Solved Infected with Sirefef.Y, Sirefef.B, and possibly others

========== Files/Folders - Created Within 30 Days ==========

[2012/06/27 00:46:36 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Public\Desktop\OTL.exe
[2012/06/27 00:44:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/27 00:35:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/27 00:34:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Public\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/27 00:09:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/27 00:09:32 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\temp
[2012/06/26 23:57:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/26 23:57:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/26 23:57:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/26 23:48:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/26 23:48:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/26 23:45:20 | 004,569,121 | R--- | C] (Swearware) -- C:\Users\Public\Desktop\ComboFix.exe
[2012/06/26 23:14:15 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{A9D2D1DC-AA7D-4D1C-A28A-75792CE4E267}
[2012/06/26 23:14:03 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{BE19CFCA-4465-444F-A35A-8D64C90CB3FC}
[2012/06/26 17:04:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Public\Desktop\dds.scr
[2012/06/26 16:33:09 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Roaming\Malwarebytes
[2012/06/26 16:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/26 11:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/06/26 10:43:46 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{C4D6F55E-F4F7-40E3-BC7B-92B6D5FCB52F}
[2012/06/26 10:43:35 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{28D69BF8-0A52-4325-AD90-C236A965E0A2}
[2012/06/26 03:05:34 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/25 23:07:45 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{2BEA565A-45AD-4AAD-AC8E-F17D3C8C286B}
[2012/06/25 11:07:18 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{1E15E48E-6792-40E6-8213-D497D20B8166}
[2012/06/25 11:07:07 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{7514C88C-9B34-48B8-A1F2-E517B7CC3AE6}
[2012/06/24 23:06:41 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{5757C6B8-3532-4AB4-97DD-E0828B0910EF}
[2012/06/24 11:06:15 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{B4162938-D7DF-4596-BDF9-8BF13B3C9A9F}
[2012/06/24 11:06:04 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{FAF37296-9157-4E2A-812A-5F203B6E84E8}
[2012/06/23 23:05:34 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{A1B6E7D3-6235-4846-A12B-1F43D498803C}
[2012/06/23 11:04:59 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{01207C5C-7344-49BB-8641-79C30D24BC99}
[2012/06/23 11:04:47 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{3B223EED-CE3B-4852-AF82-08FA27CFF327}
[2012/06/22 22:57:50 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{B2E3F918-315E-4879-BC5B-739FA63D36B8}
[2012/06/22 10:57:25 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{68499900-6038-4AC3-9E85-0446FDB7EE38}
[2012/06/22 10:57:14 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{EA367037-E514-4447-ADBF-A0E07D4DB999}
[2012/06/21 23:11:16 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/21 10:56:55 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{29774224-5E2B-4D4D-9A41-EDEF23CCF170}
[2012/06/21 10:56:44 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{3FA1AE99-A833-464F-87B8-FFC15D7568CF}
[2012/06/20 21:51:04 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{23A57A80-5F8E-4833-A5F5-2157E17D2C83}
[2012/06/20 09:50:36 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{5EB02097-10B2-4812-8BD9-691FAFEE19F2}
[2012/06/20 09:50:25 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{7D90CC2A-A404-485C-8156-6C397A11AE15}
[2012/06/19 12:27:33 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{AE615E9E-0114-40C5-9929-FD164B860985}
[2012/06/19 12:27:11 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{A27E2966-D641-4DC7-ACCD-6A38FC9723CC}
[2012/06/19 00:26:39 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{232E81B1-21A9-43CC-8529-C63571FEDC60}
[2012/06/18 12:26:11 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{55AFAAFC-2AA1-4152-AB9F-EC521B2D56D0}
[2012/06/17 12:25:31 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{CF3AED8B-6387-42A0-8BE1-815D71287A12}
[2012/06/16 12:24:56 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{42A1F61A-8CB8-4B95-9C42-C383C7B37476}
[2012/06/15 12:24:21 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{52D08118-63E4-4814-A462-A12FBCC9131F}
[2012/06/14 12:23:42 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{5516CD33-F259-4B22-A169-C3E633FF857E}
[2012/06/14 12:23:31 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{438C34EC-B366-4A16-84B8-9737D8A05C62}
[2012/06/14 02:51:42 | 000,000,000 | ---D | C] -- E:\My Documents\セイバーフィッシュ
[2012/06/14 02:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\褐色少女 乳辱・恥辱に裂ける心
[2012/06/14 00:23:04 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{23B2A6F8-4D93-4588-A0D3-65A3C1F8B7E3}
[2012/06/13 12:22:38 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{844628A1-641C-412C-A5DF-7AF525FC34F2}
[2012/06/13 12:22:27 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{2B7167AF-3557-4B87-A619-F102272BB782}
[2012/06/13 00:22:02 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{3DEF93F7-704B-4416-9AAB-74B01D5CC678}
[2012/06/12 12:21:35 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{30FBF2DC-B1B7-4450-B674-D5AD624A06B8}
[2012/06/12 12:21:25 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{E2082479-13DD-4E6C-BE1C-421AEDADFA6B}
[2012/06/12 12:21:10 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\AVG Secure Search
[2012/06/11 16:07:48 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{CECF9AAC-D106-4B9B-9929-6CB80360516D}
[2012/06/11 16:07:37 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{5374AD78-5984-4CED-805E-7B13E61FEDDA}
[2012/06/11 00:50:53 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{5D03C2F8-7DB7-461B-9834-481E8C9D8488}
[2012/06/10 12:50:28 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{B87DB652-909A-4DE9-9108-78DB5B838644}
[2012/06/10 12:50:17 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{168BEEC7-A21F-4A3D-AFB0-0784926B88D9}
[2012/06/10 00:49:49 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{DB3D3B24-BC14-468B-AC7F-941D485B530B}
[2012/06/09 19:43:06 | 000,000,000 | ---D | C] -- E:\My Documents\My Games
[2012/06/09 19:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\イベントへいこう7
[2012/06/09 12:49:23 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{7B71C9C6-58A2-4E57-B4AA-AF6CDC80E63D}
[2012/06/09 12:49:13 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{7368AAF3-1551-4BF2-92AA-531EB6CC31E8}
[2012/06/09 00:48:46 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{E7AADB7E-ABDA-4573-94C5-57CE76FCFC03}
[2012/06/08 12:48:20 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{6AA53459-1755-4A73-B115-CD9261F2DF12}
[2012/06/08 12:48:10 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{55BDB168-3743-4C5A-95EB-5E8665C2A9F3}
[2012/06/08 00:47:45 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{680FA72D-05AE-4EF9-B917-CF5D157BAC55}
[2012/06/07 19:18:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Solution Manual - College Physics 7th Edition - Serway
[2012/06/07 12:46:55 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{E8BEEA8D-5E9E-4E66-A84B-86CF998118C6}
[2012/06/07 12:46:10 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{7B6E633A-EF44-48F0-9A50-675370EA5415}
[2012/06/06 23:05:12 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{34D6D826-E094-4972-92B4-66BED691C696}
[2012/06/06 11:04:47 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{82772CE8-4360-44B6-9964-A3A8B3991178}
[2012/06/06 11:04:36 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{B5B3E639-7B68-4844-9515-BCDD7115780E}
[2012/06/05 21:53:02 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{87954C51-914B-4547-AC01-E65D85789EB8}
[2012/06/05 21:52:51 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{0453B17B-ACAB-4D6A-BC42-CABFEF543FC2}
[2012/06/05 09:52:34 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{934D49A9-2E46-424C-9680-024E89F4825B}
[2012/06/05 09:52:22 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{D7567517-BDA0-42A8-9CCD-9C7ABDADDD8E}
[2012/06/04 18:51:33 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Roaming\YCanPDF
[2012/06/04 14:42:21 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{9D603707-857C-4308-93AA-03E8E88F59AA}
[2012/06/04 14:42:10 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{5043AE95-9B93-46F6-BE5D-C76EAD9CC988}
[2012/06/03 18:07:03 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{1462E041-DB56-4111-B19C-C998DE97FCB3}
[2012/06/03 18:06:52 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{449E7849-5DD4-4181-98EF-3AEAB890A09C}
[2012/06/01 22:17:08 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{B1A1FE1A-8EAF-4C51-9310-39741B2396EF}
[2012/06/01 10:16:42 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{7453935B-040A-465A-8E9D-E64A6E2C4520}
[2012/06/01 10:16:31 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{3E741CC7-1F2C-4809-93A0-ECF76870C0BE}
[2012/05/31 22:16:05 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{F5092756-8D9A-4AAC-8C86-693DA5ECF799}
[2012/05/31 10:15:40 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{CF2B90F6-A7DC-4517-BDBC-5E269DB07B2C}
[2012/05/31 10:15:29 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{BE66D834-ECC6-4D2A-AA38-ACAFD4C935C1}
[2012/05/30 22:15:04 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{F53DF2F8-0CB1-46E3-9051-261F5073351F}
[2012/05/30 10:14:37 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{83149F39-4E01-4C1E-93F7-A39A5A31264C}
[2012/05/30 10:14:26 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{6429AB73-FC24-4A93-AA1A-833920CCE398}
[2012/05/29 21:46:52 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{F69A0680-6348-4F57-9DEE-DEE39AF272AB}
[2012/05/29 09:46:25 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{5341A8D8-CBAA-4292-A7D6-727443EB7CAD}
[2012/05/29 09:46:14 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{8A871B0A-C699-4B05-9657-903CC7D72190}
[2012/05/28 21:32:58 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{70A55B94-ECA4-4810-A3AC-D55623494C9A}
[2012/05/28 09:32:31 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{BC5E6D51-4C7D-40D5-8712-1A086685E277}
[2012/05/28 09:32:20 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\{BA00A6D4-7308-4421-9C04-FC84D758A237}

========== Files - Modified Within 30 Days ==========

[2012/06/27 00:51:38 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 00:51:38 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 00:46:36 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\OTL.exe
[2012/06/27 00:45:04 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2012/06/27 00:44:49 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\FixCleaner Startup.job
[2012/06/27 00:44:46 | 000,000,540 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/27 00:43:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/27 00:34:58 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Public\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/27 00:17:00 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/27 00:14:00 | 000,000,560 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-351645184-3812066956-3475953073-1000UA.job
[2012/06/27 00:11:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/27 00:11:35 | 000,618,936 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/27 00:11:35 | 000,388,248 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2012/06/27 00:11:35 | 000,107,256 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2012/06/27 00:11:35 | 000,107,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/27 00:05:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/26 23:45:27 | 004,569,121 | R--- | M] (Swearware) -- C:\Users\Public\Desktop\ComboFix.exe
[2012/06/26 23:17:12 | 001,231,616 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/26 19:18:18 | 000,000,056 | ---- | M] () -- C:\Windows\kgt2k.INI
[2012/06/26 17:04:01 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Public\Desktop\dds.scr
[2012/06/26 11:30:05 | 001,242,390 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/25 15:14:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-351645184-3812066956-3475953073-1000Core.job
[2012/06/17 19:25:29 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/06/14 09:52:43 | 004,973,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/09 19:42:59 | 000,000,065 | ---- | M] () -- C:\Windows\.ini

========== Files Created - No Company Name ==========

[2012/06/26 23:57:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/26 23:57:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/26 23:57:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/26 23:57:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/26 23:57:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/26 16:37:22 | 000,302,592 | ---- | C] () -- C:\Users\Public\Desktop\gmer.exe
[2012/06/17 19:25:29 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/06/09 19:42:59 | 000,000,065 | ---- | C] () -- C:\Windows\.ini
[2012/05/21 22:27:37 | 000,000,125 | ---- | C] () -- C:\Windows\FlashDecompiler.INI
[2012/05/04 17:54:41 | 000,003,584 | ---- | C] () -- C:\Users\Jeffery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/18 20:21:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cid_store.dat
[2011/10/07 20:43:20 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2011/08/13 02:53:10 | 000,000,000 | ---- | C] () -- C:\Users\Jeffery\AppData\Local\{E901E54F-7911-4C1E-A94F-38020C689740}
[2011/08/10 23:26:07 | 000,129,518 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2011/07/24 01:47:42 | 000,019,652 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2011/07/24 01:47:10 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011/07/23 23:50:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/22 03:08:01 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011/07/22 03:07:58 | 000,394,752 | ---- | C] () -- C:\Windows\SysWow64\cygwinb19.dll
[2011/07/22 03:07:58 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll
[2011/07/22 03:07:55 | 001,202,763 | ---- | C] () -- C:\Windows\unins002.exe
[2011/07/22 03:07:55 | 000,012,634 | ---- | C] () -- C:\Windows\unins002.dat
[2011/07/22 03:06:50 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe
[2011/07/22 03:06:50 | 000,007,954 | ---- | C] () -- C:\Windows\unins001.dat
[2011/07/22 03:06:13 | 001,199,175 | ---- | C] () -- C:\Windows\unins000.exe
[2011/07/22 03:06:13 | 000,020,831 | ---- | C] () -- C:\Windows\unins000.dat
[2011/07/21 19:38:19 | 001,242,390 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/21 18:52:33 | 001,425,816 | ---- | C] () -- C:\Windows\SysWow64\OfficeTabFunction.dll
[2011/07/21 18:52:33 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ArmAccess.dll
[2011/07/03 22:48:42 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/06/20 07:10:44 | 003,164,160 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/06/17 09:26:10 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/17 09:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/05/05 01:59:10 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/05/05 01:43:40 | 000,081,920 | -H-- | C] () -- C:\Windows\SysWow64\v3shrtkgn.dll
[2011/04/11 19:09:18 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/01/04 17:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== LOP Check ==========

[2011/07/24 00:58:24 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Avant Downloader
[2012/02/03 18:03:00 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\BitComet
[2011/12/27 15:12:40 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\BITS
[2012/05/21 22:40:17 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\com.adobe.dmp.contentviewer
[2012/05/13 23:38:48 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\DAEMON Tools Lite
[2012/04/06 23:29:10 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Dropbox
[2011/07/21 22:19:51 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\ESET
[2012/05/19 11:00:38 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\FixCleaner
[2011/07/24 01:46:02 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\FlashGet
[2011/07/24 01:45:57 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\FlashGetBHO
[2012/05/27 14:54:15 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\IObit
[2011/07/21 19:52:36 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Maxthon3
[2012/05/03 01:51:46 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\MotioninJoy
[2011/05/05 14:39:41 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\R-TT
[2011/07/24 01:30:04 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Shark007
[2012/02/20 02:29:19 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\SlimBrowser
[2012/03/06 01:05:55 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\SmartDraw
[2012/06/23 00:13:14 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\TeraCopy
[2012/05/21 22:32:17 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\TuneUpMedia
[2011/05/05 01:43:28 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\URSoft
[2011/07/24 01:28:41 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Win7codecs
[2012/05/10 20:51:53 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Windows Live Writer
[2011/12/03 05:26:02 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\XnView
[2012/06/04 18:51:33 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\YCanPDF
[2012/05/25 10:59:16 | 000,000,304 | -H-- | M] () -- C:\Windows\Tasks\DefragExpress.job
[2012/06/27 00:44:49 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\FixCleaner Startup.job
[2012/05/13 10:52:30 | 000,032,688 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/27 00:45:04 | 000,000,476 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/06/27 00:09:31 | 000,025,701 | ---- | M] () -- C:\ComboFix.txt
[2012/06/27 00:43:37 | 4284,719,103 | -HS- | M] () -- C:\pagefile.sys
[2012/05/04 15:15:18 | 000,000,050 | ---- | M] () -- C:\rsqVistadir.ini
[2012/05/11 12:24:55 | 000,000,050 | ---- | M] () -- C:\user.js

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2011/07/30 17:35:47 | 000,000,568 | ---- | M] () -- C:\Program Files (x86)\RejoinCommandLine.txt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/05 03:46:39 | 000,000,221 | -HS- | M] () -- C:\Users\Jeffery\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/05/25 10:59:16 | 000,000,304 | -H-- | M] () -- C:\Windows\tasks\DefragExpress.job
[2012/06/27 00:44:49 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\FixCleaner Startup.job
[2012/06/27 00:44:46 | 000,000,540 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/27 00:17:00 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/25 15:14:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-351645184-3812066956-3475953073-1000Core.job
[2012/06/27 00:14:00 | 000,000,560 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-351645184-3812066956-3475953073-1000UA.job
[2012/06/27 00:43:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/05/13 10:52:30 | 000,032,688 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
[2012/06/27 00:45:04 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/07/21 14:59:33 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/07/21 14:59:33 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/07/21 14:59:33 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/05/05 00:32:58 | 000,000,402 | -HS- | M] () -- C:\Users\Jeffery\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"RebootRelaunchTimeoutEnabled" = 1
"RebootRelaunchTimeout" = 10

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >
 
========== Files - Unicode (All) ==========
[2011/07/24 01:03:52 | 000,000,800 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登??重組-WinASO RegDefrag.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄檔重組-WinASO RegDefrag.lnk
[2011/07/22 04:48:45 | 000,000,789 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁?重組-Defraggler.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟重組-Defraggler.lnk
[2011/07/22 04:43:32 | 000,000,789 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁?重組-Defraggler.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟重組-Defraggler.lnk
[2011/07/22 04:29:51 | 000,000,000 | ---D | C](E:\My Documents\燒?研究) -- E:\My Documents\燒錄研究
[2011/07/22 04:29:51 | 000,000,000 | ---D | C](E:\My Documents\我已接收的?案) -- E:\My Documents\我已接收的檔案
[2011/07/22 02:49:50 | 000,001,746 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁?清理-1-Click Cleaner.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟清理-1-Click Cleaner.lnk
[2011/07/22 02:48:12 | 000,001,746 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁?清理-1-Click Cleaner.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟清理-1-Click Cleaner.lnk
[2011/05/05 01:33:45 | 000,000,884 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\開?光?.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\開啟光碟.lnk
[2011/05/05 01:33:45 | 000,000,820 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁?重組-IObit SmartDefrag 2.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟重組-IObit SmartDefrag 2.lnk
[2011/05/05 01:33:45 | 000,000,715 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁?重組-Vopt 9.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟重組-Vopt 9.lnk
[2011/05/05 01:33:45 | 000,000,658 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統備?-WinRescue Vista.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統備份-WinRescue Vista.lnk
[2011/05/05 01:33:44 | 000,000,831 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登?清理-WinASO Registry Optimizer.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-WinASO Registry Optimizer.lnk
[2011/05/05 01:33:44 | 000,000,815 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁?重組-DefragExpress.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟重組-DefragExpress.lnk
[2011/05/05 01:33:44 | 000,000,765 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁?清理-CCEnhancer.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟清理-CCEnhancer.lnk
[2011/05/05 01:33:44 | 000,000,740 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登?清理-Registry Winner.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-Registry Winner.lnk
[2011/05/05 01:33:44 | 000,000,728 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登?清理-Reg Organizer.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-Reg Organizer.lnk
[2011/05/05 01:33:44 | 000,000,719 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁?清理-System Ninja.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟清理-System Ninja.lnk
[2011/05/05 01:33:44 | 000,000,682 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登?清理-RegVac Registry Cleaner.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-RegVac Registry Cleaner.lnk
[2011/05/05 01:33:44 | 000,000,681 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登?清理-RegCure.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-RegCure.lnk
[2011/05/05 01:33:44 | 000,000,670 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\?案管理-Total Commander.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\檔案管理-Total Commander.lnk
[2011/05/05 01:33:44 | 000,000,669 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁?清理-SuperCleaner.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟清理-SuperCleaner.lnk
[2011/05/05 00:38:31 | 000,000,637 | ---- | C] ()(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\?案管理-Total Commander 32.lnk) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\檔案管理-Total Commander 32.lnk
[2011/05/05 00:32:25 | 000,000,000 | -HSD | M](C:\ProgramData\?面) -- C:\ProgramData\桌面
[2011/05/05 00:32:25 | 000,000,000 | -HSD | M](C:\ProgramData\?面) -- C:\ProgramData\桌面
[2011/05/04 02:34:08 | 000,000,000 | ---D | M](E:\My Documents\燒?研究) -- E:\My Documents\燒錄研究
[2011/03/26 23:30:54 | 000,000,670 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\?案管理-Total Commander.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\檔案管理-Total Commander.lnk
[2011/03/25 22:58:03 | 000,000,715 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁?重組-Vopt 9.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟重組-Vopt 9.lnk
[2011/03/20 23:16:43 | 000,000,820 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁?重組-IObit SmartDefrag 2.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟重組-IObit SmartDefrag 2.lnk
[2011/03/12 23:28:13 | 000,000,681 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登?清理-RegCure.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-RegCure.lnk
[2011/03/12 02:02:54 | 000,000,728 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登?清理-Reg Organizer.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-Reg Organizer.lnk
[2011/03/11 02:17:37 | 000,000,740 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登?清理-Registry Winner.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-Registry Winner.lnk
[2011/03/02 17:24:38 | 000,000,800 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登??重組-WinASO RegDefrag.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄檔重組-WinASO RegDefrag.lnk
[2011/02/25 00:16:08 | 000,000,658 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統備?-WinRescue Vista.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統備份-WinRescue Vista.lnk
[2011/02/24 02:26:21 | 000,000,682 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登?清理-RegVac Registry Cleaner.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-RegVac Registry Cleaner.lnk
[2011/01/27 08:15:50 | 000,000,815 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁?重組-DefragExpress.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟重組-DefragExpress.lnk
[2010/11/21 23:56:14 | 000,000,719 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁?清理-System Ninja.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟清理-System Ninja.lnk
[2010/11/21 23:43:40 | 000,000,765 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁?清理-CCEnhancer.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟清理-CCEnhancer.lnk
[2010/05/24 01:27:28 | 000,000,669 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁?清理-SuperCleaner.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟清理-SuperCleaner.lnk
[2010/05/22 16:02:57 | 000,000,000 | ---D | M](E:\My Documents\我已接收的?案) -- E:\My Documents\我已接收的檔案
[2010/01/02 03:18:17 | 000,000,637 | ---- | M] ()(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\?案管理-Total Commander 32.lnk) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\檔案管理-Total Commander 32.lnk
[2010/01/01 04:39:07 | 000,000,831 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登?清理-WinASO Registry Optimizer.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-WinASO Registry Optimizer.lnk
[2009/12/14 03:27:49 | 000,000,884 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\開?光?.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\開啟光碟.lnk
(C:\ProgramData\?面) -- C:\ProgramData\桌面

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:58A5270D
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:DED17083
< End of report >
 
Extras.txt

OTL Extras logfile created on: 2012/6/27 AM 12:47:30 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Public\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000404 | Country: 台灣 | Language: CHT | Date Format: yyyy/M/d

7.99 Gb Total Physical Memory | 6.18 Gb Available Physical Memory | 77.34% Memory free
15.98 Gb Paging File | 14.12 Gb Available in Paging File | 88.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 49.91 Gb Total Space | 17.18 Gb Free Space | 34.43% Space Free | Partition Type: NTFS
Drive D: | 31.51 Gb Total Space | 8.20 Gb Free Space | 26.02% Space Free | Partition Type: NTFS
Drive E: | 170.01 Gb Total Space | 122.72 Gb Free Space | 72.19% Space Free | Partition Type: NTFS
Drive F: | 170.01 Gb Total Space | 75.11 Gb Free Space | 44.18% Space Free | Partition Type: NTFS
Drive G: | 170.01 Gb Total Space | 105.19 Gb Free Space | 61.88% Space Free | Partition Type: NTFS
Drive H: | 170.01 Gb Total Space | 165.20 Gb Free Space | 97.17% Space Free | Partition Type: NTFS
Drive I: | 169.97 Gb Total Space | 140.01 Gb Free Space | 82.37% Space Free | Partition Type: NTFS
Drive K: | 29.84 Gb Total Space | 29.63 Gb Free Space | 99.30% Space Free | Partition Type: FAT32
Drive L: | 250.47 Mb Total Space | 117.54 Mb Free Space | 46.93% Space Free | Partition Type: FAT

Computer Name: A5 | User Name: Jeffery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.ini[@ = emeditor.ini] -- D:\A-system\EmEditor\EMEDITOR.EXE (Emurasoft, Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = emeditor.txt] -- D:\A-system\EmEditor\EMEDITOR.EXE (Emurasoft, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.ini [@ = emeditor.ini] -- D:\A-system\EmEditor\EMEDITOR.EXE (Emurasoft, Inc.)
.txt [@ = emeditor.txt] -- D:\A-system\EmEditor\EMEDITOR.EXE (Emurasoft, Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\A-design\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\A-design\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD32C09C-497F-44D4-B8F1-983134D8CA01}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC874E98-75B9-464E-9AFA-55456147AB97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{5A47352C-E457-4890-A886-46EA34529C5F}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{E368803D-B1F0-4A99-AAE4-72D1716C57D7}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{14EC807A-F88E-4FCF-8013-CB909F930E88}_is1" = PDF-Tools 4
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
"{421E2E8D-F119-431D-A1F4-5F78989BEC75}" = PDF-XChange Pro 4.0
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5B7DC723-EDFA-4ABA-B01E-C8602669A7E5}" = EmEditor Professional (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86, x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A73F8703-496F-41F7-AAC4-72D455459FEB}" = Windows 7 Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C0D93E4E-0866-43C8-A104-BF41A803EA84}" = ESET Smart Security
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.0.0 (64-bit)
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Recuva" = Recuva
"TeraCopy_is1" = TeraCopy 2.2
"WinRAR archiver" = WinRAR 4.01 (64-bit)
"x64 Components_is1" = x64 Components v2.9.4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.3.3462
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3DE1D32B-29A9-4e53-A0C2-9522F199E094}_is1" = 驅動人生2010
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F2268B0-B60D-4678-BF33-E1CD21FCCF82}" = FixCleaner
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4EAB69C5-7763-4BB8-9D06-733292AA6E0C}" = Bing Bar
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{548CC5A0-F2E2-11DD-6172-0DC7E1C11916}" = Vopt 9
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5EA61701-F43C-4758-92AB-0B69A2262027}" = SlimDrivers
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1" = System Ninja version 2.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Fran蓷is, Deutsch
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE469D65-1DEB-4058-BF95-C642D733668D}_is1" = Office Tab 7.00
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E7B0A44B-AA6F-4052-9171-E5E674BD475E}}_is1" = MagicCute Data Recovery 2012.1
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1ClickDownload" = 1ClickDownloader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AutoHotkey" = AutoHotkey 1.0.48.05
"AvantBrowser" = Avant Browser (remove only)
"AVG Secure Search" = AVG Security Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DAEMON Tools Lite" = DAEMON Tools Lite
"DefragExpress" = Disktrix DefragExpress
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.3.424
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Flash Decompiler Trillix_is1" = Flash Decompiler Trillix
"FlashGet 3.7" = FlashGet 3.7
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"gotoevent6_is1" = イベントへいこう7 Ver1.0
"GreenBrowser_is1" = GreenBrowser
"hon" = Heroes of Newerth
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"IObit Malware Fighter_is1" = IObit Malware Fighter
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Maxthon2" = Maxthon2
"Maxthon3" = Maxthon 3
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.20)" = Mozilla Firefox (3.6.20)
"Ninotech Path Copy" = Ninotech Path Copy 4.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"Protected Folder_is1" = Protected Folder
"RegEditX" = RegEditX
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"SlimBrowser" = FlashPeak SlimBrowser
"Smart Defrag 2_is1" = Smart Defrag 2
"SmartDraw 2012" = SmartDraw 2012
"StartupRun" = StartupRun
"SuperCleaner" = SuperCleaner
"SWF Decompiler Premium_is1" = SWF Decompiler Premium 2.2.2.15
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUpMedia" = TuneUp Companion 2.4.4.3
"Winamp" = Winamp
"Windows7Master" = 羸 - Win7蚥趙湮呇
"WinLiveSuite" = Windows Live Essentials
"WinRescue Vista_is1" = WinRescue Vista
"XnView Shell Extension_is1" = XnView Shell Extension 3.1.0 (64bits)
"XnView_is1" = XnView 1.98.2
"YU2010_is1" = Your Uninstaller! 7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-351645184-3812066956-3475953073-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2012/6/26 PM 01:13:17 | Computer Name = A5 | Source = WinMgmt | ID = 10
Description =

Error - 2012/6/26 PM 01:17:24 | Computer Name = A5 | Source = WinMgmt | ID = 10
Description =

Error - 2012/6/26 PM 01:21:32 | Computer Name = A5 | Source = WinMgmt | ID = 10
Description =

Error - 2012/6/26 PM 04:29:47 | Computer Name = A5 | Source = WinMgmt | ID = 10
Description =

Error - 2012/6/26 PM 04:48:03 | Computer Name = A5 | Source = WinMgmt | ID = 10
Description =

Error - 2012/6/26 PM 11:07:25 | Computer Name = A5 | Source = IMFservice | ID = 0
Description =

Error - 2012/6/26 PM 11:07:25 | Computer Name = A5 | Source = IMFservice | ID = 0
Description =

Error - 2012/6/26 PM 11:14:09 | Computer Name = A5 | Source = WinMgmt | ID = 10
Description =

Error - 2012/6/26 PM 11:43:06 | Computer Name = A5 | Source = WinMgmt | ID = 10
Description =

Error - 2012/6/27 AM 12:06:00 | Computer Name = A5 | Source = WinMgmt | ID = 10
Description =

Error - 2012/6/27 AM 12:45:23 | Computer Name = A5 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2012/6/26 PM 11:50:23 | Computer Name = A5 | Source = Service Control Manager | ID = 7023
Description = Function Discovery Resource Publication 服務因下列錯誤而終止: %%-2147024891

Error - 2012/6/26 PM 11:54:18 | Computer Name = A5 | Source = Service Control Manager | ID = 7031
Description = Microsoft Antimalware Service 服務意外終止,服務曾完成這項動作 1 次。以下的修正操作將在 15000
毫秒?執行: 重新?動服務。

Error - 2012/6/26 PM 11:54:26 | Computer Name = A5 | Source = Service Control Manager | ID = 7034
Description = IMF Service 服務意外地終止。已經發生 1 次。

Error - 2012/6/27 AM 12:01:08 | Computer Name = A5 | Source = Service Control Manager | ID = 7030
Description = PEVSystemStart 服務被標示為互動服務。但是系統被設定成不允許互動服務。這項服務可能無法正常運作。

Error - 2012/6/27 AM 12:02:39 | Computer Name = A5 | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys 已被防止載入,原因是其與此系統不相容。請連絡?的軟體廠商,以取得相容的驅動程式版本。

Error - 2012/6/27 AM 12:03:09 | Computer Name = A5 | Source = Service Control Manager | ID = 7030
Description = PEVSystemStart 服務被標示為互動服務。但是系統被設定成不允許互動服務。這項服務可能無法正常運作。

Error - 2012/6/27 AM 12:04:41 | Computer Name = A5 | Source = Service Control Manager | ID = 7023
Description = Windows Defender 服務因下列錯誤而終止: %%126

Error - 2012/6/27 AM 12:16:37 | Computer Name = A5 | Source = bowser | ID = 8003
Description =

Error - 2012/6/27 AM 12:32:54 | Computer Name = A5 | Source = Service Control Manager | ID = 7034
Description = Advanced SystemCare Service 5 服務意外地終止。已經發生 1 次。

Error - 2012/6/27 AM 12:52:37 | Computer Name = A5 | Source = bowser | ID = 8003
Description =


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2009/04/23 16:04:00 | 000,002,267 | ---- | M] () -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\2t44q8ei.default\searchplugins\ask.xml
[2011/06/13 09:11:22 | 000,002,569 | ---- | M] () -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\2t44q8ei.default\searchplugins\askcom.xml
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:58A5270D
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:DED17083

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please, run F-Secure Online Scanner

  • Disable your Antivirus program.
  • Checkmark I have read and accepted the license terms.
  • Click on Run Check button.
  • Quick scan (recommended) option will come pre-checked. Don't change it.
  • Click on Start button.
  • When scan is done, in Step 3: Clean the files, leave all settings as they're.
  • Click Next button.
  • Click Full report... button.
  • Copy report's content and paste it into your next reply.
 
OTL Log 2

All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.order.1
C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\2t44q8ei.default\searchplugins\ask.xml moved successfully.
C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\2t44q8ei.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\TEMP:58A5270D deleted successfully.
ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully.
ADS C:\ProgramData\TEMP:DED17083 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jeffery
->Temp folder emptied: 0 bytes
->Java cache emptied: 2272405 bytes
->FireFox cache emptied: 33585544 bytes
->Flash cache emptied: 1783 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4322 bytes
Session Manager Temp folder emptied: 1408090 bytes
Session Manager Tmp folder emptied: 65617 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 57454369 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 90.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jeffery
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jeffery
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 06272012_120529
Files\Folders moved on Reboot...
File move failed. C:\TEMP\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
C:\TEMP\debug.log moved successfully.
C:\TEMP\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
[2012/06/27 12:07:41 | 000,000,081 | ---- | M] () C:\TEMP\CLDigitalHome\CLMS_AGENT_LOG1.txt : Unable to obtain MD5
File C:\TEMP\debug.log not found!
File C:\TEMP\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
 
Security Check Log

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 4 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
AVG Security Toolbar
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
TuneUp Companion 2.4.4.3
SuperCleaner
FixCleaner
Java(TM) 6 Update 26
Out of date Java installed!
Mozilla Firefox (3.6.20) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
 
FSS.txt

Farbar Service Scanner Version: 25-06-2012 01
Ran by Jeffery (administrator) on 27-06-2012 at 12:12:33
Running from "C:\Users\Public\Desktop"
Microsoft Windows 7 旗艦版 Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
[FONT=Verdana] Full Report[/FONT]
[FONT=Arial]Scanning Report[/FONT]

[FONT=Arial]Wednesday, June 27, 2012 12:28:10 - 12:39:11[/FONT]

Computer name: A5
Scanning type: Quick scan
Target: System
[FONT=Arial]3 malware found[/FONT]

TrackingCookie.2o7 (spyware)
  • System (Disinfected)
TrackingCookie.Atdmt (spyware)
  • System (Disinfected)
TrackingCookie.Webtrends (spyware)
  • System (Disinfected)
[FONT=Arial]Statistics[/FONT]

Scanned:
  • Files: 7468
  • System: 7468
  • Not scanned: 0
Actions:
  • Disinfected: 3
  • Renamed: 0
  • Deleted: 0
  • Not cleaned: 0
  • Submitted: 0
[FONT=Arial]Options[/FONT]

Scanning engines:
Copyright © 1998-2009 Product support | Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
 
Uninstall:
TuneUp Companion 2.4.4.3
SuperCleaner
FixCleaner

Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


=========================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=====================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
OTL Log

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jeffery
->Temp folder emptied: 0 bytes
->Java cache emptied: 31660 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 906 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 480442454 bytes
Session Manager Tmp folder emptied: 561233 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 783 bytes

Total Files Cleaned = 459.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jeffery
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jeffery
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06272012_133723
Files\Folders moved on Reboot...
File move failed. C:\TEMP\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
C:\TEMP\FXSAPIDebugLogFile.txt moved successfully.
C:\TEMP\REG3FDC.tmp moved successfully.
File\Folder C:\TEMP\TMP000000A514671AAB8B691FE8 not found!
PendingFileRenameOperations files...
[2012/06/27 13:40:18 | 000,000,081 | ---- | M] () C:\TEMP\CLDigitalHome\CLMS_AGENT_LOG1.txt : Unable to obtain MD5
File C:\TEMP\FXSAPIDebugLogFile.txt not found!
File C:\TEMP\REG3FDC.tmp not found!
File C:\TEMP\TMP000000A514671AAB8B691FE8 not found!
Registry entries deleted on Reboot...
 
Alright, Broni.

I've finished all of the remaining steps, and my computer seems to be running much better. Thanks a lot!
 
Yes!!
p4193502.gif

Good luck and stay safe :)
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni

Latest posts

Back