDC123}: DhcpNameServer = 204.197.191.194 38.117.85.2
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/11 16:32:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/04/14 09:22:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
    [2013/04/14 08:59:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2013/04/14 08:59:36 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/04/14 08:58:12 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\ADMIN\Desktop\JRT.exe
    [2013/04/14 08:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\MBAM-****Cleaning
    [2013/04/14 08:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\AVG Secure Search
    [2013/04/12 10:15:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
    [2013/04/12 05:22:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2013/04/11 10:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\AVG SafeGuard toolbar
    [2013/04/11 09:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    [2013/04/11 09:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\AVG SafeGuard toolbar
    [2013/04/11 09:14:45 | 000,033,112 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
    [2013/04/11 09:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
    [2013/04/11 08:30:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2013/04/11 08:08:06 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\ADMIN\Desktop\rKill.exe
    [2013/04/11 07:43:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2013/04/11 07:38:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2013/04/11 07:38:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2013/04/11 07:38:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2013/04/11 07:38:34 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/04/11 07:38:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2013/04/10 15:31:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2013/04/10 09:48:10 | 000,000,000 | ---D | C] -- C:\New Folder
    [2013/04/05 08:52:54 | 000,000,000 | ---D | C] -- C:\SOFTWARE-AVG 2013
    [2013/04/04 11:07:09 | 000,000,000 | ---D | C] -- C:\SOFTWARE-AVAST Anti-Virus
    [2013/04/01 16:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Malwarebytes
    [2013/04/01 16:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/04/01 16:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2013/04/01 16:51:34 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/04/01 16:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/04/01 16:32:59 | 000,000,000 | ---D | C] -- C:\SOFTWARE-MalwarebytesAnti-Malware
    [2013/03/20 10:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2013/03/20 10:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2013/03/19 13:44:44 | 000,000,000 | ---D | C] -- C:\sr
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/04/14 09:24:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1935655697-839522115-1003UA.job
    [2013/04/14 09:22:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
    [2013/04/14 09:20:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/04/14 08:58:12 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\ADMIN\Desktop\JRT.exe
    [2013/04/14 08:55:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/04/14 08:46:38 | 000,571,814 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/04/14 08:46:38 | 000,117,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/04/14 08:43:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/04/14 08:42:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/04/14 08:41:59 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\SogouImeMgr.job
    [2013/04/14 08:41:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/04/14 08:36:47 | 000,613,083 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\adwcleaner.exe
    [2013/04/14 08:30:48 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Microsoft Word.lnk
    [2013/04/14 06:24:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1935655697-839522115-1003Core.job
    [2013/04/13 14:36:36 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2013/04/12 13:18:08 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\BaiduBrowserUpdater.job
    [2013/04/12 10:15:20 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
    [2013/04/11 09:14:59 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
    [2013/04/11 08:51:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/04/11 08:10:04 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\ADMIN\Desktop\rKill.exe
    [2013/04/11 07:43:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2013/04/11 02:41:51 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YTD Video Downloader.lnk
    [2013/04/11 02:24:36 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/04/10 20:54:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/04/10 15:45:37 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Outlook Express.lnk
    [2013/04/10 15:43:43 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/04/09 16:21:17 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2013/04/09 12:00:40 | 000,000,134 | ---- | M] () -- C:\WINDOWS\_delis32.ini
    [2013/04/09 12:00:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\_INS33IS._MP
    [2013/04/07 17:55:14 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk
    [2013/04/07 12:33:31 | 000,116,459 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\BlueJays 2013-Schedule.pdf
    [2013/04/04 20:06:15 | 000,015,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
    [2013/04/04 19:57:06 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\RogueKiller.exe
    [2013/04/03 10:27:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2013/04/01 16:51:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/31 07:42:17 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
    [2013/03/30 17:32:54 | 000,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
    [2013/03/21 13:10:11 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/03/20 10:06:49 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2013/03/18 20:00:54 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\spider.sav
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/04/14 08:36:47 | 000,613,083 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\adwcleaner.exe
    [2013/04/11 09:14:59 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
    [2013/04/11 07:43:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2013/04/11 07:43:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2013/04/11 07:38:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2013/04/11 07:38:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2013/04/11 07:38:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2013/04/11 07:38:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2013/04/11 07:38:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2013/04/11 02:41:51 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YTD Video Downloader.lnk
    [2013/04/10 19:22:42 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
    [2013/04/10 19:22:42 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
    [2013/04/10 19:22:42 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
    [2013/04/10 19:22:42 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
    [2013/04/10 19:22:41 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
    [2013/04/10 19:22:41 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
    [2013/04/10 19:22:40 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
    [2013/04/10 19:22:39 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
    [2013/04/10 19:22:38 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
    [2013/04/10 19:22:38 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
    [2013/04/10 19:22:38 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
    [2013/04/10 15:45:37 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Outlook Express.lnk
    [2013/04/10 15:43:43 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/04/10 15:43:40 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\ADMIN\Start Menu\Programs\Internet Explorer.lnk
    [2013/04/09 11:51:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\_INS33IS._MP
    [2013/04/09 11:51:07 | 000,000,134 | ---- | C] () -- C:\WINDOWS\_delis32.ini
    [2013/04/07 12:33:31 | 000,116,459 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\BlueJays 2013-Schedule.pdf
    [2013/04/04 20:06:15 | 000,015,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
    [2013/04/04 20:05:30 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\RogueKiller.exe
    [2013/04/01 16:51:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/31 07:42:17 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
    [2013/03/20 10:06:49 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2013/03/18 20:00:54 | 000,000,412 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\spider.sav
    [2013/03/11 20:49:46 | 000,204,848 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
    [2013/03/11 20:49:40 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
    [2013/03/11 20:49:40 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
    [2013/03/11 20:49:40 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
    [2013/03/11 20:49:40 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
    [2013/02/24 21:13:40 | 000,169,672 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2013/01/29 16:03:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2012/11/25 07:28:03 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\CoreAVC.ini
    [2012/11/23 09:51:37 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\pub_store.dat
    [2012/11/16 13:35:31 | 000,112,032 | ---- | C] () -- C:\WINDOWS\System32\QQPCUrlLoader.exe
    [2012/11/16 13:32:43 | 000,054,468 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2012/08/11 13:34:06 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\dt.dat
    [2012/07/25 22:09:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
    [2012/07/01 21:03:48 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
    [2012/06/21 18:38:39 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
    [2012/05/23 17:39:35 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2012/05/22 15:24:47 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2012/05/22 15:24:09 | 000,001,534 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
    [2012/04/13 10:33:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2012/02/15 06:34:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/29 17:59:54 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SiglosPro.INI
    [2012/01/23 17:41:45 | 000,026,427 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
    [2012/01/05 17:46:59 | 000,000,052 | ---- | C] () -- C:\WINDOWS\SW_Win9423X24.DLL
    [2012/01/05 17:46:52 | 001,220,608 | ---- | C] () -- C:\WINDOWS\System32\pdf2bmp.dll
    [2012/01/05 17:46:51 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
    [2012/01/05 17:46:51 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe
    [2012/01/01 14:55:11 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
    [2011/12/23 13:47:33 | 000,000,808 | ---- | C] () -- C:\WINDOWS\System32\OKIPAR.DAT
    [2008/07/28 14:13:44 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
    [2008/07/14 07:10:51 | 000,003,101 | ---- | C] () -- C:\Documents and Settings\ADMIN\default.pls
    [2008/07/12 11:48:48 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========


    [second part of this log will follow].
    Newbie

  12. #27
    Join Date
    Sep 2001
    Location
    Toronto, Ontario, Canada
    Posts
    202
    Second part of OTL.txt
    ---------------------------

    [2008/07/27 14:33:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2010/12/20 18:15:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/04/11 09:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\AVG SafeGuard toolbar
    [2012/09/26 18:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\AVG2013
    [2013/03/11 15:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Canon
    [2008/08/06 01:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/06/16 13:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\DVDVideoSoft
    [2012/04/04 17:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Free Sound Recorder
    [2012/01/05 17:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\GetRightToGo
    [2012/11/17 09:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Kingsoft
    [2012/11/17 09:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Maxthon3
    [2011/12/25 07:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Nitro PDF
    [2013/04/10 19:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\PPStream
    [2012/11/24 12:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\SEGameCenter
    [2012/06/02 08:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Sevas-S
    [2013/03/12 17:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Softland
    [2013/03/13 18:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\SogouInput
    [2013/04/10 19:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\SogouPY
    [2012/11/24 12:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\SogouPY.users
    [2012/01/05 17:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\SumatraPDF
    [2012/09/26 18:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\TuneUp Software
    [2012/11/29 20:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\uTorrent
    [2012/11/17 09:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Wandoujia2
    [2012/06/21 06:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\wtxpcom
    [2012/08/02 08:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\YTD
    [2012/11/03 03:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\0C8E61B26569A9A100000C8E5529AF40
    [2013/04/11 09:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
    [2011/01/19 14:56:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2013/03/01 09:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Entropy Technology Ltd
    [2012/11/17 09:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
    [2009/06/12 18:42:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
    [2013/04/14 08:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/12/25 07:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
    [2012/01/01 12:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OPPU
    [2012/06/02 06:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2013/04/14 09:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tencent
    [2012/12/02 07:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
    [2011/12/26 09:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
    [2012/11/23 09:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xunlei
    [2012/03/31 21:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
    [2011/12/16 12:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/10/13 09:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
    [2013/03/12 17:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
    [2012/11/16 13:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Tencent
    [2012/11/24 19:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SogouPY.users

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2012/11/23 16:08:23 | 000,000,000 | ---D | M](C:\Documents and Settings\ADMIN\Application Data\????) -- C:\Documents and Settings\ADMIN\Application Data\迅雷游戏
    [2012/11/23 16:08:23 | 000,000,000 | ---D | M](C:\Documents and Settings\ADMIN\Application Data\????) -- C:\Documents and Settings\ADMIN\Application Data\迅雷游戏
    [2012/11/23 16:08:05 | 000,000,000 | ---D | M](C:\Program Files\????) -- C:\Program Files\迅雷游戏
    [2012/11/23 16:08:05 | 000,000,000 | ---D | M](C:\Program Files\????) -- C:\Program Files\迅雷游戏
    [2012/11/23 08:50:34 | 000,000,915 | ---- | M] ()(C:\Documents and Settings\ADMIN\Desktop\????.lnk) -- C:\Documents and Settings\ADMIN\Desktop\电脑管家.lnk
    [2012/11/23 08:50:34 | 000,000,915 | ---- | C] ()(C:\Documents and Settings\ADMIN\Desktop\????.lnk) -- C:\Documents and Settings\ADMIN\Desktop\电脑管家.lnk
    [2012/11/22 21:07:10 | 000,000,832 | ---- | M] ()(C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\?????.lnk) -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\百度浏览器.lnk
    [2012/11/22 21:07:10 | 000,000,832 | ---- | C] ()(C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\?????.lnk) -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\百度浏览器.lnk
    [2012/11/22 21:07:10 | 000,000,814 | ---- | M] ()(C:\Documents and Settings\ADMIN\Desktop\?????.lnk) -- C:\Documents and Settings\ADMIN\Desktop\百度浏览器.lnk
    [2012/11/22 21:07:10 | 000,000,814 | ---- | C] ()(C:\Documents and Settings\ADMIN\Desktop\?????.lnk) -- C:\Documents and Settings\ADMIN\Desktop\百度浏览器.lnk
    [2012/11/16 13:32:24 | 000,000,810 | ---- | M] ()(C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
    [2012/11/16 13:32:24 | 000,000,810 | ---- | C] ()(C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
    [2012/11/16 13:32:24 | 000,000,792 | ---- | M] ()(C:\Documents and Settings\All Users\Desktop\QQ??.lnk) -- C:\Documents and Settings\All Users\Desktop\QQ音乐.lnk
    [2012/11/16 13:32:24 | 000,000,792 | ---- | C] ()(C:\Documents and Settings\All Users\Desktop\QQ??.lnk) -- C:\Documents and Settings\All Users\Desktop\QQ音乐.lnk
    [2012/07/23 15:21:14 | 000,027,136 | ---- | M] ()(C:\Documents and Settings\ADMIN\My Documents\??.doc) -- C:\Documents and Settings\ADMIN\My Documents\药能.doc
    [2012/07/23 15:21:13 | 000,027,136 | ---- | C] ()(C:\Documents and Settings\ADMIN\My Documents\??.doc) -- C:\Documents and Settings\ADMIN\My Documents\药能.doc
    (C:\Program Files\????) -- C:\Program Files\迅雷游戏
    (C:\Documents and Settings\All Users\Start Menu\Programs\?????????) -- C:\Documents and Settings\All Users\Start Menu\Programs\谷歌金山词霸合作版
    (C:\Documents and Settings\All Users\Start Menu\Programs\???????) -- C:\Documents and Settings\All Users\Start Menu\Programs\搜狗拼音输入法
    (C:\Documents and Settings\All Users\Start Menu\Programs\????) -- C:\Documents and Settings\All Users\Start Menu\Programs\迅雷软件
    (C:\Documents and Settings\All Users\Start Menu\Programs\????) -- C:\Documents and Settings\All Users\Start Menu\Programs\腾讯软件
    (C:\Documents and Settings\ADMIN\Start Menu\Programs\??????) -- C:\Documents and Settings\ADMIN\Start Menu\Programs\迅雷游戏盒子
    (C:\Documents and Settings\ADMIN\Start Menu\Programs\?????) -- C:\Documents and Settings\ADMIN\Start Menu\Programs\百度浏览器
    (C:\Documents and Settings\ADMIN\Start Menu\Programs\????) -- C:\Documents and Settings\ADMIN\Start Menu\Programs\腾讯软件
    (C:\Documents and Settings\ADMIN\Application Data\????) -- C:\Documents and Settings\ADMIN\Application Data\迅雷游戏

    < End of report >


    ================

    Extras.txt to follow.
    Newbie

  13. #28
    Join Date
    Sep 2001
    Location
    Toronto, Ontario, Canada
    Posts
    202
    Extras.txt
    -----------

    OTL Extras logfile created on: 4/14/2013 9:23:01 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ADMIN\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.12 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 82.92% Memory free
    4.96 Gb Paging File | 4.51 Gb Available in Paging File | 90.98% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 45.63 Gb Free Space | 61.23% Space Free | Partition Type: NTFS
    Drive E: | 1863.01 Gb Total Space | 1051.11 Gb Free Space | 56.42% Space Free | Partition Type: NTFS
    Drive F: | 465.75 Gb Total Space | 463.55 Gb Free Space | 99.53% Space Free | Partition Type: NTFS

    Computer Name: TEST-0EDA6CF69E | User Name: ADMIN | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = BaiduBrowserHTML] -- "C:\Program Files\Baidu\BaiduBrowser\baidubrowser.exe" -- "%1"

    [HKEY_USERS\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Classes\<extension>]
    .html [@ = BaiduBrowserHTML] -- "C:\Program Files\Baidu\BaiduBrowser\baidubrowser.exe" -- "%1"

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OtsMedia.Surf] -- "C:\OtsLabs\OtsPlay.exe" "%1" /play /surf
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "113:TCP" = 113:TCP:*:Enabled:IdentD
    "1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
    "1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
    "1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
    "1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
    "1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
    "1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
    "1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
    "1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
    "1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
    "1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
    "1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
    "1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
    "5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QMLoader\QQPCDetector.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QMLoader\QQPCDetector.exe:*:Enabled:????-???
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCmgrInstallGuide.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCmgrInstallGuide.exe:*:Enabled:????-??
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCTray.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCTray.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCMgr.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCMgr.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCRTP.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCRTP.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCFileOpen.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCFileOpen.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\bugreport.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\bugreport.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCLeakScan.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCLeakScan.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPConfig.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPConfig.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSoftMgr.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSoftMgr.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCLoader.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCLoader.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSPlash.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSPlash.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QDeskSetup.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QDeskSetup.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\plugins\QMNetMon\QQPCNetFlow.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\plugins\QMNetMon\QQPCNetFlow.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCClinic.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCClinic.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCBTU.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCBTU.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCLaunch.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCLaunch.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSysOptimize.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSysOptimize.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QMUpdate\QQPCMgrUpdate.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QMUpdate\QQPCMgrUpdate.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQRepair.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQRepair.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCProtect.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCProtect.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\Uninst.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\Uninst.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSoftGame.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSoftGame.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCPatch.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCPatch.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCUrlLoader.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCUrlLoader.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCUpdateAVLib.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCUpdateAVLib.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QMLoader\QQPCDetector.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QMLoader\QQPCDetector.exe:*:Enabled:????-???
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe:*:Enabled:???? -- (Tencent)
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCMgr.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCMgr.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCmgrInstallGuide.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCmgrInstallGuide.exe:*:Enabled:????-??
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCRTP.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCRTP.exe:*:Enabled:???? -- (Tencent)
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\bugreport.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\bugreport.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCFileOpen.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCFileOpen.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCLeakScan.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCLeakScan.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCLoader.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCLoader.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPConfig.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPConfig.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QDeskSetup.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QDeskSetup.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\plugins\QMNetMon\QQPCNetFlow.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\plugins\QMNetMon\QQPCNetFlow.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCSoftMgr.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCSoftMgr.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCClinic.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCClinic.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCLaunch.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCLaunch.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCBTU.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCBTU.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCProtect.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCProtect.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QMUpdate\QQPCMgrUpdate.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QMUpdate\QQPCMgrUpdate.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCSoftGame.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCSoftGame.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCUrlLoader.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCUrlLoader.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQRepair.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQRepair.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\Uninst.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\Uninst.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCPatch.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCPatch.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCUpdateAVLib.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCUpdateAVLib.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCSysOptimize.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCSysOptimize.exe:*:Enabled:????
    "C:\Program Files\SogouInput\6.5.0.8433\PinyinUp.exe" = C:\Program Files\SogouInput\6.5.0.8433\PinyinUp.exe:*:Enabled:Sogou Pinyin Service
    "C:\Program Files\SogouInput\6.5.0.8433\SGDownload.exe" = C:\Program Files\SogouInput\6.5.0.8433\SGDownload.exe:*:Enabled:Sogou Pinyin Service
    "C:\Program Files\SogouInput\6.5.0.8433\ImeUtil.exe" = C:\Program Files\SogouInput\6.5.0.8433\ImeUtil.exe:*:Enabled:Sogou Pinyin Service
    "C:\Program Files\SogouInput\6.5.0.8433\SGTool.exe" = C:\Program Files\SogouInput\6.5.0.8433\SGTool.exe:*:Enabled:Sogou Pinyin Service
    "C:\Program Files\SogouInput\Components\SogouComMgr.exe" = C:\Program Files\SogouInput\Components\SogouComMgr.exe:*:Enabled:Sogou Pinyin Service -- (Sogou.com Inc.)
    "C:\Program Files\SogouInput\6.5.0.9181\PinyinUp.exe" = C:\Program Files\SogouInput\6.5.0.9181\PinyinUp.exe:*:Enabled:Sogou Pinyin Service -- (Sogou.com Inc.)
    "C:\Program Files\SogouInput\6.5.0.9181\SGDownload.exe" = C:\Program Files\SogouInput\6.5.0.9181\SGDownload.exe:*:Enabled:Sogou Pinyin Service -- (Sogou.com Inc.)
    "C:\Program Files\SogouInput\6.5.0.9181\ImeUtil.exe" = C:\Program Files\SogouInput\6.5.0.9181\ImeUtil.exe:*:Enabled:Sogou Pinyin Service -- (Sogou.com Inc.)
    "C:\Program Files\SogouInput\6.5.0.9181\SGTool.exe" = C:\Program Files\SogouInput\6.5.0.9181\SGTool.exe:*:Enabled:Sogou Pinyin Service -- (Sogou.com Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:Torrent -- (BitTorrent, Inc.)
    "C:\Program Files\Tencent\QQMusic\QQMusicExternal.exe" = C:\Program Files\Tencent\QQMusic\QQMusicExternal.exe:*:Enabled:QQMusicExternal
    "C:\Program Files\Tencent\QQMusic\QQMusicUpdate.exe" = C:\Program Files\Tencent\QQMusic\QQMusicUpdate.exe:*:Enabled:QQMusicUpdate
    "C:\Program Files\Tencent\QQMusic\QQMusicIE.exe" = C:\Program Files\Tencent\QQMusic\QQMusicIE.exe:*:Enabled:QQMusicIE
    "C:\Program Files\Tencent\QQMusic\QzoneMusic.exe" = C:\Program Files\Tencent\QQMusic\QzoneMusic.exe:*:Enabled:QzoneMusic
    "C:\Program Files\Tencent\QQMusic\DataTransform.exe" = C:\Program Files\Tencent\QQMusic\DataTransform.exe:*:EnabledataTransform
    "C:\Program Files\Tencent\QQMusic\QQMusic.exe" = C:\Program Files\Tencent\QQMusic\QQMusic.exe:*:Enabled:QQ??
    "C:\Documents and Settings\ADMIN\Application Data\Tencent\QQPCMgr\Download\QQPCDownload.exe" = C:\Documents and Settings\ADMIN\Application Data\Tencent\QQPCMgr\Download\QQPCDownload.exe:*:Enabled:???????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QMLoader\QQPCDetector.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QMLoader\QQPCDetector.exe:*:Enabled:????-???
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCmgrInstallGuide.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCmgrInstallGuide.exe:*:Enabled:????-??
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCTray.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCTray.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCMgr.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCMgr.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCRTP.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCRTP.exe:*:Enabled:????
    "C:\Program Files\Common Files\Tencent\QQDownload\121\Tencentdl.exe" = C:\Program Files\Common Files\Tencent\QQDownload\121\Tencentdl.exe:*:Enabled:ѶƷ -- (Tencent)
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCFileOpen.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCFileOpen.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\bugreport.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\bugreport.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCLeakScan.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCLeakScan.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPConfig.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPConfig.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSoftMgr.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSoftMgr.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCLoader.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCLoader.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSPlash.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSPlash.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\plugins\QMNetMon\QQPCNetFlow.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\plugins\QMNetMon\QQPCNetFlow.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QDeskSetup.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QDeskSetup.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCClinic.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCClinic.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCBTU.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCBTU.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCLaunch.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCLaunch.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QMUpdate\QQPCMgrUpdate.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QMUpdate\QQPCMgrUpdate.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCProtect.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCProtect.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCPatch.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCPatch.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSysOptimize.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSysOptimize.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQRepair.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQRepair.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCUpdateAVLib.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCUpdateAVLib.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCUrlLoader.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCUrlLoader.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSoftGame.exe" = C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSoftGame.exe:*:Enabled:????
    "C:\Program Files\QvodPlayer\QvodTerminal.exe" = C:\Program Files\QvodPlayer\QvodTerminal.exe:*:Enabled:QvodPlayer -- (Shenzhen QVOD Technology Co.,Ltd)
    "C:\Program Files\QvodPlayer\QvodPlayer.exe" = C:\Program Files\QvodPlayer\QvodPlayer.exe:*:Enabled:?? -- (Shenzhen QVOD Technology Co.,Ltd)
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QMLoader\QQPCDetector.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QMLoader\QQPCDetector.exe:*:Enabled:????-???
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe:*:Enabled:???? -- (Tencent)
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCMgr.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCMgr.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCmgrInstallGuide.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCmgrInstallGuide.exe:*:Enabled:????-??
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCRTP.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCRTP.exe:*:Enabled:???? -- (Tencent)
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\bugreport.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\bugreport.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCFileOpen.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCFileOpen.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCLeakScan.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCLeakScan.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCLoader.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCLoader.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QDeskSetup.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QDeskSetup.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPConfig.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPConfig.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\plugins\QMNetMon\QQPCNetFlow.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\plugins\QMNetMon\QQPCNetFlow.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCClinic.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCClinic.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCSoftMgr.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCSoftMgr.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCLaunch.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCLaunch.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCBTU.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCBTU.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCProtect.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCProtect.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QMUpdate\QQPCMgrUpdate.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QMUpdate\QQPCMgrUpdate.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCSoftGame.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCSoftGame.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCUrlLoader.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCUrlLoader.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQRepair.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQRepair.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\Uninst.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\Uninst.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCPatch.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCPatch.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCUpdateAVLib.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCUpdateAVLib.exe:*:Enabled:????
    "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCSysOptimize.exe" = C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCSysOptimize.exe:*:Enabled:????
    "C:\Program Files\Baidu\BaiduBrowser\baidusetupax_1.exe" = C:\Program Files\Baidu\BaiduBrowser\baidusetupax_1.exe:*:Enabled:BaiduSetupAx_1.exe
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "C:\Program Files\SogouInput\6.5.0.9181\PinyinUp.exe" = C:\Program Files\SogouInput\6.5.0.9181\PinyinUp.exe:*:Enabled:Sogou Pinyin Service -- (Sogou.com Inc.)
    "C:\Program Files\SogouInput\6.5.0.9181\SGDownload.exe" = C:\Program Files\SogouInput\6.5.0.9181\SGDownload.exe:*:Enabled:Sogou Pinyin Service -- (Sogou.com Inc.)
    "C:\Program Files\SogouInput\6.5.0.9181\ImeUtil.exe" = C:\Program Files\SogouInput\6.5.0.9181\ImeUtil.exe:*:Enabled:Sogou Pinyin Service -- (Sogou.com Inc.)
    "C:\Program Files\SogouInput\6.5.0.9181\SGTool.exe" = C:\Program Files\SogouInput\6.5.0.9181\SGTool.exe:*:Enabled:Sogou Pinyin Service -- (Sogou.com Inc.)
    "C:\Program Files\SogouInput\Components\SogouComMgr.exe" = C:\Program Files\SogouInput\Components\SogouComMgr.exe:*:Enabled:Sogou Pinyin Service -- (Sogou.com Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal Email Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{04FF3158-7664-453B-B1A9-8559CBCB6EC6}_is1" = Power CD+G to Video Karaoke Converter 2
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{0BDA096C-3550-4F7D-8612-A7AAA3D35712}_is1" = FLV to MP3 Converter
    "{0C1B3A6B-B467-474D-97E4-D8BAC3E839CD}" = YTD Toolbar v7.0
    "{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = Canon CanoScan Toolbox 4.5
    "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.0
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
    "{213FF60A-9899-4145-8428-D144778BE117}" = HP Mouse Suite
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
    "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7
    "{48A5AB54-6327-43DC-A376-4AC74C5D40B0}" = AVG 2013
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
    "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP3 3.70
    "{51B833D8-66B0-4E72-92B9-4E4977EF37F2}" = WD Drive Manager (x86)
    "{62622BDC-D42B-4ABE-869A-C197694E8BD0}_is1" = Power CD+G Burner 2
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{764C5667-9FD6-4626-8AD5-D1C3EDE2DBB0}" = OKI B410 Printer Menu Setup Tool
    "{7735BD50-87C5-4838-A276-4A3621BBD306}" = AVG 2013
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
    "{8EBE1DB0-8687-43A7-8781-6445E62CAFA5}" = Nitro PDF Professional
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9E998EBB-DE54-4F21-8419-CB660813E037}" = StudioTax 2012
    "{A106D63B-0B26-46FD-9385-E28A13262E2B}" = TaxFreeway 2012
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9CE0266-6801-3B33-94AD-00520085CF4B}" = Google Talk Plugin
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
    "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
    "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
    "{BFB8C7BE-3BFA-446C-9F3E-3AFBA5BC1033}" = Nero 7 Premium
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DFC23DA9-8C69-4CD0-BDD5-814AF1CA85EE}_is1" = Siglos Karaoke Professional
    "{E546E974-A3E7-4158-8660-CFB4BA6F8BC1}_is1" = AviSubtitler v2.02
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F50A4470-7A45-4A5A-97F8-806990B736C2}" = MP3+G Toolz
    "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
    "{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom NetXtreme Ethernet Controller
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-zip" = 7-zip v9.20
    "A6E523F705B22F88BB9D8884283C37B7A6271523" = Windows Driver Package - Hewlett - Packard (HidUsb) HIDClass (01/26/2010 1.12.7600.16385)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AVG" = AVG 2013
    "AVG SafeGuard toolbar" = AVG SafeGuard toolbar
    "B410 420 430 UserGuide" = B410 420 430 UserGuide
    "BaiduBrowser" = 百度浏览器
    "BE846670A37757CAE6EC31E7083177405783FCD9" = Windows Driver Package - Hewlett-Packard (HidUsb) HIDClass (01/26/2010 1.12.7600.16385)
    "Belarc Advisor" = Belarc Advisor 7.2
    "CAL" = Canon Camera Access Library
    "CameraUserGuide-PSA1200" = Canon PowerShot A1200 Camera User Guide
    "CameraWindowDC8" = Canon Utilities CameraWindow DC 8
    "CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "CCleaner" = CCleaner
    "CDRWIN" = CDRWIN
    "CloneCD" = CloneCD
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CoreAAC" = CoreAAC
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.3
    "Dia" = Dia (remove only)
    "Digital Editions" = Adobe Digital Editions
    "doPDF 7 printer_is1" = doPDF 7.3 printer
    "EvilLyrics" = EvilLyrics
    "FLAC" = FLAC 1.2.1b (remove only)
    "Free CD Ripper_is1" = Free CD Ripper 3.1
    "Free FLV to MP4 Converter_is1" = Free FLV to MP4 Converter
    "Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.20.1031
    "Free Sound Recorder_is1" = Free Sound Recorder 2010 v9.2.1
    "Free Studio_is1" = Free Studio version 5.3.3
    "Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png~F15BC2F8_is1" = Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png Converter 5.1
    "GoldWave v5.14" = GoldWave v5.14
    "GOM Picker" = GOM PICKER
    "GOM Player" = GOM Player
    "GOM Video Converter" = GOM Video Converter
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "ie8" = Windows Internet Explorer 8
    "in_cdg" = CD+G Disc Player Plug-In for Winamp
    "InterActual Player" = InterActual Player
    "IrfanView" = IrfanView (remove only)
    "IsoBuster_is1" = IsoBuster 2.4
    "Karaoke Builder Studio 3.x" = Karaoke Builder Studio 3.x
    "Karaoke-DX" = Karaoke for DirectX (remove only)
    "KLiteCodecPack_is1" = K-Lite Codec Pack 2.72 Full
    "LAME for Audacity_is1" = LAME v3.98.3 for Audacity
    "Linksys Wireless Manager" = Linksys Wireless Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Monkey's Audio_is1" = Monkey's Audio
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
    "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MyCamera" = Canon Utilities MyCamera
    "PCFriendly" = PCFriendly
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picasa2" = Picasa 2
    "QQMusic" = QQ音乐8.5
    "QuickWordtoPDF" = QuickWordtoPDF
    "Rapport_msi" = Rapport
    "Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
    "Sogou Input" = 搜狗拼音输入法 6.5正式版
    "uTorrent" = Torrent
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WIC" = Windows Imaging Component
    "Winamp" = Winamp (remove only)
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "YouTube to MP3 Converter" = YouTube to MP3 Converter
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "迅雷游戏盒子" = 迅雷游戏盒子

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 4/13/2013 3:56:49 PM | Computer Name = TEST-0EDA6CF69E | Source = Application Hang | ID = 1002
    Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/13/2013 3:59:17 PM | Computer Name = TEST-0EDA6CF69E | Source = Application Hang | ID = 1002
    Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/13/2013 3:59:26 PM | Computer Name = TEST-0EDA6CF69E | Source = Application Hang | ID = 1002
    Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/13/2013 10:55:52 PM | Computer Name = TEST-0EDA6CF69E | Source = Application Hang | ID = 1002
    Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/13/2013 10:55:54 PM | Computer Name = TEST-0EDA6CF69E | Source = Application Hang | ID = 1002
    Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/14/2013 7:21:08 AM | Computer Name = TEST-0EDA6CF69E | Source = Application Hang | ID = 1002
    Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/14/2013 7:28:21 AM | Computer Name = TEST-0EDA6CF69E | Source = Application Hang | ID = 1002
    Description = Hanging application NitroPDF.exe, version 5.5.1.3, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 4/14/2013 7:28:29 AM | Computer Name = TEST-0EDA6CF69E | Source = Application Hang | ID = 1002
    Description = Hanging application NitroPDF.exe, version 5.5.1.3, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 4/14/2013 7:39:52 AM | Computer Name = TEST-0EDA6CF69E | Source = Application Hang | ID = 1002
    Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/14/2013 7:40:14 AM | Computer Name = TEST-0EDA6CF69E | Source = Application Hang | ID = 1002
    Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 4/14/2013 8:41:52 AM | Computer Name = TEST-0EDA6CF69E | Source = SideBySide | ID = 16842811
    Description = Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error
    message: The referenced assembly is not installed on your system. .

    Error - 4/14/2013 8:41:52 AM | Computer Name = TEST-0EDA6CF69E | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\plugins\QMSafeboxPlugin.dll.
    Reference
    error message: The operation completed successfully. .

    Error - 4/14/2013 8:42:06 AM | Computer Name = TEST-0EDA6CF69E | Source = SideBySide | ID = 16842784
    Description = Dependent Assembly Microsoft.VC80.MFC could not be found and Last
    Error was The referenced assembly is not installed on your system.

    Error - 4/14/2013 8:42:06 AM | Computer Name = TEST-0EDA6CF69E | Source = SideBySide | ID = 16842811
    Description = Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error
    message: The referenced assembly is not installed on your system. .

    Error - 4/14/2013 8:42:06 AM | Computer Name = TEST-0EDA6CF69E | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe.
    Reference
    error message: The operation completed successfully. .

    Error - 4/14/2013 8:42:38 AM | Computer Name = TEST-0EDA6CF69E | Source = Service Control Manager | ID = 7000
    Description = The vToolbarUpdater14.2.0 service failed to start due to the following
    error: %%2

    Error - 4/14/2013 8:42:40 AM | Computer Name = TEST-0EDA6CF69E | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    i8042prt

    Error - 4/14/2013 8:42:50 AM | Computer Name = TEST-0EDA6CF69E | Source = SideBySide | ID = 16842784
    Description = Dependent Assembly Microsoft.VC80.MFC could not be found and Last
    Error was The referenced assembly is not installed on your system.

    Error - 4/14/2013 8:42:50 AM | Computer Name = TEST-0EDA6CF69E | Source = SideBySide | ID = 16842811
    Description = Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error
    message: The referenced assembly is not installed on your system. .

    Error - 4/14/2013 8:42:50 AM | Computer Name = TEST-0EDA6CF69E | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe.
    Reference
    error message: The operation completed successfully. .


    < End of report >


    ===== End of all logs for OTL =====
    Newbie

  14. #29
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    20,794
    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
      DRV - File not found [File_System | Boot | Running] -- Reg Error: Invalid data type. -- (TSysCare)
      DRV - File not found [Kernel | System | Running] -- C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSSysKit.sys -- (TSSysKit)
      DRV - File not found [Kernel | System | Running] -- C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys -- (TSKSP)
      DRV - File not found [File_System | On_Demand | Running] -- Reg Error: Invalid data type. -- (TFsFlt)
      DRV - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCHW.sys -- (TcHardWare)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
      DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
      DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
      DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
      DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
      DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMIN\LOCALS~1\Temp\catchme.sys -- (catchme)
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes\{5963563E-FF37-4CD7-AEDA-F37A0290387F}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2998365&CUI=UN24496117639987170&UM=2
      IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_adr&ch=33
      FF - user.js - File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdsetup: C:\WINDOWS\Downloaded Program Files\61669843\npxbdsetup.dll File not found
      FF - HKLM\Software\MozillaPlugins\@kingsfot.com/npkws: C:\program files\kingsoft\kingsoft antivirus\npkws.dll File not found
      FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll File not found
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
      O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
      O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
      O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\ADMIN\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
      O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\ADMIN\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
      O15 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..Trusted Domains: localhost ([]http in Local intranet)
      O15 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..Trusted Ranges: GD ([http] in Local intranet)
      O16 - DPF: HighSpeedDownloadIE http://st1.dbank.com/netdisk/plugin/...BankPlugin.CAB (Reg Error: Key error.)
      O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
      O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.



    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.


    Last scans...

    Download Security Check from here or here and save it to your Desktop.

    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:

      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender

    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.



    Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.



    Please run a free online scan with the ESET Online Scanner


    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.

  15. #30
    Join Date
    Sep 2001
    Location
    Toronto, Ontario, Canada
    Posts
    202
    Hi Broni,

    Here is the OTL - RunFix log.
    ----------------------------------
    All processes killed
    ========== OTL ==========
    Service vToolbarUpdater14.2.0 stopped successfully!
    Service vToolbarUpdater14.2.0 deleted successfully!
    File C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe not found.
    Service WDICA stopped successfully!
    Service WDICA deleted successfully!
    Service TSysCare stopped successfully!
    Service TSysCare deleted successfully!
    File Reg Error: Invalid data type. not found.
    Error: No service named TSSysKit was found to stop!
    Service\Driver key TSSysKit not found.
    File C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSSysKit.sys not found.
    Service TSKSP stopped successfully!
    Service TSKSP deleted successfully!
    File C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys not found.
    Error: Unable to stop service TFsFlt!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TFsFlt deleted successfully.
    File Reg Error: Invalid data type. not found.
    Service TcHardWare stopped successfully!
    Service TcHardWare deleted successfully!
    File C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCHW.sys not found.
    Service PDRFRAME stopped successfully!
    Service PDRFRAME deleted successfully!
    Service PDRELI stopped successfully!
    Service PDRELI deleted successfully!
    Service PDFRAME stopped successfully!
    Service PDFRAME deleted successfully!
    Service PDCOMP stopped successfully!
    Service PDCOMP deleted successfully!
    Service PCIDump stopped successfully!
    Service PCIDump deleted successfully!
    Service lbrtfdc stopped successfully!
    Service lbrtfdc deleted successfully!
    Service i2omgmt stopped successfully!
    Service i2omgmt deleted successfully!
    Service ElbyVCD stopped successfully!
    Service ElbyVCD deleted successfully!
    File system32\DRIVERS\ElbyVCD.sys not found.
    Service Changer stopped successfully!
    Service Changer deleted successfully!
    Service catchme stopped successfully!
    Service catchme deleted successfully!
    File C:\DOCUME~1\ADMIN\LOCALS~1\Temp\catchme.sys not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1202660629-1935655697-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{5963563E-FF37-4CD7-AEDA-F37A0290387F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5963563E-FF37-4CD7-AEDA-F37A0290387F}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1202660629-1935655697-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@baidu.com/npxbdsetup\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@kingsfot.com/npkws\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/QzoneMusic\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
    Starting removal of ActiveX control HighSpeedDownloadIE
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\HighSpeedDownloadIE\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\HighSpeedDownloadIE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\HighSpeedDownloadIE\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
    File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\x-sdch\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1759355-3EEC-4C1E-B0F1-B719FE26E377}\ deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: ADMIN
    ->Temp folder emptied: 124649141 bytes
    ->Temporary Internet Files folder emptied: 290220713 bytes
    ->Java cache emptied: 342630 bytes
    ->FireFox cache emptied: 72197715 bytes
    ->Google Chrome cache emptied: 382475810 bytes
    ->Flash cache emptied: 284087 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 49286 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2162283 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 20186199 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 5520732 bytes

    Total Files Cleaned = 857.00 mb


    [EMPTYJAVA]

    User: ADMIN
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: ADMIN
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 04142013_153014

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    === end ===
    Newbie

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •