Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:42, on 3/3/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
C:\Program Files\LG Software\On Screen Display\HotKey.exe
C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
C:\Program Files\lg_swupdate\GiljabiStart.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\sohutv_web\SysTrayIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\LG Software\LG Magnifier\Maglev.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\PPS.tv\PPStream\PPStream.exe
C:\Program Files\Tudou\·ÉËÙTudou\TudouVa.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\881903\IETOOLBAR\AudioUpdMgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\msfeedssync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.singtao.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:9415/tudouva.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0054C1CC-B5F3-4C5A-8591-4840D0AAFC03} - C:\Windows\System32\iasacct32.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: ShowHKToolbar Class - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files\881903\IETOOLBAR\hktbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: WebDetectorBHO - {43BEAFD9-E005-483D-A367-146BA6C8A32E} - C:\Program Files\Tudou\??Tudou\tudouDetector.dll (file missing)
O2 - BHO: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ????? - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LG Magnifier] %ProgramFiles%\LG Software\LG Magnifier\MagnifyingGlass.exe
O4 - HKLM\..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display\HotKey.exe
O4 - HKLM\..\Run: [BatteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ËѺüµçÊÓ»úÍøÒ³°æ] C:\Program Files\sohutv_web\SysTrayIcon.exe "C:\Program Files\sohutv_web" "35789a9be2ce37ebb49f58b025ae5790" "1.0.0.10" ""
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RTHDBPL] C:\Users\User\AppData\Local\Temp\256C.tmp
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = D:\LimeWire\LimeWire.exe
O4 - Startup: PPS.lnk = D:\PPS.tv\PPStream\PPStream.exe
O4 - Startup: Æô¶¯·ÉËÙÍÁ¶¹.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZJxdm378YYHK
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: ?????? - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: ?? Windows Live Writer ??????(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ???? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1-3.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldzh-hk.cab
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://dl.pplive.com/PluginSetup.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\d3d8thk32.dll,avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour ?? (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google ???? (gupdate1ca35756935acc3) (gupdate1ca35756935acc3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 14630 bytes

Hello

Download OTL.exe by OldTimer to your Desktop.

• Copy the commands below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :commands
  [purity]
  [emptytemp]
  [emptyflash]
  
  
  
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Then, press quick scan. A log will launch eventually, please post that in your next reply.
  
• Close OTL.exe

Hi,

this is the fix log.

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Public

User: User
->Temp folder emptied: 523961943 bytes
->Temporary Internet Files folder emptied: 3011110730 bytes
->Java cache emptied: 53829235 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 34930310 bytes
->Flash cache emptied: 15802926 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1980649 bytes
RecycleBin emptied: 18176480 bytes

Total Files Cleaned = 3,490.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.1.32.0 log created on 03032010_212619

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\VGX2CAA.tmp moved successfully.
File\Folder C:\Users\User\AppData\Local\Temp\~DF416.tmp not found!
File\Folder C:\Users\User\AppData\Local\Temp\~DF43C.tmp not found!
File\Folder C:\Users\User\AppData\Local\Temp\~DF62F8.tmp not found!
File\Folder C:\Users\User\AppData\Local\Temp\~DF6302.tmp not found!
File\Folder C:\Users\User\AppData\Local\Temp\~DF6C2.tmp not found!
File\Folder C:\Users\User\AppData\Local\Temp\~DF6D0.tmp not found!
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\User\AppData\Roaming\Trusteer\Rapport\user\logs\koan.4472.log moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\User\AppData\Roaming\Trusteer\Rapport\user\logs\koan.7664.log moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3I8EYSU\index[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3I8EYSU\read-before-posting-your-log-t504[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3I8EYSU\signin[2].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3I8EYSU\video[2].flv moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\631USD8X\cm[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\631USD8X\cm[2].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\631USD8X\SUBlimesFansubs[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1S6W9G80\blank[4].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1S6W9G80\help-avg-virus-identified-packed-t1826[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1S6W9G80\msg[2].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1S6W9G80\video[4].flv moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\fla651A.tmp not found!
File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\fla8D53.tmp not found!

Registry entries deleted on Reboot...

there are two logs launched after quick scan.

1. Extras.txt

OTL Extras logfile created on: 3/3/2010 21:41:20 - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\User\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 29.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.47 Gb Total Space | 26.44 Gb Free Space | 33.70% Space Free | Partition Type: NTFS
Drive D: | 69.58 Gb Total Space | 27.74 Gb Free Space | 39.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS???? -- File not found
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ????? -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F5EBA9B-3E0D-4CDE-950E-B25EEFD523C3}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{470957BF-22F1-44EF-B515-C99E9758959C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{48DDAD36-71FA-47E8-A171-D771733F68AA}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{7FB0BD4E-3C1A-4397-B451-E2D613DDB394}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{991EF0CC-1BC0-4429-AC33-4A929B0A8D8A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B7C18919-366C-49F0-9A20-F8D95E1DF076}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{EAF4708F-6D43-430C-8B9F-1DB7EA866125}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012E6377-9E67-4BBB-9469-AA9E920CA3EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{02DA9C10-B49B-4E4A-AE79-C4EDA5C4CFFD}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{0941722C-63A4-495A-B8BB-0C7C7664214C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{0C4BADE6-D05E-4AA4-98B4-3FF83DAAC960}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{13A70F6F-C4E0-40A6-97C0-F3356EB7C7F4}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{1443BB9C-5AEC-4EE5-837B-909ECF27E447}" = protocol=6 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |
"{14C03044-8B24-4DB9-8576-5E2393B9B3A7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{20F8BE27-DD57-4AF7-A9BF-C1780CB766D3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{25CB99DD-AC64-436B-935E-FB5513A8C3E7}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
"{26D50484-A75D-4EFE-A58F-BD5526058D22}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
"{26DD9636-E242-4BB8-B38D-33E4CB294741}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
"{29580C60-68A6-498A-9CD4-241B47BFEF8A}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
"{2C28B4AC-6D4E-4400-A4A7-D433C37AF76E}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{2E6B1663-442A-4A22-91F6-D217B59B0E80}" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
"{3583B0EE-B4AB-4C0F-AA71-94C26ECE7C4B}" = protocol=17 | dir=in | app=d:\limewire\limewire.exe |
"{39E5B25E-B02D-487D-AFF9-5F8477B88EC9}" = protocol=17 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |
"{3A8A1CC9-83F9-4A1D-8FE2-89EEB5499861}" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe |
"{44D8F099-B4DD-419B-9EC4-F16CB4108BE5}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
"{4AD4C628-0840-4355-8CA7-DF2F4ABC0451}" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
"{4FD41B94-65D2-4E66-A783-08732F5FE9F7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{65341876-73DB-4517-9EA4-55AF86E47D29}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{690E7AF6-0132-425B-BB54-D12180ED9971}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{81BC33A4-4E35-4B0A-9439-6B16EF817CF0}" = protocol=6 | dir=in | app=d:\limewire\limewire.exe |
"{87F2E450-DD20-4345-BB58-F9567EAFE1F8}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
"{890C6DA7-F7D4-48C4-BA21-B2DFF3BA4D2A}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
"{98F3E9FD-14F9-4A95-8C6B-B8D85C96EB93}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
"{A45E6404-1A04-48A8-BCD6-8E8423DE4574}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{AA7ADCC9-ABCD-49A2-BAE2-3A861B763439}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{AC32E76E-C796-4129-9C61-A8ABDE4D69A8}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
"{B04BBDD0-8369-42F8-8546-519C72EA8640}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B298507A-C0B7-43A0-8BFD-7599C630B8BB}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
"{B2FB5552-F23B-43F2-B55F-9E11726270C2}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
"{C009F583-A0F6-446E-8722-26A18AA6E766}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C1732CD4-B2C9-4326-BF1B-4B952EEA92EA}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
"{C2B4446F-8069-408A-B084-8877F6F16060}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{D3E32795-1F6E-42EE-9CFD-4FFFABAA382F}" = protocol=17 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe |
"{D57FED96-9FBC-4F33-AA36-7EF59EADCAF8}" = protocol=6 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe |
"{E8791E1D-20E7-40ED-BEF9-35C59D5CDCDD}" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe |
"{EAF72B19-415C-43A9-9115-4B9C672B1718}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{EB569A92-312C-4A24-959D-FCC3B6170EDF}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{F13E1867-0765-4A2A-B8DD-545C7C01B477}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F4E8F598-8152-46E8-BE26-20E9EE148D5E}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{FD3D070E-9064-41C1-89C8-4A5793E5EF9F}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"TCP Query User{12169408-BEC4-41EA-A466-E7FD76B16837}C:\program files\sohutv_web\systrayicon.exe" = protocol=6 | dir=in | app=c:\program files\sohutv_web\systrayicon.exe |
"TCP Query User{165A3640-579D-4885-B40B-44F1AE51508F}D:\neo imaging\neoimaging.exe" = protocol=6 | dir=in | app=d:\neo imaging\neoimaging.exe |
"TCP Query User{18A75E18-DAED-4B60-A3C4-C5D20E5D0FC9}D:\easymule\emule.exe" = protocol=6 | dir=in | app=d:\easymule\emule.exe |
"TCP Query User{21AA45C5-C873-4741-B9EF-ECE503A3A684}C:\program files\ppliveva\ppliveva.exe" = protocol=6 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |
"TCP Query User{2BB54CA4-B644-41E6-A6A6-5D968010DDD5}C:\program files\qvodplayer\qvodterminal.exe" = protocol=6 | dir=in | app=c:\program files\qvodplayer\qvodterminal.exe |
"TCP Query User{369C498A-6BE3-47F0-AA3E-839F2DD06981}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"TCP Query User{3F99E0E1-E8E1-4678-831A-4EF6B25DF3A0}C:\program files\tudou\滄厒tudou\tudouva.exe" = protocol=6 | dir=in | app=c:\program files\tudou\滄厒tudou\tudouva.exe |
"TCP Query User{599DE656-8C0D-4DB2-BA36-824B62342BE9}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"TCP Query User{5E1CF4F9-B7A0-4FBE-92B0-231BB50C4CA5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6383E23C-EEDA-4867-8C6D-4D6CA02566AB}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"TCP Query User{6CDC71E8-0E8D-438E-8998-0C7176F2FF88}C:\program files\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |
"TCP Query User{6DF8BF37-071F-4D75-A1ED-EF5AC361A039}C:\program files\qvodplayer\qvodterminal.exe" = protocol=6 | dir=in | app=c:\program files\qvodplayer\qvodterminal.exe |
"TCP Query User{76398F86-32BD-4AF8-81AA-963FFE289CC8}C:\program files\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |
"TCP Query User{8FD7FB52-A651-43E6-91BB-AF2C8B9A2930}C:\program files\tudou\滄厒tudou\tudouva.exe" = protocol=6 | dir=in | app=c:\program files\tudou\滄厒tudou\tudouva.exe |
"TCP Query User{B516CA9A-614C-4E0D-B557-82FB98E9FD4B}C:\program files\foxy\foxy.exe" = protocol=6 | dir=in | app=c:\program files\foxy\foxy.exe |
"TCP Query User{BA5547F5-9302-47CE-B440-41461E057ADD}D:\easymule\emule.exe" = protocol=6 | dir=in | app=d:\easymule\emule.exe |
"TCP Query User{BE35052E-2CDE-4B53-A708-A02613B508A2}C:\program files\tudou\·éëùtudou\tudouva.exe" = protocol=6 | dir=in | app=c:\program files\tudou\·éëùtudou\tudouva.exe |
"TCP Query User{C3B11A6B-A14A-4A8F-BEB7-187F26EDF8D0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C70058B0-4123-4614-BB58-32BC539851D4}C:\program files\putv\pu¸ßçå.exe" = protocol=6 | dir=in | app=c:\program files\putv\pu¸ssçå.exe |
"TCP Query User{E7FDFA09-9A08-4AD6-919D-A50DA1AE290B}C:\program files\foxy\foxy.exe" = protocol=6 | dir=in | app=c:\program files\foxy\foxy.exe |
"TCP Query User{F35546B8-B600-47F3-B875-A0404EE7CBB8}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"TCP Query User{F721F1FE-1792-4B06-AF3E-61BAC9E95101}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe |
"TCP Query User{F999DFCA-7FB6-4579-8304-D02661D9C2F4}C:\program files\putv\tvcode\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\putv\tvcode\sopcast\adv\sopadver.exe |
"TCP Query User{FC06E822-9332-4C19-82CA-F42DB0D3571C}C:\program files\881903\ietoolbar\audioupdmgr.exe" = protocol=6 | dir=in | app=c:\program files\881903\ietoolbar\audioupdmgr.exe |
"TCP Query User{FD36E1FB-1D3F-4A04-B64E-24802700FC5B}C:\program files\putv\tvcode\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files\putv\tvcode\pplive\pplive.exe |
"UDP Query User{03CAAF37-5A4C-4928-9131-27949F878300}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"UDP Query User{088AD978-1302-4DD7-BE5D-AF843D2D5A0C}C:\program files\tudou\滄厒tudou\tudouva.exe" = protocol=17 | dir=in | app=c:\program files\tudou\滄厒tudou\tudouva.exe |
"UDP Query User{096A4D08-9EE7-424C-AD19-957D189998C7}C:\program files\foxy\foxy.exe" = protocol=17 | dir=in | app=c:\program files\foxy\foxy.exe |
"UDP Query User{0C0BEA64-A3DA-4C74-891B-C7A44D8A4DD8}C:\program files\qvodplayer\qvodterminal.exe" = protocol=17 | dir=in | app=c:\program files\qvodplayer\qvodterminal.exe |
"UDP Query User{15D5B1B1-5612-448E-A64B-3581188A3DAF}C:\program files\putv\tvcode\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\putv\tvcode\sopcast\adv\sopadver.exe |
"UDP Query User{179C6DD2-D5DE-4F41-909E-19F9E5CC74B9}C:\program files\foxy\foxy.exe" = protocol=17 | dir=in | app=c:\program files\foxy\foxy.exe |
"UDP Query User{311E22BE-68F4-407A-A1C6-F2A49D589403}C:\program files\881903\ietoolbar\audioupdmgr.exe" = protocol=17 | dir=in | app=c:\program files\881903\ietoolbar\audioupdmgr.exe |
"UDP Query User{3218148D-50F8-4380-9CE8-63FE92DFCB33}D:\easymule\emule.exe" = protocol=17 | dir=in | app=d:\easymule\emule.exe |
"UDP Query User{353B324A-E979-4350-BC00-8C5A9EA705DF}D:\neo imaging\neoimaging.exe" = protocol=17 | dir=in | app=d:\neo imaging\neoimaging.exe |
"UDP Query User{4AA5D121-0FDA-4D6E-B7D3-DEE85D042099}C:\program files\putv\tvcode\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files\putv\tvcode\pplive\pplive.exe |
"UDP Query User{5044BA8E-AB95-4AB7-8B08-22E9A16BDF3C}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe |
"UDP Query User{51F81F0B-3323-43AA-9F73-8CDF5EE9161C}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"UDP Query User{577630A6-297F-4AFA-BE4E-715085359B22}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5E88B4DC-26BA-4BC5-BD68-18599066C0F7}C:\program files\qvodplayer\qvodterminal.exe" = protocol=17 | dir=in | app=c:\program files\qvodplayer\qvodterminal.exe |
"UDP Query User{7E496AAF-97DE-46A4-9D8F-26C6880BE3F3}C:\program files\ppliveva\ppliveva.exe" = protocol=17 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |
"UDP Query User{87756279-6A5C-43C8-9685-8508A2314886}D:\easymule\emule.exe" = protocol=17 | dir=in | app=d:\easymule\emule.exe |
"UDP Query User{98D84BE2-6730-4AF5-ABDF-1E4DDE3FDB86}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9B75468A-3664-4DA9-96B6-0E8AE47145B5}C:\program files\sohutv_web\systrayicon.exe" = protocol=17 | dir=in | app=c:\program files\sohutv_web\systrayicon.exe |
"UDP Query User{B4BF9645-7DC6-4780-9CC2-32AB23939CD0}C:\program files\tudou\·éëùtudou\tudouva.exe" = protocol=17 | dir=in | app=c:\program files\tudou\·éëùtudou\tudouva.exe |
"UDP Query User{B67BDA52-2B81-4843-BAA4-3A70310CE290}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"UDP Query User{C9B49412-D661-4C11-BA1B-76087D6C5728}C:\program files\putv\pu¸ßçå.exe" = protocol=17 | dir=in | app=c:\program files\putv\pu¸ssçå.exe |
"UDP Query User{CB11261B-B1D8-4216-8286-177330B99172}C:\program files\tudou\滄厒tudou\tudouva.exe" = protocol=17 | dir=in | app=c:\program files\tudou\滄厒tudou\tudouva.exe |
"UDP Query User{EA64C1DB-7063-47C9-B3EF-C87F9A600154}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{EB88B178-030E-4996-803E-F70CE2534CA5}C:\program files\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |
"UDP Query User{FE815D41-4963-40B1-B90A-F50E978C8246}C:\program files\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0935E0B5-6AC9-4E7A-B649-D8CA618EA220}" = Windows Live Movie Maker
"{0967A7D8-FD69-4FB3-BC98-D5B85F9A6F45}" = Windows Live Toolbar
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0AF65DC4-2099-9AEA-B9EB-890BC727B1F6}" = CCC Help Korean
"{0C319971-60EB-83CA-1131-E0F369C13201}" = Catalyst Control Center Localization Spanish
"{0D214311-6510-28FA-E298-937EE492C4E7}" = CCC Help Finnish
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10B612A9-29B9-E378-1826-48BCFD32AFBC}" = CCC Help Chinese Standard
"{13861E14-D07D-6551-858E-894BBA682733}" = Catalyst Control Center Localization Czech
"{1434D7D7-CAC8-A373-7F64-D8647A45D2E5}" = CCC Help Thai
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14CA3CB6-470F-FDEF-407F-67DD0589E654}" = Skins
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1998347E-5969-E40B-2B0A-DF52527A4998}" = CCC Help Greek
"{1A72E338-257E-6515-EA67-A0CE40599167}" = Catalyst Control Center Graphics Light
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{201FC939-BEC5-A6B2-052E-0BC52D508163}" = ccc-utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live 上載工具
"{226DED00-5B8B-4877-AEF6-C41E00B57E36}" = Windows Live Mail
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe Extendscript Toolkit 2
"{26474014-2B1E-80AE-3B73-0B3365DC3D34}" = Catalyst Control Center Localization Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{283B3226-C2F9-4840-8554-0C1FDFC412E6}" = LG Magnifier
"{289CCFAB-7968-2292-FAE9-DE2CE385E644}" = CCC Help German
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{31C16447-A7CB-E97C-589A-DF73274F2C72}" = Catalyst Control Center Graphics Full New
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3744295E-968C-D553-44A7-DD8DCDD7B750}" = Catalyst Control Center Localization Finnish
"{3878EB57-BAE9-BF5B-2249-143281ABA437}" = CCC Help English
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C903C30-1C37-B150-8EED-7E70F6963366}" = Catalyst Control Center Localization Portuguese
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D960387-76B3-4758-BAF7-D156B14A032F}" = Ulead PhotoImpact 8
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F97BBCC-8631-4F6B-87E4-E71697B227B5}" = SmarTone-Vodafone Wireless Smart Plug
"{4570B058-99F5-9E08-EF3A-E87DC7C0069B}" = CCC Help Danish
"{459DDD17-D825-4FBF-B437-693E7D44F5B3}" = Windows Live Writer
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CB9892E-05D1-6D21-3F97-5AFBE3930061}" = Catalyst Control Center Localization Dutch
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E4F8EE0-43EC-4AB9-9A04-702F2AE7E229}" = Windows Live 登入小幫手
"{50ADDF79-3249-4679-B527-3FB8C5EA99E5}" = Overture 4.0 繁體中文版
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55DDAAC0-0CAB-ED67-7AD7-C947B14179BD}" = Catalyst Control Center Localization Norwegian
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5F5A0F8D-0BA9-EBC9-1807-309B1DE7BCB1}" = CCC Help Italian
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64601AD1-1799-4979-8F20-F2669E7B1179}" = On Screen Display
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D54A580-80AE-0C7D-CFB0-980213A41903}" = Catalyst Control Center Graphics Full Existing
"{6FBD3F2E-CBD8-D7F7-E7C3-70E17D2EAF9C}" = Catalyst Control Center Localization Greek
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70F3FC7B-F27D-E62B-A08B-8CE6455BBBE3}" = CCC Help Japanese
"{729F365C-3840-6F18-19A4-15E976CD3ED5}" = Catalyst Control Center Graphics Previews Vista
"{7632099D-90C0-0574-664F-669E4EB4E540}" = Catalyst Control Center Localization Turkish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A527628-969A-F4EA-E448-08B28A5E98D6}" = Catalyst Control Center Localization Russian
"{7AD77BA6-F09A-3326-5019-199F5C55BC91}" = Catalyst Control Center Localization Chinese Standard
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{812A1534-B5A1-4005-AA8A-472CD162BFD0}" = Catalyst Control Center Localization Thai
"{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8485CA0D-56B1-83FB-1622-B5709EEF46D7}" = ccc-core-static
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A870F13-4655-C62F-FC5B-E249566F5373}" = Catalyst Control Center Localization Polish
"{8ACD987C-BC4D-9922-E162-CF78A11B2DAE}" = CCC Help Portuguese
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6D22EA-09B8-70C9-8316-97627E79C4BA}" = Catalyst Control Center Localization French
"{90110404-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91A4021C-76CB-F322-E4FA-91D066BCFAB1}" = CCC Help Norwegian
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9417DFCB-CD0F-DEF8-E318-D0E67064FD3C}" = Catalyst Control Center Localization Italian
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{9455E8B0-4D73-4A9D-BFA3-D2C213BFD28F}" = LG Smart Cam
"{9465CD4C-1CE3-47EB-896C-C17C02BEA48C}" = Windows Live Call
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0404-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E8535-95EA-C9C9-5C76-FA6A4B54B6BA}" = Catalyst Control Center Localization Korean
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F8328EB-B5E2-4FAF-AB93-967C93A468FA}" = ccc-Branding
"{A0173B28-71AE-F838-35AD-2AA722684BD6}" = Catalyst Control Center Core Implementation
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A42BD042-C159-262B-9DBC-817DAF34A6C9}" = CCC Help Turkish
"{A65BE8D0-B78C-4479-8E9F-5D9544254532}" = CCC Help Swedish
"{A65E4626-F022-DA33-76D2-DF6F47C3A073}" = CCC Help French
"{A910FDED-5D3E-076C-883F-7A942CC406CC}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1028-7B44-A91000000001}" = Adobe Reader 9.1.3 - Chinese Traditional
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE156750-B9B5-4063-84F7-22FF638AF350}" = Windows Live Messenger
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B084D4C5-C489-2019-0D91-E7D891B4759E}" = CCC Help Chinese Traditional
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B36392A5-5459-B54F-E05F-6232FA5F9544}" = CCC Help Russian
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B61C35EC-F9CA-1D39-2D9C-83EC43626587}" = Catalyst Control Center Localization Swedish
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda 5.5.0
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CB7FB648-BE77-1935-0A51-15F2F0C98054}" = Catalyst Control Center Localization Hungarian
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D05C84EC-3A0F-4EA2-8404-2179259FFDAB}" = Windows Live 影像中心
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype(TM) 4.1
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D374BC38-7435-366D-88BE-8CD08F38FDBA}" = CCC Help Czech
"{D3C3EBFD-FCBF-234F-866C-65F03C806850}" = CCC Help Polish
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DABD50F7-0001-0002-0003-ABCDEFABCDEF}" = LG Smart Indicator
"{DB535C36-4DC8-4353-F806-5D7ADFEDDAD3}" = Catalyst Control Center Localization Chinese Traditional
"{DBD0363A-D383-7D6C-FA8F-C6C57956B749}" = Catalyst Control Center Localization German
"{DE789653-D04E-47C7-8717-9EC340922B34}" = Windows Live Sync
"{DE7ED7D4-B603-4678-8CFD-09BD55C2A736}" = Windows Live 程式集
"{E27857B2-EA92-23AC-B5BE-BDC1697674A7}" = CCC Help Hungarian
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E55C8F84-160B-41FA-9D41-6210801C0C24}" = BatteryMiser 5
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F01DE6AA-745E-B05C-CB0A-CA305F9F7512}" = Catalyst Control Center Localization Danish
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F711C0D9-271C-500A-5F26-7E528D63ABB1}" = CCC Help Spanish
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe Extendscript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"·ÉËÙÍÁ¶¹" = ·ÉËÙÍÁ¶¹ 1.30
"Ace DivX Player_is1" = Ace DivX Player v2.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe Extendscript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG9Uninstall" = AVG Free 9.0
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"DPP" = Canon Utilities Digital Photo Professional 3.7
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.2
"Glary Utilities_is1" = Glary Utilities 2.19.0.800
"Google Chrome" = Google 瀏覽器
"HijackThis" = HijackThis 2.0.2
"Hong Kong Toolbar_is1" = Hong Kong Toolbar 3.3.9.0
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LGFanModeTile" = LG Fan Mode Tile for Windows Mobility Center
"LGTouchPadTile" = LG TouchPad Tile for Windows Mobility Center
"LimeWire" = LimeWire 5.4.6
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"MyWebSearch bar Uninstall" = My Web Search (Zwinky)
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PPStream" = PPStream V2.6.86.9003 Final
"Rapport_msi" = Rapport
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SohuPlayer" = ËѺüµçÊÓ»úÍøÒ³°æ 1.0.0.10
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Uninstall 5_is1" = Total Uninstall 5.4.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live 程式集
"WinRAR archiver" = WinRAR archiver
"WinVDIG_is1" = WinVDIG 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"光影魔術手_is1" = 光影魔術手 3.01

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/2/2010 7:04:29 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = ??????? iexplore.exe,?? 8.0.6001.18882,???? 0x4b3ed243,????? swg.dll_unloaded,??
0.0.0.0,???? 0x4abd66f5,????? 0xc0000005,???? 0x0644a3db, ??????? 0x3dc,????????
0x01caafc0f3f8d8d0?

Error - 17/2/2010 7:16:13 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = ??????? iexplore.exe,?? 8.0.6001.18882,???? 0x4b3ed243,????? Flash10d.ocx,??
10.0.42.34,???? 0x4ae7baed,????? 0xc0000005,???? 0x000bd3a7, ??????? 0x15d0,????????
0x01caafc189c812e0?

Error - 17/2/2010 8:48:20 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = ??????? iexplore.exe,?? 8.0.6001.18882,???? 0x4b3ed243,????? Vodnet.dll_unloaded,??
0.0.0.0,???? 0x4b73b1b5,????? 0xc0000005,???? 0x0d26f942, ??????? 0x1298,????????
0x01caafc0968eb160?

Error - 17/2/2010 10:58:58 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = ??????? iexplore.exe,?? 8.0.6001.18882,???? 0x4b3ed243,????? IEFRAME.dll,??
8.0.6001.18882,???? 0x4b3ee8a2,????? 0xc0000005,???? 0x000b7b55, ??????? 0x79c,????????
0x01caafcf80e8a5f0?

Error - 17/2/2010 10:59:23 | Computer Name = User-PC | Source = EventSystem | ID = 4621
Description =

Error - 17/2/2010 11:01:59 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = ??????? Explorer.EXE,?? 6.0.6002.18005,???? 0x49e01da5,????? d3d8thk32.dll,??
0.0.0.0,???? 0x4b71412a,????? 0xc0000005,???? 0x0000e7df, ??????? 0xc58,????????
0x01caafe2224ec787?

Error - 17/2/2010 11:03:00 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = ??????? Explorer.EXE,?? 6.0.6002.18005,???? 0x49e01da5,????? d3d8thk32.dll,??
0.0.0.0,???? 0x4b71412a,????? 0xc0000005,???? 0x00002012, ??????? 0xc38,????????
0x01caafe249c51307?

Error - 17/2/2010 11:18:01 | Computer Name = User-PC | Source = EventSystem | ID = 4621
Description =

Error - 17/2/2010 16:58:22 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = ??????? iexplore.exe,?? 8.0.6001.18882,???? 0x4b3ed243,????? IEFRAME.dll,??
8.0.6001.18882,???? 0x4b3ee8a2,????? 0xc0000005,???? 0x00125c93, ??????? 0xd5c,????????
0x01cab004f9be0d9f?

Error - 17/2/2010 18:06:25 | Computer Name = User-PC | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 3/3/2010 16:12:03 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/3/2010 16:21:26 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description =

Error - 3/3/2010 16:21:37 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description =

Error - 3/3/2010 16:24:20 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/3/2010 16:24:20 | Computer Name = User-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 3/3/2010 16:24:20 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/3/2010 17:32:19 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description =

Error - 3/3/2010 17:35:03 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/3/2010 17:35:03 | Computer Name = User-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 3/3/2010 17:35:03 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

2.OTL.txt

OTL logfile created on: 3/3/2010 21:41:20 - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\User\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 29.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.47 Gb Total Space | 26.44 Gb Free Space | 33.70% Space Free | Partition Type: NTFS
Drive D: | 69.58 Gb Total Space | 27.74 Gb Free Space | 39.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/03 21:25:33 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2010/02/27 02:55:33 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/02/24 03:25:50 | 002,669,960 | ---- | M] (PPStream Inc.) -- D:\PPS.tv\PPStream\PPStream.exe
PRC - [2010/02/22 14:39:02 | 001,295,592 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/02/22 14:39:02 | 000,779,496 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/02/14 12:23:32 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/14 12:23:31 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/14 12:23:30 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/14 12:23:23 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/14 12:23:08 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/14 12:23:06 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/19 02:40:44 | 000,811,008 | ---- | M] (Hong Kong Commercial Broadcasting Co. Ltd.) -- C:\Program Files\881903\IETOOLBAR\AudioUpdMgr.exe
PRC - [2009/10/28 03:31:14 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/10/12 18:19:46 | 001,323,008 | ---- | M] (土豆网) -- C:\Program Files\Tudou\·ÉËÙTudou\TudouVa.exe
PRC - [2009/09/27 14:24:32 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/05 17:03:16 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2009/09/02 07:27:36 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/09/02 07:27:36 | 000,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/05/19 03:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 06:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/06 10:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/02/06 09:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/11/14 01:46:24 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2008/08/06 10:33:46 | 000,459,600 | ---- | M] (Sohu.com Inc.) -- C:\Program Files\sohutv_web\SysTrayIcon.exe
PRC - [2008/06/18 03:53:24 | 000,227,840 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2008/01/11 11:54:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/08/10 02:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/27 18:54:44 | 000,238,896 | ---- | M] (BIT LEADER) -- C:\Program Files\lg_swupdate\GiljabiStart.exe
PRC - [2007/07/24 18:24:56 | 002,868,528 | ---- | M] (LG Electronics) -- C:\Program Files\LG Software\On Screen Display\HotKey.exe
PRC - [2007/06/21 23:45:26 | 000,341,296 | ---- | M] (LG Electronics Inc.) -- C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
PRC - [2007/04/06 17:49:02 | 000,112,184 | ---- | M] (LG Electronics Inc.) -- C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
PRC - [2007/04/06 17:48:20 | 000,185,912 | ---- | M] (LG Electronics Inc.) -- C:\Program Files\LG Software\LG Magnifier\Maglev.exe
PRC - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/03/03 21:25:33 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
MOD - [2010/02/22 14:39:14 | 000,496,872 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/02/14 12:24:38 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 06:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/22 14:39:02 | 000,779,496 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/02/14 12:23:06 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/01 11:41:40 | 000,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/05 17:03:16 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2009/06/12 14:43:33 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/19 03:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/14 01:46:24 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/20 08:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.singtao.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CC C1 54 00 F3 B5 5A 4C 85 91 48 40 D0 AA FC 03 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/02/27 02:57:28 | 000,000,000 | ---D | M]

[2010/01/19 21:02:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010/01/19 21:02:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/02/11 12:41:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/11 12:41:13 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0054C1CC-B5F3-4C5A-8591-4840D0AAFC03} - C:\Windows\System32\iasacct32.dll ()
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (ShowHKToolbar Class) - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WebDetectorBHO Class) - {43BEAFD9-E005-483D-A367-146BA6C8A32E} - C:\Program Files\Tudou\·ÉËÙTudou\tudouDetector.dll (土豆网)
O2 - BHO: (Hong Kong Toolbar) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Hong Kong Toolbar) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Hong Kong Toolbar) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BatteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe (LG Electronics Inc.)
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [ËѺüµçÊÓ»úÍøÒ³°æ] C:\Program Files\sohutv_web\SysTrayIcon.exe (Sohu.com Inc.)
O4 - HKLM..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display\HotKey.exe (LG Electronics)
O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\giljabistart.exe (BIT LEADER)
O4 - HKLM..\Run: [LG Magnifier] C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe (LG Electronics Inc.)
O4 - HKLM..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RTHDBPL] C:\Users\User\AppData\Local\Temp\256C.tmp File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = D:\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk = D:\PPS.tv\PPStream\PPStream.exe (PPStream Inc.)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Æô¶¯·ÉËÙÍÁ¶¹.lnk = C:\Program Files\Tudou\·ÉËÙTudou\TudouVa.exe (土豆网)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 使用光影編輯和美化 - D:\nEO iMAGING\NeoOpenNeo.htm ()
O9 - Extra Button: 發佈至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : 使用 Windows Live Writer 發佈至部落格(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1-3.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldzh-hk.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (PPLive Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.200.241.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\d3d8thk32.dll) - C:\Windows\System32\d3d8thk32.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows 相片圖庫底色圖案.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows 相片圖庫底色圖案.jpg
O28 - HKLM ShellExecuteHooks: {26F5978F-6493-4ee3-B114-C0C3ACCF9D4D} - C:\Windows\System32\bmpsap.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/03/09 00:23:48 | 000,000,000 | ---D | M] - D:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2008/03/09 00:22:52 | 000,545,278 | ---- | M] () - D:\Autoruns.zip -- [ NTFS ]
O33 - MountPoints2\{f264a621-a786-11de-91e9-000df04a3ec2}\Shell\AutoRun\command - "" = E:\WirelessSmartPlug.exe -- File not found
O33 - MountPoints2\{f264a621-a786-11de-91e9-000df04a3ec2}\Shell\install\command - "" = E:\WirelessSmartPlug.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/03 21:26:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/03 20:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/28 14:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\PPLive
[2010/02/27 02:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/02/27 02:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/02/27 02:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/02/27 02:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/02/27 02:55:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Real
[2010/02/25 16:26:42 | 000,390,528 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportBuka.sys
[2010/02/25 16:16:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Trusteer
[2010/02/25 16:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2010/02/25 16:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2010/02/24 20:50:29 | 000,000,000 | ---D | C] -- C:\Users\User\Office Genuine Advantage
[2010/02/23 13:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Tudou
[2010/02/21 20:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\sohutv_web
[2010/02/21 10:39:41 | 000,000,000 | -H-D | C] -- C:\VJVod_Cache
[2010/02/20 22:51:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PPLive
[2010/02/20 22:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\putv
[4 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]
[4 C:\Users\User\AppData\Roaming\*.tmp files -> C:\Users\User\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/03 21:47:03 | 004,194,304 | -HS- | M] () -- C:\Users\User\ntuser.dat
[2010/03/03 21:45:35 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5CE941B7-52DA-49BB-8352-D92BF4B40759}.job
[2010/03/03 21:36:06 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Æô¶¯·ÉËÙÍÁ¶¹.lnk
[2010/03/03 21:34:21 | 000,000,540 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/03 21:34:21 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/03/03 21:34:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/03 21:34:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/03 21:34:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/03 21:33:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/03 21:32:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/03 21:32:23 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{c2d4d986-1b98-11df-b1f7-000df04a3ec2}.TMContainer00000000000000000001.regtrans-ms
[2010/03/03 21:32:23 | 000,065,536 | -HS- | M] () -- C:\Users\User\ntuser.dat{c2d4d986-1b98-11df-b1f7-000df04a3ec2}.TM.blf
[2010/03/03 21:19:00 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/03 20:49:23 | 000,001,884 | ---- | M] () -- C:\Users\User\Desktop\HijackThis.lnk
[2010/03/03 20:21:31 | 004,091,281 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2010/03/03 20:21:03 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010/03/03 20:10:29 | 244,435,680 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/03 20:09:21 | 000,002,522 | -HS- | M] () -- C:\Users\User\AppData\Roaming\0200000036ac54e8784P.manifest
[2010/03/03 20:09:21 | 000,000,344 | -HS- | M] () -- C:\Users\User\AppData\Roaming\0200000036ac54e8784C.manifest
[2010/03/03 19:21:20 | 056,595,798 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/03 14:10:33 | 000,000,056 | ---- | M] () -- C:\Users\User\AppData\Roaming\320aa87e
[2010/03/03 12:59:15 | 000,000,786 | -HS- | M] () -- C:\Users\User\AppData\Roaming\0200000036ac54e8784O.manifest
[2010/03/03 12:59:04 | 000,000,011 | -HS- | M] () -- C:\Users\User\AppData\Roaming\0200000036ac54e8784S.manifest
[2010/02/27 15:54:13 | 001,118,072 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/27 15:54:13 | 000,600,188 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/27 15:54:13 | 000,341,338 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2010/02/27 15:54:13 | 000,105,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/27 15:54:13 | 000,105,580 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2010/02/27 15:49:17 | 000,031,744 | ---- | M] () -- C:\Users\User\Documents\economic_presentation_01032010.doc
[2010/02/27 03:52:37 | 000,000,091 | ---- | M] () -- C:\Windows\psnetwork.ini
[2010/02/27 03:38:58 | 000,000,659 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk
[2010/02/27 03:38:57 | 000,000,643 | ---- | M] () -- C:\Users\Public\Desktop\PPStream.lnk
[2010/02/27 02:57:29 | 000,001,751 | ---- | M] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010/02/27 02:57:29 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/02/26 21:41:06 | 000,000,162 | -H-- | M] () -- C:\Users\User\Documents\~$onomic_presentation_01032010.doc
[2010/02/25 17:55:05 | 000,098,280 | ---- | M] () -- C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/25 17:25:55 | 002,467,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/25 16:26:42 | 000,390,528 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportBuka.sys
[2010/02/23 13:36:33 | 000,001,792 | ---- | M] () -- C:\Users\User\Desktop\·ÉËÙÍÁ¶¹.lnk
[2010/02/18 14:57:07 | 000,001,042 | ---- | M] () -- C:\Users\User\Desktop\DVDVideoSoft Free Studio.lnk
[4 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]
[4 C:\Users\User\AppData\Roaming\*.tmp files -> C:\Users\User\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/03 20:49:23 | 000,001,884 | ---- | C] () -- C:\Users\User\Desktop\HijackThis.lnk
[2010/03/03 20:21:01 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/02/27 03:52:37 | 000,000,091 | ---- | C] () -- C:\Windows\psnetwork.ini
[2010/02/27 03:38:58 | 000,000,659 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk
[2010/02/27 03:38:57 | 000,000,643 | ---- | C] () -- C:\Users\Public\Desktop\PPStream.lnk
[2010/02/27 02:57:29 | 000,001,751 | ---- | C] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010/02/27 02:57:29 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/02/26 21:41:06 | 000,031,744 | ---- | C] () -- C:\Users\User\Documents\economic_presentation_01032010.doc
[2010/02/26 21:41:06 | 000,000,162 | -H-- | C] () -- C:\Users\User\Documents\~$onomic_presentation_01032010.doc
[2010/02/23 13:36:33 | 000,001,792 | ---- | C] () -- C:\Users\User\Desktop\·ÉËÙÍÁ¶¹.lnk
[2010/02/23 13:36:33 | 000,000,950 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Æô¶¯·ÉËÙÍÁ¶¹.lnk
[2010/02/11 23:23:28 | 000,000,056 | ---- | C] () -- C:\Users\User\AppData\Roaming\320aa87e
[2010/02/11 12:56:56 | 000,200,704 | ---- | C] () -- C:\Windows\System32\iasacct32.dll
[2010/02/11 12:56:34 | 000,200,704 | ---- | C] () -- C:\Windows\System32\eventcls32.dll
[2010/02/11 12:53:39 | 000,200,704 | ---- | C] () -- C:\Windows\System32\fdeploy32.dll
[2010/02/11 12:41:11 | 000,200,704 | ---- | C] () -- C:\Windows\System32\d3dxof32.dll
[2010/02/11 12:41:10 | 000,002,522 | -HS- | C] () -- C:\Users\User\AppData\Roaming\0200000036ac54e8784P.manifest
[2010/02/11 12:41:10 | 000,000,786 | -HS- | C] () -- C:\Users\User\AppData\Roaming\0200000036ac54e8784O.manifest
[2010/02/11 12:41:10 | 000,000,344 | -HS- | C] () -- C:\Users\User\AppData\Roaming\0200000036ac54e8784C.manifest
[2010/02/11 12:41:10 | 000,000,011 | -HS- | C] () -- C:\Users\User\AppData\Roaming\0200000036ac54e8784S.manifest
[2010/02/11 12:41:09 | 000,128,000 | ---- | C] () -- C:\Windows\System32\d3d8thk32.dll
[2010/01/27 23:45:42 | 000,000,472 | ---- | C] () -- C:\Users\User\AppData\Roaming\Poladroid prefs.plist
[2009/11/24 01:57:59 | 000,278,528 | ---- | C] () -- C:\Windows\System32\Unhtml.dll
[2009/10/21 10:08:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/14 19:57:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/27 01:16:40 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2009/04/16 15:22:10 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/04/16 15:22:10 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2008/08/08 12:37:39 | 000,274,432 | ---- | C] () -- C:\Windows\System32\WinDll.dll
[2008/06/18 03:52:12 | 000,000,478 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2008/06/04 10:30:44 | 000,405,589 | ---- | C] () -- C:\Windows\System32\BsUI.dll
[2008/06/04 10:30:22 | 000,278,647 | ---- | C] () -- C:\Windows\System32\outlookAddin.dll
[2008/06/04 10:30:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HtmPrintHelper.dll
[2008/06/04 10:29:48 | 000,622,693 | ---- | C] () -- C:\Windows\System32\BSShell.dll
[2008/06/04 10:27:44 | 000,098,403 | ---- | C] () -- C:\Windows\System32\Bs2Res.dll
[2008/06/04 10:27:10 | 000,118,880 | ---- | C] () -- C:\Windows\System32\BsMobileSDK.dll
[2008/06/04 10:27:02 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BsMobileCSps.dll
[2008/05/07 08:31:42 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/03/07 05:54:22 | 017,907,824 | ---- | C] () -- C:\Windows\System32\BsLangInDepRes.dll
[2008/03/01 12:58:23 | 000,019,618 | ---- | C] () -- C:\Users\User\AppData\Local\internal.grp
[2008/02/01 12:51:47 | 000,004,437 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2008/02/01 12:37:58 | 000,035,328 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/20 10:01:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/25 09:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/08/27 19:44:27 | 000,001,816 | ---- | C] () -- C:\Windows\lg_up.ini
[2007/08/27 19:43:30 | 000,000,931 | ---- | C] () -- C:\Windows\lgcenter.ini
[2007/08/27 15:44:35 | 000,114,688 | ---- | C] () -- C:\Windows\System32\bmpsap.dll
[2007/08/27 15:44:34 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\lgsnd_filter.sys
[2007/08/27 15:33:44 | 000,025,743 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007/08/27 15:21:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/08/27 15:15:25 | 000,000,219 | ---- | C] () -- C:\Windows\lgps.ini
[2007/03/19 02:59:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\BsVistaCommon.dll
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/03/06 12:17:30 | 000,004,881 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/12/23 11:17:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\881903
[2010/01/02 12:42:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canon
[2009/07/17 12:01:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.ExMan
[2008/01/24 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxy
[2008/01/24 12:43:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Geniesoft
[2010/02/12 23:58:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GlarySoft
[2010/02/12 15:14:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LimeWire
[2008/12/21 03:11:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MP3Rocket
[2010/03/03 20:30:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PPLive
[2009/11/27 12:17:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PPLiveVA
[2010/03/03 21:42:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PPStream
[2009/04/16 15:21:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2009/09/22 15:12:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SmarTone-Vodafone
[2010/03/03 13:02:38 | 000,000,000 | -HSD | M] -- C:\Users\User\AppData\Roaming\SystemProc
[2010/02/25 16:16:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Trusteer
[2010/02/13 19:23:44 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/03/03 21:34:21 | 000,000,260 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/03/03 21:32:40 | 000,032,734 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/03/03 21:45:35 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5CE941B7-52DA-49BB-8352-D92BF4B40759}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/02/27 14:01:56 | 000,001,599 | ---- | M] ()(C:\Users\Public\Desktop\?????.lnk) -- C:\Users\Public\Desktop\瀏覽器選擇.lnk
[2010/02/27 14:01:56 | 000,001,599 | ---- | C] ()(C:\Users\Public\Desktop\?????.lnk) -- C:\Users\Public\Desktop\瀏覽器選擇.lnk
[2010/02/18 13:49:55 | 000,000,000 | ---D | M](C:\Users\User\Documents\???????) -- C:\Users\User\Documents\我已接收的檔案
[2010/02/11 23:20:33 | 000,001,981 | ---- | M] ()(C:\Users\Public\Desktop\Google ???.lnk) -- C:\Users\Public\Desktop\Google 瀏覽器.lnk
[2010/01/28 00:36:32 | 000,000,491 | ---- | M] ()(C:\Users\User\Desktop\?????.lnk) -- C:\Users\User\Desktop\光影魔術手.lnk
[2010/01/28 00:36:32 | 000,000,491 | ---- | C] ()(C:\Users\User\Desktop\?????.lnk) -- C:\Users\User\Desktop\光影魔術手.lnk
[2010/01/28 00:36:32 | 000,000,488 | ---- | M] ()(C:\Users\User\Desktop\????.lnk) -- C:\Users\User\Desktop\光影精靈.lnk
[2010/01/28 00:36:32 | 000,000,488 | ---- | C] ()(C:\Users\User\Desktop\????.lnk) -- C:\Users\User\Desktop\光影精靈.lnk
[2010/01/27 23:35:20 | 000,000,000 | ---D | M](C:\Users\User\Documents\?????) -- C:\Users\User\Documents\光影魔術手
[2010/01/27 23:35:20 | 000,000,000 | ---D | C](C:\Users\User\Documents\?????) -- C:\Users\User\Documents\光影魔術手
[2010/01/02 15:54:19 | 000,000,431 | ---- | C] ()(C:\Users\User\Desktop\??.lnk) -- C:\Users\User\Desktop\圖片.lnk
[2010/01/02 15:54:16 | 000,000,431 | ---- | M] ()(C:\Users\User\Desktop\??.lnk) -- C:\Users\User\Desktop\圖片.lnk
[2009/09/14 19:57:04 | 000,001,981 | ---- | C] ()(C:\Users\Public\Desktop\Google ???.lnk) -- C:\Users\Public\Desktop\Google 瀏覽器.lnk
[2009/09/01 11:58:00 | 000,004,597 | ---- | M] ()(C:\Users\User\Documents\??????????.htm) -- C:\Users\User\Documents\中央器官捐贈登記名冊.htm
[2009/09/01 11:58:00 | 000,004,597 | ---- | C] ()(C:\Users\User\Documents\??????????.htm) -- C:\Users\User\Documents\中央器官捐贈登記名冊.htm
[2009/06/12 17:17:33 | 000,001,105 | ---- | M] ()(C:\Users\User\Documents\queena_wyy@hotmail.com ???????.lnk) -- C:\Users\User\Documents\queena_wyy@hotmail.com 共用資料夾封存.lnk
[2009/06/12 17:17:33 | 000,001,105 | ---- | C] ()(C:\Users\User\Documents\queena_wyy@hotmail.com ???????.lnk) -- C:\Users\User\Documents\queena_wyy@hotmail.com 共用資料夾封存.lnk
[2009/03/27 12:39:12 | 000,000,768 | ---- | M] ()(C:\Users\User\Documents\???????.lnk) -- C:\Users\User\Documents\我的共用資料夾.lnk
[2009/02/09 06:45:24 | 000,000,000 | ---D | M](C:\Users\User\Documents\??) -- C:\Users\User\Documents\琴譜
[2009/02/09 06:35:36 | 000,000,000 | ---D | C](C:\Users\User\Documents\??) -- C:\Users\User\Documents\琴譜
[2008/10/13 16:05:03 | 000,001,856 | ---- | C] ()(C:\Users\User\Desktop\????????.lnk) -- C:\Users\User\Desktop\訊連科技威力導演.lnk
[2008/10/13 16:05:02 | 000,001,856 | ---- | M] ()(C:\Users\User\Desktop\????????.lnk) -- C:\Users\User\Desktop\訊連科技威力導演.lnk
[2008/10/08 15:31:02 | 000,001,213 | ---- | M] ()(C:\Users\User\Desktop\FreeYouTubeToiPodConverter - ??.lnk) -- C:\Users\User\Desktop\FreeYouTubeToiPodConverter - 捷徑.lnk
[2008/10/08 15:31:02 | 000,001,213 | ---- | C] ()(C:\Users\User\Desktop\FreeYouTubeToiPodConverter - ??.lnk) -- C:\Users\User\Desktop\FreeYouTubeToiPodConverter - 捷徑.lnk
[2008/09/10 13:38:22 | 000,000,000 | ---D | M](C:\Users\User\Desktop\Adobe 9 Reader ????) -- C:\Users\User\Desktop\Adobe 9 Reader 安裝程式
[2008/09/10 13:37:23 | 000,000,000 | ---D | C](C:\Users\User\Desktop\Adobe 9 Reader ????) -- C:\Users\User\Desktop\Adobe 9 Reader 安裝程式
[2008/01/27 10:58:54 | 000,002,437 | ---- | M] ()(C:\Users\User\Desktop\Overture 4.0 ?????.lnk) -- C:\Users\User\Desktop\Overture 4.0 繁體中文版.lnk
[2008/01/24 12:37:51 | 000,002,437 | ---- | C] ()(C:\Users\User\Desktop\Overture 4.0 ?????.lnk) -- C:\Users\User\Desktop\Overture 4.0 繁體中文版.lnk
[2008/01/24 12:37:48 | 000,000,000 | ---D | M](C:\Program Files\Overture 4.0 ?????) -- C:\Program Files\Overture 4.0 繁體中文版
[2008/01/24 12:37:48 | 000,000,000 | ---D | M](C:\Program Files\Overture 4.0 ?????) -- C:\Program Files\Overture 4.0 繁體中文版
[2008/01/23 12:45:52 | 000,000,768 | ---- | C] ()(C:\Users\User\Documents\???????.lnk) -- C:\Users\User\Documents\我的共用資料夾.lnk
[2008/01/22 16:55:43 | 000,000,000 | ---D | C](C:\Users\User\Documents\???????) -- C:\Users\User\Documents\我已接收的檔案
(C:\Program Files\Overture 4.0 ?????) -- C:\Program Files\Overture 4.0 繁體中文版
< End of report >

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  :otl
  O2 - BHO: (no name) - {0054C1CC-B5F3-4C5A-8591-4840D0AAFC03} - C:\Windows\System32\iasacct32.dll ()
  O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
  O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
  O20 - AppInit_DLLs: (C:\Windows\System32\d3d8thk32.dll) - C:\Windows\System32\d3d8thk32.dll ()
  
  
  
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

============

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

===

Make sure the OTL fix log, and the MBAM log are posted in your next reply.

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTL by OldTimer - Version 3.1.32.0 log created on 03032010_234339

Sorry. Try that again. I edited the script. It should work now.

here is the log

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0054C1CC-B5F3-4C5A-8591-4840D0AAFC03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0054C1CC-B5F3-4C5A-8591-4840D0AAFC03}\ deleted successfully.
C:\Windows\System32\iasacct32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Windows\System32\d3d8thk32.dll deleted successfully.
C:\Windows\System32\d3d8thk32.dll moved successfully.

OTL by OldTimer - Version 3.1.32.0 log created on 03042010_125254

And now the Malwarebytes log please.

it's still scanning, i will post it up when it's done..

Malwarebytes' Anti-Malware 1.44
Database version: 3823
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

4/3/2010 16:26:57
mbam-log-2010-03-04 (16-26-57).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 350303
Time elapsed: 3 hour(s), 23 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 140
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 14
Files Infected: 80

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\1FF6.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\28E5.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\AB60.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\eventcls32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\d3dxof32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\fdeploy32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03042010_125254\C_Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03042010_125254\C_Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03042010_125254\C_Windows\System32\d3d8thk32.dll (Trojan.Tracur) -> Delete on reboot.
C:\_OTL\MovedFiles\03042010_125254\C_Windows\System32\iasacct32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Download SuperAntiSpyware

• Load SuperAntiSpyware and click the Check for updates button.
  
• Once the update is finished click the Scan your computer button.
  
• Check Perform Complete Scan and then next.
  
• SuperAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
  
• Make sure that they all have a check next to them and press next.
  
• Click finish and you will be taken back to the main interface.
  
• Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  
• Copy and paste the log onto the forum.
  

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/04/2010 at 09:27 PM

Application Version : 4.34.1000

Core Rules Database Version : 4638
Trace Rules Database Version: 2450

Scan type : Complete Scan
Total Scan Time : 01:31:11

Memory items scanned : 738
Memory threats detected : 0
Registry items scanned : 7412
Registry threats detected : 0
File items scanned : 36016
File threats detected : 176

Adware.Tracking Cookie
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@serving-sys[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@adviva[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@questionmarket[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@atdmt[6].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@cdn5.specificclick[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@mmstat[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@bs.serving-sys[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@doubleclick[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@specificclick[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@atdmt[8].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@content.yieldmanager[8].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@content.yieldmanager[6].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@content.yieldmanager[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@content.yieldmanager[7].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@content.yieldmanager[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@content.yieldmanager[4].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@zbox.zanox[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@content.yieldmanager[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@content.yieldmanager[5].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@cdn5.specificclick[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@youngpornmovies[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@questionmarket[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@casalemedia[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@specificclick[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@specificclick[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@specificclick[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@questionmarket[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@www.googleadservices[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@www.pornhub[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@casalemedia[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@specificclick[4].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@associatedcontent.112.2o7[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@tracking.summitmedia.co[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@tracking.summitmedia.co[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@tribalfusion[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ad.yieldmanager[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ad.yieldmanager[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@avgtechnologies.112.2o7[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@avgtechnologies.112.2o7[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@avgtechnologies.112.2o7[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@adserver.adtechus[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@adserver.adtechus[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@adserver.adtechus[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ads.bootcampmedia[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@serving-sys[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@serving-sys[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@serving-sys[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@tribalfusion[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ad.yieldmanager[5].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ad.yieldmanager[4].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ad.yieldmanager[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@tacoda[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@dmtracker[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@revsci[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@tribalfusion[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@tacoda[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@pornhub[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@statse.webtrendslive[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@overture[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@serving-sys[5].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@www.sublimemedia[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@statse.webtrendslive[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@www.sublimemedia[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@www.mediafire[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@www.clash-media[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@msnaccountservices.112.2o7[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@www.mediafire[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@landoftraffic[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@adx.dcfever[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@mediafire[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@imrworldwide[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@mediafire[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@tracker.roitesting[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@d.mediaforceads[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@advertising[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@advertising[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@imrworldwide[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@mediaplex[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@mediaplex[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@doubleclick[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@doubleclick[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@rts.pgmediaserve[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ads.gmodules[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@rts.pgmediaserve[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@chitika[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@adecn[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@affiliate.a4dtracker[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@atdmt[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ads.ad4game[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ads.ad4game[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@azjmp[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@adbrite[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@www.youngpornmovies[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@lstat.youku[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@lstat.youku[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@media6degrees[4].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@media6degrees[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@www.worldlingomedia[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ads.caspianpublishing.co[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@atdmt[5].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@atdmt[4].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@m1.webstats.motigo[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@statcounter[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@zedo[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ads.associatedcontent[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@m1.webstats.motigo[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@adtech[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ad.zanox[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@stat.youku[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@apmebf[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@www.tracking202.co[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@www.teensu[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ad.zanox[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@stat.youku[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@audience2media[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@apmebf[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@fastclick[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@fastclick[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@fastclick[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@at.atwola[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ads.audience2media[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@adviva[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@www.partypoker[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ads.audience2media[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@adviva[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@www.partypoker[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@bs.serving-sys[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@at.atwola[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@bs.serving-sys[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@lfstmedia[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@microsoftmachinetranslation.112.2o7[4].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@microsoftmachinetranslation.112.2o7[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@microsoftmachinetranslation.112.2o7[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@microsoftmachinetranslation.112.2o7[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@adultadworld[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@invitemedia[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@account.live[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ads.shopstyle[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@adtech[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@atdmt[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@bluestreak[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@invitemedia[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@jsfp.coremetrics[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@media6degrees[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@overture[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@partypoker[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@partypoker[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@questionmarket[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@revsci[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@richmedia.yahoo[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@usatoday1.112.2o7[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@videoegg.adbureau[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@videoegg.adbureau[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@weownthetraffic[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@zedo[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@zbox.zanox[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@content.yieldmanager[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@ad.yieldmanager[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@serving-sys[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@msnportal.112.2o7[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@atdmt[4].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@atdmt[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@atdmt[7].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@atdmt[5].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@atdmt[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@ad.hkreporter[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@bs.serving-sys[3].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@bs.serving-sys[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@atdmt[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@doubleclick[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@doubleclick[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@overture[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@revsci[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@revsci[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@serving-sys[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@thinkmedia[1].txt

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.