TechSpot

Initial attempt at removing Windows 7 Recovery virus

By JYZero
May 20, 2011
  1. Hi everyone,

    I'm new here, and I joined because this forum looks to be very helpful in helping newbies resolve technical problems. Anyhow, I've recently become infected with the Windows Recovery virus, and thought I'd give the initial removal a go. Here are my
    logs... for some reason, the DDS scan still did not run even after I disabled all of my protection (I am kind of a noob, so maybe there was a background script protection I was not aware of).

    ---------------------------------------------------------------------------------------------------------

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6622

    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 8.0.7600.16385

    20/05/2011 12:33:00 AM
    mbam-log-2011-05-20 (00-33-00).txt

    Scan type: Quick scan
    Objects scanned: 154814
    Time elapsed: 4 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\programdata\ieswqmpfealid.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
    c:\programdata\26402552.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

    ---------------------------------------------------------------------------------------------------------------

    GMER:

    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit quick scan 2011-05-20 00:49:41
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1237GSX rev.DL130M
    Running: 608v5p50.exe; Driver: C:\TEMP\ugtdqpob.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85E5D1F8
    Device \Driver\atapi \Device\Ide\IdePort0 85E5D1F8
    Device \Driver\atapi \Device\Ide\IdePort1 85E5D1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 85E5D1F8
    Device \Driver\az9enuej \Device\Scsi\az9enuej1Port2Path0Target0Lun0 87034500
    Device \Driver\az9enuej \Device\Scsi\az9enuej1 87034500
    Device \FileSystem\Ntfs \Ntfs 85E5F1F8

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:204] 86CB6E7A
    Thread System [4:208] 86CB9008

    ---- EOF - GMER 1.0.15 ----


    So far, I no longer get the pop-up screen that comes up with the virus upon startup and most of my processes seem functional. I still cannot see any of my start menu files, however. Thanks in advance!!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  3. JYZero

    JYZero TS Rookie Topic Starter Posts: 39

    Hi... and sorry for the late response. I just got back from a long (Canadian) weekend. Anyways, here's the log that I got after the TDSSKiller scan:

    2011/05/24 11:04:03.0504 4016 TDSS rootkit removing tool 2.5.2.0 May 24 2011 11:01:23
    2011/05/24 11:04:05.0345 4016 ================================================================================
    2011/05/24 11:04:05.0345 4016 SystemInfo:
    2011/05/24 11:04:05.0345 4016
    2011/05/24 11:04:05.0345 4016 OS Version: 6.1.7600 ServicePack: 0.0
    2011/05/24 11:04:05.0345 4016 Product type: Workstation
    2011/05/24 11:04:05.0345 4016 ComputerName: NB02
    2011/05/24 11:04:05.0345 4016 UserName: Jeffery
    2011/05/24 11:04:05.0345 4016 Windows directory: C:\Windows
    2011/05/24 11:04:05.0345 4016 System windows directory: C:\Windows
    2011/05/24 11:04:05.0345 4016 Processor architecture: Intel x86
    2011/05/24 11:04:05.0345 4016 Number of processors: 1
    2011/05/24 11:04:05.0345 4016 Page size: 0x1000
    2011/05/24 11:04:05.0345 4016 Boot type: Normal boot
    2011/05/24 11:04:05.0345 4016 ================================================================================
    2011/05/24 11:04:07.0295 4016 Initialize success
    2011/05/24 11:04:11.0382 3504 ================================================================================
    2011/05/24 11:04:11.0382 3504 Scan started
    2011/05/24 11:04:11.0382 3504 Mode: Manual;
    2011/05/24 11:04:11.0382 3504 ================================================================================
    2011/05/24 11:04:13.0082 3504 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/05/24 11:04:13.0145 3504 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/05/24 11:04:13.0207 3504 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/05/24 11:04:13.0269 3504 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
    2011/05/24 11:04:13.0425 3504 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/05/24 11:04:13.0535 3504 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/05/24 11:04:13.0581 3504 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/05/24 11:04:13.0737 3504 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/05/24 11:04:13.0847 3504 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
    2011/05/24 11:04:14.0003 3504 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/05/24 11:04:14.0065 3504 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/05/24 11:04:14.0143 3504 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/05/24 11:04:14.0283 3504 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/05/24 11:04:14.0346 3504 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/05/24 11:04:14.0393 3504 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/05/24 11:04:14.0455 3504 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/05/24 11:04:14.0533 3504 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
    2011/05/24 11:04:14.0673 3504 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/05/24 11:04:14.0736 3504 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
    2011/05/24 11:04:14.0798 3504 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/05/24 11:04:14.0892 3504 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/05/24 11:04:14.0939 3504 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/05/24 11:04:14.0985 3504 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/05/24 11:04:15.0126 3504 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/05/24 11:04:15.0251 3504 athr (9b169863fde2b5c3153fabadc0de7718) C:\Windows\system32\DRIVERS\athr.sys
    2011/05/24 11:04:15.0469 3504 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/05/24 11:04:15.0531 3504 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/05/24 11:04:15.0609 3504 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/05/24 11:04:15.0687 3504 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/05/24 11:04:15.0828 3504 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
    2011/05/24 11:04:15.0921 3504 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/05/24 11:04:15.0984 3504 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/05/24 11:04:16.0077 3504 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/05/24 11:04:16.0187 3504 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/05/24 11:04:16.0249 3504 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/05/24 11:04:16.0311 3504 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/05/24 11:04:16.0374 3504 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/05/24 11:04:16.0530 3504 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/05/24 11:04:16.0592 3504 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/05/24 11:04:16.0655 3504 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/05/24 11:04:16.0748 3504 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/05/24 11:04:16.0889 3504 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/05/24 11:04:16.0951 3504 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/05/24 11:04:17.0013 3504 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/05/24 11:04:17.0076 3504 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/05/24 11:04:17.0201 3504 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/05/24 11:04:17.0279 3504 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/05/24 11:04:17.0388 3504 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    2011/05/24 11:04:17.0544 3504 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/05/24 11:04:17.0637 3504 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/05/24 11:04:17.0715 3504 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/05/24 11:04:17.0934 3504 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/05/24 11:04:18.0137 3504 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/05/24 11:04:18.0246 3504 eamonm (fdaa8a0cf9ef7af0da2f7b4e55ab0bdf) C:\Windows\system32\DRIVERS\eamonm.sys
    2011/05/24 11:04:18.0480 3504 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/05/24 11:04:18.0683 3504 ehdrv (6f2441c26d74bde88c25e240a2720eeb) C:\Windows\system32\DRIVERS\ehdrv.sys
    2011/05/24 11:04:18.0807 3504 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/05/24 11:04:18.0932 3504 epfw (93aa9cef77315a0866f8307195de416d) C:\Windows\system32\DRIVERS\epfw.sys
    2011/05/24 11:04:19.0123 3504 Epfwndis (7946b41daeb3e610742ff01a6d2d61b2) C:\Windows\system32\DRIVERS\Epfwndis.sys
    2011/05/24 11:04:19.0201 3504 epfwwfp (14f8bb85d593846724e8812756be821a) C:\Windows\system32\DRIVERS\epfwwfp.sys
    2011/05/24 11:04:19.0265 3504 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/05/24 11:04:19.0447 3504 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/05/24 11:04:19.0519 3504 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/05/24 11:04:19.0601 3504 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/05/24 11:04:19.0693 3504 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/05/24 11:04:19.0823 3504 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/05/24 11:04:19.0906 3504 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/05/24 11:04:19.0965 3504 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/05/24 11:04:20.0057 3504 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/05/24 11:04:20.0124 3504 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/05/24 11:04:20.0209 3504 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/05/24 11:04:20.0341 3504 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/05/24 11:04:20.0413 3504 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/05/24 11:04:20.0636 3504 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/05/24 11:04:20.0730 3504 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2011/05/24 11:04:20.0808 3504 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/05/24 11:04:20.0979 3504 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/05/24 11:04:21.0026 3504 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/05/24 11:04:21.0088 3504 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/05/24 11:04:21.0166 3504 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/05/24 11:04:21.0276 3504 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/05/24 11:04:21.0400 3504 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/05/24 11:04:21.0463 3504 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/05/24 11:04:21.0510 3504 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/05/24 11:04:21.0681 3504 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
    2011/05/24 11:04:21.0978 3504 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/05/24 11:04:22.0290 3504 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/05/24 11:04:22.0477 3504 IntcAzAudAddService (2a4eb3167a071a67d3f56e94663544ec) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/05/24 11:04:22.0695 3504 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/05/24 11:04:22.0758 3504 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/05/24 11:04:22.0836 3504 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/05/24 11:04:22.0882 3504 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/05/24 11:04:22.0960 3504 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/05/24 11:04:23.0194 3504 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/05/24 11:04:23.0257 3504 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/05/24 11:04:23.0335 3504 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/05/24 11:04:23.0428 3504 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/05/24 11:04:23.0600 3504 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/05/24 11:04:23.0662 3504 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/05/24 11:04:23.0756 3504 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/05/24 11:04:24.0037 3504 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/05/24 11:04:24.0084 3504 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/05/24 11:04:24.0146 3504 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/05/24 11:04:24.0208 3504 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/05/24 11:04:24.0271 3504 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/05/24 11:04:24.0536 3504 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/05/24 11:04:24.0614 3504 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/05/24 11:04:24.0708 3504 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/05/24 11:04:24.0786 3504 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/05/24 11:04:24.0879 3504 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/05/24 11:04:24.0957 3504 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/05/24 11:04:25.0051 3504 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/05/24 11:04:25.0207 3504 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/05/24 11:04:25.0316 3504 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/05/24 11:04:25.0441 3504 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/05/24 11:04:25.0566 3504 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/05/24 11:04:25.0675 3504 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/05/24 11:04:25.0753 3504 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/05/24 11:04:25.0831 3504 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/05/24 11:04:26.0002 3504 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/05/24 11:04:26.0096 3504 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/05/24 11:04:26.0174 3504 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/05/24 11:04:26.0236 3504 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/05/24 11:04:26.0314 3504 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/05/24 11:04:26.0392 3504 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/05/24 11:04:26.0455 3504 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/05/24 11:04:26.0533 3504 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/05/24 11:04:26.0626 3504 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/05/24 11:04:26.0689 3504 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/05/24 11:04:26.0751 3504 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/05/24 11:04:26.0829 3504 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/05/24 11:04:26.0938 3504 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/05/24 11:04:27.0110 3504 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/05/24 11:04:27.0204 3504 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/05/24 11:04:27.0282 3504 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/05/24 11:04:27.0328 3504 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/05/24 11:04:27.0391 3504 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/05/24 11:04:27.0500 3504 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/05/24 11:04:27.0578 3504 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/05/24 11:04:27.0640 3504 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/05/24 11:04:27.0734 3504 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/05/24 11:04:27.0781 3504 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/05/24 11:04:27.0984 3504 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/05/24 11:04:28.0124 3504 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
    2011/05/24 11:04:28.0296 3504 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/05/24 11:04:28.0498 3504 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
    2011/05/24 11:04:28.0576 3504 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
    2011/05/24 11:04:28.0654 3504 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/05/24 11:04:28.0795 3504 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/05/24 11:04:28.0920 3504 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/05/24 11:04:28.0998 3504 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/05/24 11:04:29.0060 3504 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/05/24 11:04:29.0169 3504 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/05/24 11:04:29.0232 3504 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/05/24 11:04:29.0294 3504 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/05/24 11:04:29.0419 3504 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/05/24 11:04:29.0497 3504 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/05/24 11:04:29.0684 3504 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/05/24 11:04:29.0746 3504 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/05/24 11:04:29.0871 3504 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/05/24 11:04:30.0074 3504 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/05/24 11:04:30.0246 3504 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/05/24 11:04:30.0324 3504 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/05/24 11:04:30.0370 3504 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/05/24 11:04:30.0433 3504 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/05/24 11:04:30.0573 3504 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/05/24 11:04:30.0620 3504 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/05/24 11:04:30.0667 3504 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/05/24 11:04:30.0729 3504 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/05/24 11:04:30.0792 3504 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/05/24 11:04:30.0932 3504 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/05/24 11:04:31.0026 3504 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2011/05/24 11:04:31.0088 3504 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/05/24 11:04:31.0228 3504 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/05/24 11:04:31.0291 3504 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/05/24 11:04:31.0338 3504 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/05/24 11:04:31.0556 3504 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/05/24 11:04:31.0962 3504 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
    2011/05/24 11:04:32.0024 3504 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/05/24 11:04:32.0102 3504 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/05/24 11:04:32.0398 3504 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/05/24 11:04:32.0476 3504 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/05/24 11:04:32.0570 3504 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/05/24 11:04:32.0664 3504 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/05/24 11:04:32.0757 3504 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/05/24 11:04:32.0820 3504 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/05/24 11:04:32.0929 3504 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/05/24 11:04:32.0991 3504 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/05/24 11:04:33.0085 3504 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/05/24 11:04:33.0241 3504 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/05/24 11:04:33.0381 3504 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/05/24 11:04:33.0506 3504 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/05/24 11:04:33.0553 3504 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/05/24 11:04:33.0615 3504 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/05/24 11:04:33.0693 3504 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/05/24 11:04:33.0958 3504 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    2011/05/24 11:04:33.0958 3504 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2011/05/24 11:04:33.0974 3504 sptd - detected LockedFile.Multi.Generic (1)
    2011/05/24 11:04:34.0068 3504 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
    2011/05/24 11:04:34.0192 3504 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/05/24 11:04:34.0255 3504 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/05/24 11:04:34.0364 3504 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/05/24 11:04:34.0458 3504 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/05/24 11:04:34.0567 3504 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/05/24 11:04:34.0614 3504 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/05/24 11:04:34.0816 3504 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/05/24 11:04:34.0988 3504 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/05/24 11:04:35.0082 3504 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/05/24 11:04:35.0144 3504 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/05/24 11:04:35.0175 3504 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/05/24 11:04:35.0238 3504 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/05/24 11:04:35.0316 3504 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/05/24 11:04:35.0472 3504 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys
    2011/05/24 11:04:35.0581 3504 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/05/24 11:04:35.0659 3504 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/05/24 11:04:35.0737 3504 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/05/24 11:04:35.0799 3504 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/05/24 11:04:35.0908 3504 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/05/24 11:04:35.0986 3504 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/05/24 11:04:36.0064 3504 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/05/24 11:04:36.0142 3504 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
    2011/05/24 11:04:36.0236 3504 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/05/24 11:04:36.0314 3504 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/05/24 11:04:36.0392 3504 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys
    2011/05/24 11:04:36.0501 3504 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/05/24 11:04:36.0595 3504 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
    2011/05/24 11:04:36.0673 3504 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/05/24 11:04:36.0766 3504 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS
    2011/05/24 11:04:36.0813 3504 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
    2011/05/24 11:04:36.0891 3504 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
    2011/05/24 11:04:37.0016 3504 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/05/24 11:04:37.0094 3504 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/05/24 11:04:37.0156 3504 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/05/24 11:04:37.0188 3504 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/05/24 11:04:37.0250 3504 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/05/24 11:04:37.0328 3504 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/05/24 11:04:37.0390 3504 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/05/24 11:04:37.0453 3504 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/05/24 11:04:37.0531 3504 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/05/24 11:04:37.0593 3504 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/05/24 11:04:37.0702 3504 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/05/24 11:04:37.0780 3504 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/05/24 11:04:37.0780 3504 Suspicious file (Forged): C:\Windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 58df9d2481a56edde167e51b334d44fd
    2011/05/24 11:04:37.0796 3504 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
    2011/05/24 11:04:37.0890 3504 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/05/24 11:04:37.0999 3504 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/05/24 11:04:38.0061 3504 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/05/24 11:04:38.0170 3504 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/05/24 11:04:38.0264 3504 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/24 11:04:38.0295 3504 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/24 11:04:38.0451 3504 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/05/24 11:04:38.0529 3504 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/05/24 11:04:38.0670 3504 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/05/24 11:04:38.0779 3504 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/05/24 11:04:38.0919 3504 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/05/24 11:04:39.0044 3504 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/05/24 11:04:39.0184 3504 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/05/24 11:04:39.0247 3504 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/05/24 11:04:39.0528 3504 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) D:\A-media\CyberLink\PowerDVD10\NavFilter\000.fcl
    2011/05/24 11:04:39.0606 3504 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    2011/05/24 11:04:39.0637 3504 ================================================================================
    2011/05/24 11:04:39.0637 3504 Scan finished
    2011/05/24 11:04:39.0637 3504 ================================================================================
    2011/05/24 11:04:39.0689 3052 Detected object count: 2
    2011/05/24 11:04:39.0689 3052 Actual detected object count: 2
    2011/05/24 11:05:22.0612 3052 LockedFile.Multi.Generic(sptd) - User select action: Skip
    2011/05/24 11:05:22.0753 3052 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/05/24 11:05:22.0768 3052 Suspicious file (Forged): C:\Windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 58df9d2481a56edde167e51b334d44fd
    2011/05/24 11:05:24.0360 3052 Backup copy found, using it..
    2011/05/24 11:05:24.0391 3052 C:\Windows\system32\DRIVERS\volsnap.sys - will be cured after reboot
    2011/05/24 11:05:24.0391 3052 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
    2011/05/24 11:05:43.0594 3772 Deinitialize success
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Very good :)

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. JYZero

    JYZero TS Rookie Topic Starter Posts: 39

    Hi,

    I've tried disabling my ESET, and then tried terminating it via task manager. But it's not going away!! Every time I try to shut it down using task manager, it doesn't do a thing. Disabling the anti-virus/anti-malware protection doesn't seem to work either... ComboFix still claims that it is active even though they're not. What should I do?
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Run Combofix from Safe Mode and disregard Combofix warnings (if any).

    I still need aswMBR log.
     
  7. JYZero

    JYZero TS Rookie Topic Starter Posts: 39

    AnsWBR:

    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-05-24 12:27:15
    -----------------------------
    12:27:15.580 OS Version: Windows 6.1.7600
    12:27:15.580 Number of processors: 1 586 0xF06
    12:27:15.580 ComputerName: NB02 UserName:
    12:27:50.743 Initialize success
    12:28:22.333 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    12:28:22.333 Disk 0 Vendor: TOSHIBA_MK1237GSX DL130M Size: 114473MB BusType: 3
    12:28:24.392 Disk 0 MBR read successfully
    12:28:24.392 Disk 0 MBR scan
    12:28:24.392 Disk 0 Windows 7 default MBR code
    12:28:26.404 Disk 0 scanning sectors +234436545
    12:28:26.451 Disk 0 scanning C:\Windows\system32\drivers
    12:28:33.627 Service scanning
    12:28:35.078 Disk 0 trace - called modules:
    12:28:35.234 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85a5d1f8]<<
    12:28:35.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86889460]
    12:28:35.234 3 CLASSPNP.SYS[896dd59e] -> nt!IofCallDriver -> [0x867b2918]
    12:28:35.234 5 ACPI.sys[88f553b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86777030]
    12:28:35.234 \Driver\atapi[0x8676c030] -> IRP_MJ_CREATE -> 0x85a5d1f8
    12:28:35.359 Scan finished successfully
    12:31:34.430 Disk 0 MBR has been saved successfully to "C:\Users\Jeffery\Desktop\MBR.dat"
    12:31:35.085 The log file has been saved successfully to "C:\Users\Jeffery\Desktop\aswMBR.txt"


    ComboFix:

    ComboFix 11-05-23.02 - Jeffery 26/05/2011 12:02:22.2.1 - x86 NETWORK
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1028.18.1014.601 [GMT -4:00]
    Running from: c:\users\Jeffery\Desktop\ComboFix.exe
    AV: ESET Smart Security 4.2 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
    SP: ESET Smart Security 4.2 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\desktop.ini
    c:\temp\catchme.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-26 to 2011-05-26 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-26 16:12 . 2011-05-26 16:12 53248 ----a-w- c:\temp\catchme.dll
    2011-05-26 16:11 . 2011-05-26 16:11 -------- d-----w- c:\users\Jeffery\AppData\Local\temp
    2011-05-26 16:11 . 2011-05-26 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-25 16:55 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-05-24 16:33 . 2011-05-24 16:33 -------- d-----w- c:\windows\system32\SPReview
    2011-05-24 16:32 . 2011-05-24 16:32 -------- d-----w- c:\windows\system32\EventProviders
    2011-05-24 00:14 . 2010-11-20 12:17 327168 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2011-05-24 00:13 . 2010-11-20 12:20 932352 ----a-w- c:\windows\system32\printui.dll
    2011-05-24 00:12 . 2010-11-20 12:21 541184 ----a-w- c:\windows\system32\WMVSDECD.DLL
    2011-05-24 00:10 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
    2011-05-24 00:10 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
    2011-05-24 00:10 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
    2011-05-24 00:10 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-05-24 00:10 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
    2011-05-24 00:10 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
    2011-05-24 00:10 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
    2011-05-24 00:10 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
    2011-05-24 00:10 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
    2011-05-23 06:21 . 2011-05-23 06:50 249856 ------w- c:\windows\Setup1.exe
    2011-05-23 06:21 . 2011-05-23 06:50 73216 ----a-w- c:\windows\ST6UNST.EXE
    2011-05-22 20:52 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-21 06:27 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-21 06:18 . 2011-05-20 04:20 7734208 ----a-w- C:\mbam-setup-1.50.1.1100.exe
    2011-05-20 22:36 . 2011-05-21 21:27 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2011-05-20 22:36 . 2011-05-21 21:27 17212 ----atw- c:\windows\system32\SIntf32.dll
    2011-05-20 22:36 . 2011-05-21 21:27 12067 ----atw- c:\windows\system32\SIntf16.dll
    2011-05-20 22:18 . 2011-05-20 22:18 2829 ----a-w- c:\windows\DIIUnin.pif
    2011-05-20 22:18 . 2011-05-20 22:18 94208 ----a-w- c:\windows\DIIUnin.exe
    2011-05-20 04:21 . 2011-05-20 04:21 -------- d-----w- c:\users\Jeffery\AppData\Roaming\Malwarebytes
    2011-05-20 04:21 . 2011-05-20 04:21 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-20 04:20 . 2011-05-20 04:20 52676424 ----a-w- C:\avira_antivir_personal_en.exe
    2011-05-17 14:19 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23AB56BF-22A1-4B3C-8304-2FAE32745587}\mpengine.dll
    2011-05-11 02:20 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-05-11 02:20 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-05-11 02:20 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-05-11 02:20 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-05-11 02:20 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-05-11 02:20 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-05-11 02:20 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-05-11 02:20 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-05-11 02:20 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-05-07 01:39 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
    2011-05-07 01:39 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
    2011-05-07 01:39 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-24 16:58 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-11 05:33 . 2011-04-14 22:07 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-11 05:33 . 2011-04-14 22:07 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-08 05:28 . 2011-04-14 22:07 741376 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-07 05:33 . 2011-04-14 22:08 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-03-07 03:52 . 2011-04-14 22:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-03-03 05:38 . 2011-04-14 22:09 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-03-03 05:36 . 2011-04-14 22:09 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-03-03 03:42 . 2011-04-14 22:07 2333184 ----a-w- c:\windows\system32\win32k.sys
    2011-01-03 07:19 . 2011-01-03 07:19 130359064 ----a-w- c:\program files\Ad-Aware90Install.exe
    2010-09-15 03:17 . 2010-09-15 03:16 1888672 ----a-w- c:\program files\mirc71.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="d:\a-system\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-02 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-22 2140880]
    "IObit Security 360"="d:\a-www\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
    "DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
    "Adobe Reader Speed Launcher"="d:\a-edit\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "MaxRecentDocs"= 16 (0x10)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^????-Total Commander 32.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\????-Total Commander 32.lnk
    backup=c:\windows\pss\????-Total Commander 32.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- d:\a-edit\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2010-04-01 09:16 357696 ----a-w- d:\a-media\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedConnectStartUp]
    2009-04-28 05:52 603136 ----a-w- d:\a-www\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-04-02 02:15 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
    2007-11-26 18:47 1206600 ----a-w- d:\a-system\Webroot\Washer\wwDisp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
    2005-07-15 21:48 479232 ----a-w- c:\users\Jeffery\Gmail Notifier\gnotify.exe
    .
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-05 691696]
    R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-02-22 114984]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-02-22 810120]
    R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-02-22 41312]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-02 135664]
    R2 IS360service;IS360service;d:\a-www\IObit Security 360\IS360srv.exe [2010-06-11 312152]
    R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-02-22 133512]
    R3 gupdatem;Google ?? ?? (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-02 135664]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub; [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-02 02:15]
    .
    2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-02 02:15]
    .
    2011-05-22 c:\windows\Tasks\Pointstone Quick Maintenance.job
    - d:\a-system\System Cleaner 5\SystemCleaner.exe [2010-03-05 02:13]
    .
    2011-05-16 c:\windows\Tasks\SmartDefrag.job
    - d:\a-system\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-03-30 20:48]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    mStart Page = hxxp://www.gotoya.com/
    uInternet Settings,ProxyOverride = *.local
    IE: &??BitComet??
    IE: &??BitComet??????
    IE: &¨Ï¥ÎBitComet¤U¸ü
    IE: &¨Ï¥ÎBitComet¤U¸ü¥þ³¡³sµ²
    IE: &¨Ï¥ÎBitComet¤U¸ü¥þ³¡¼v¤ù
    IE: &??BitComet?? - d:\a-www\BitComet\BitComet.exe/AddLink.htm
    IE: &??BitComet?????? - d:\a-www\BitComet\BitComet.exe/AddVideo.htm
    IE: &??BitComet?????? - d:\a-www\BitComet\BitComet.exe/AddAllLink.htm
    IE: ??: [??] ??
    IE: ?????: ? > ?
    IE: ???????(&S)
    IE: ???????(&T)
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google ????...
    IE: Google ºô*¶µù¸Ñ...
    IE: Google ????... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: °Å¶Kï¤å¦r: Ác > ²
    IE: °Å¶Kï¤å¦r: ² > Ác
    IE: ºô*¶: [ÁcÅé] Åã¥Ü
    IE: ºô*¶: [²Åé] Åã¥Ü
    IE: Âà´«¦¨ÁcÅ餤¤å(&T)
    IE: Âà´«¦¨Â²Å餤¤å(&S)
    IE: ?????: ? > ? - d:\a-www\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad
    IE: ?????: ? > ? - d:\a-www\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim
    IE: ??: [??] ?? - d:\a-www\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim
    IE: ??: [??] ?? - d:\a-www\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad
    IE: ???????(&S) - c:\windows\system32\tcscconv.dll/tosimp
    IE: ???????(&T) - c:\windows\system32\tcscconv.dll/totrad
    FF - ProfilePath - c:\users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1605787&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - mobilewitch Customized Web Search
    FF - prefs.js: browser.search.selectedengine - winamp search
    FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http://7999.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?form=GLBTDF&pc=GLBL&q=
    FF - prefs.js: keyword.url - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationtype=tb50ffwinampab&query=
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\a-www\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - d:\a-www\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - d:\a-www\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
    FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - d:\a-www\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: AnyColor: anycolor.pavlos256@gmail.com - %profile%\extensions\anycolor.pavlos256@gmail.com
    FF - Ext: Better Gmail 2: bettergmail2@ginatrapani.org - %profile%\extensions\bettergmail2@ginatrapani.org
    FF - Ext: Camifox: camifox@altmusictv.com - %profile%\extensions\camifox@altmusictv.com
    FF - Ext: Custom Buttons²: CustomButtons2@cbtnext.org - %profile%\extensions\CustomButtons2@cbtnext.org
    FF - Ext: Canadian English Dictionary: en-CA@dictionaries.addons.mozilla.org - %profile%\extensions\en-CA@dictionaries.addons.mozilla.org
    FF - Ext: United States English Dictionary: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
    FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
    FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
    FF - Ext: Kempelton: kempelton-fx@arvidaxelsson.se - %profile%\extensions\kempelton-fx@arvidaxelsson.se
    FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
    FF - Ext: Silvermel: silvermel@pardal.de - %profile%\extensions\silvermel@pardal.de
    FF - Ext: Silvermel and Charamel XT: silvermelxt@pardal.de - %profile%\extensions\silvermelxt@pardal.de
    FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
    FF - Ext: Strata RELOADED: stratareloaded@addons.mozilla.org - %profile%\extensions\stratareloaded@addons.mozilla.org
    FF - Ext: Auto Hide IP: support@auto-hide-ip.com - %profile%\extensions\support@auto-hide-ip.com
    FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
    FF - Ext: Tab Sidebar: TabSidebar@blueprintit.co.uk - %profile%\extensions\TabSidebar@blueprintit.co.uk
    FF - Ext: yogurttree: theme@yogurttree.com - %profile%\extensions\theme@yogurttree.com
    FF - Ext: Forecastfox: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    FF - Ext: Phoenity Next (formerly Phoenity Reborn): {069FB356-C69F-7349-D092-AB28AF836D0E} - %profile%\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}
    FF - Ext: Vista on XP: {07b2a769-ed19-4483-87ce-c643914c81b1} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81b1}
    FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
    FF - Ext: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - %profile%\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
    FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    FF - Ext: Aeon Colors: {1DEAE5AA-E19E-458b-9C8C-73CB651B9A58} - %profile%\extensions\{1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: æ–°åŒæ–‡å*‚ (New Tong Wen Tang): {22870005-adef-4c9d-ae36-d0e1f2f27e5a} - %profile%\extensions\{22870005-adef-4c9d-ae36-d0e1f2f27e5a}
    FF - Ext: Quick Locale Switcher: {25A1388B-6B18-46c3-BEBA-A81915D0DE8F} - %profile%\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: WindowsUpdate: {35106bca-6c78-48c7-ac28-56df30b51d2b} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2b}
    FF - Ext: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - %profile%\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
    FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
    FF - Ext: Minimap Addon: {398e77b8-2304-11dc-8314-0800200c9a66} - %profile%\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
    FF - Ext: Gmail Notifier: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e} - %profile%\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
    FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
    FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
    FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
    FF - Ext: Context Highlight: {8051A235-3BDB-4450-9C02-8CD8C6F9E2CB} - %profile%\extensions\{8051A235-3BDB-4450-9C02-8CD8C6F9E2CB}
    FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
    FF - Ext: Glubble: {83874588-ae10-4dbb-8dba-8301c86cb8fc} - %profile%\extensions\{83874588-ae10-4dbb-8dba-8301c86cb8fc}
    FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    FF - Ext: BabelFish: {ca0849e8-2c76-42ae-9abe-34e14d337acf} - %profile%\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: FoxClocks: {d37dc5d0-431d-44e5-8c91-49419370caa1} - %profile%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
    FF - Ext: Red Cats (green flavor): {dd30bf68-268a-4815-ad48-8740b774c764} - %profile%\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: Aeon: {ded0fc70-7215-4802-afeb-b2982d3e7225} - %profile%\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}
    FF - Ext: jsLib: {DF8E5247-8E0A-4de6-B393-0735A39DFD80} - %profile%\extensions\{DF8E5247-8E0A-4de6-B393-0735A39DFD80}
    FF - Ext: jsliblive: {DF8E5247-8E0A-4de6-B393-0735A39DFD80} - %profile%\extensions\{DF8E5247-8E0A-4de6-B393-0735A39DFD80}
    FF - Ext: myFireFox: {e213bb8f-8ebd-11db-96b7-005056c00008} - %profile%\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
    FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    FF - Ext: FoxLingo: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} - %profile%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
    FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
    FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: network.proxy.type - 0
    FF - user.js: network.proxy.http -
    user_pref(network.proxy.http_port,);
    FF - user.js: network.proxy.no_proxies_on -
    .
    .
    ------- File Associations -------
    .
    .txt=emeditor.txt
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-RunOnce-<NO NAME> - (no file)
    SafeBoot-69925690.sys
    MSConfigStartUp-AdobeCS4ServiceManager - :c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    AddRemove-7-Zip - d:\a-system\7-Zip\Uninstall.exe
    AddRemove-MiNODLogin - c:\program files\ESET\MiNODLogin\MiNODLoginUninst.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
    "ImagePath"="\??\d:\a-media\CyberLink\PowerDVD10\NavFilter\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2114088240-1154956335-2722242917-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\b„v*gaR]
    @Allowed: (Read) (RestrictedCode)
    @SACL=(02 0001)
    "Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-05-26 12:16:27
    ComboFix-quarantined-files.txt 2011-05-26 16:16
    .
    Pre-Run: 8,548,237,312 bytes free
    Post-Run: 8,417,800,192 bytes free
    .
    - - End Of File - - 5528185E64C7349C1B63A3EAFCA298FE
     
  8. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Looks good :)

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. JYZero

    JYZero TS Rookie Topic Starter Posts: 39

    Hi Broni,

    Thanks a lot thus far. I haven't encountered any problems regarding Windows Recovery lately. However, a few days ago, it seemed that I got hit with a redirect virus. I believe this was before I ran ansWBR and combofix. Nonetheless, it appears to have been resolved, because Google's working fine for me. Is there anyway to know for certain, though?

    OTL:

    OTL logfile created on: 27/05/2011 12:28:12 PM - Run 3
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Jeffery\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00001009 | Country: 加拿大 | Language: ENC | Date Format: dd/MM/yyyy

    1014.12 Mb Total Physical Memory | 110.04 Mb Available Physical Memory | 10.85% Memory free
    2.48 Gb Paging File | 1.50 Gb Available in Paging File | 60.42% Paging File free
    Paging file location(s): C:\pagefile.sys 1521 1521 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 41.60 Gb Total Space | 7.78 Gb Free Space | 18.69% Space Free | Partition Type: NTFS
    Drive D: | 25.08 Gb Total Space | 14.35 Gb Free Space | 57.23% Space Free | Partition Type: NTFS
    Drive E: | 45.00 Gb Total Space | 9.32 Gb Free Space | 20.71% Space Free | Partition Type: NTFS

    Computer Name: NB02 | User Name: Jeffery | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/27 12:03:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jeffery\Desktop\OTL.exe
    PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/12/08 17:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/06/11 18:14:24 | 001,280,344 | ---- | M] (IObit) -- D:\A-www\IObit Security 360\is360tray.exe
    PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- D:\A-www\IObit Security 360\is360srv.exe
    PRC - [2010/02/22 16:50:16 | 000,810,120 | -H-- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    PRC - [2010/02/22 16:49:56 | 002,140,880 | -H-- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
    PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\A-system\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) -- D:\A-system\Webroot\Washer\WasherSvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/27 12:03:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jeffery\Desktop\OTL.exe
    MOD - [2011/01/19 19:53:34 | 000,238,424 | ---- | M] (IObit) -- D:\A-www\IObit Security 360\is360mon.dll
    MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
    MOD - [2010/02/22 16:53:44 | 000,011,952 | -H-- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\eplgHooks.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- D:\A-www\IObit Security 360\is360srv.exe -- (IS360service)
    SRV - [2010/04/03 23:17:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/04/01 21:35:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/17 00:56:26 | 000,458,432 | ---- | M] (AltrixSoft (http://www.altrixsoft.com/)) [On_Demand | Stopped] -- C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe -- (HDDSvc)
    SRV - [2010/02/22 16:52:52 | 000,033,560 | -H-- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
    SRV - [2010/02/22 16:50:16 | 000,810,120 | -H-- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- D:\A-system\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/04/05 13:52:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/03/13 12:58:52 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/04/04 01:06:07] [Kernel | Auto | Running] -- D:\A-media\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
    DRV - [2010/02/22 16:51:14 | 000,041,312 | -H-- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
    DRV - [2010/02/22 16:51:04 | 000,032,584 | -H-- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
    DRV - [2010/02/22 16:50:56 | 000,134,488 | -H-- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
    DRV - [2010/02/22 16:50:06 | 000,114,984 | -H-- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2010/02/22 16:47:22 | 000,133,512 | -H-- | M] (ESET) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
    DRV - [2010/02/12 23:48:20 | 001,781,760 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/07/06 13:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gotoya.com/


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    IE - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-tw
    IE - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 19 50 26 19 D0 CA 01 [binary data]
    IE - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaultthis.engineName: "mobilewitch Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1605787&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.openintab: true
    FF - prefs.js..browser.search.selectedEngine: "mobilewitch Customized Web Search"
    FF - prefs.js..browser.search.selectedengine: "winamp search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.search.usedbfororder: true
    FF - prefs.js..browser.startup.homepage: "http://www.daemon-search.com/startpage|http://7999.com/"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
    FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
    FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.2
    FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.91
    FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:1.1.1
    FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:1.1.5
    FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.3
    FF - prefs.js..extensions.enabledItems: {8051A235-3BDB-4450-9C02-8CD8C6F9E2CB}:0.3.3
    FF - prefs.js..extensions.enabledItems: CustomButtons2@cbtnext.org:3.1.0
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
    FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.0.3
    FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.18
    FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
    FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.5.46
    FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.6.1
    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
    FF - prefs.js..extensions.enabledItems: {83874588-ae10-4dbb-8dba-8301c86cb8fc}:2.1.0.1
    FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.1
    FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
    FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
    FF - prefs.js..extensions.enabledItems: {25A1388B-6B18-46c3-BEBA-A81915D0DE8F}:1.7.0.1
    FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.4
    FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
    FF - prefs.js..extensions.enabledItems: TabSidebar@blueprintit.co.uk:2.5
    FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
    FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.3.3
    FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2
    FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.12
    FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.5.10
    FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.6.0.1
    FF - prefs.js..extensions.enabledItems: {DF8E5247-8E0A-4de6-B393-0735A39DFD80}:0.1.359
    FF - prefs.js..extensions.enabledItems: {22870005-adef-4c9d-ae36-d0e1f2f27e5a}:0.4.0.6
    FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
    FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
    FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.66.0
    FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
    FF - prefs.js..extensions.enabledItems: 5
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: support@auto-hide-ip.com:1.0
    FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
    FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.19
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
    FF - prefs.js..extensions.enabledItems: {ded0fc70-7215-4802-afeb-b2982d3e7225}:3.6
    FF - prefs.js..extensions.enabledItems: {1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}:3.6
    FF - prefs.js..extensions.enabledItems: camifox@altmusictv.com:3.6.5
    FF - prefs.js..extensions.enabledItems: kempelton-fx@arvidaxelsson.se:3.2.1
    FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
    FF - prefs.js..extensions.enabledItems: {069FB356-C69F-7349-D092-AB28AF836D0E}:0.9.030
    FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
    FF - prefs.js..extensions.enabledItems: {dd30bf68-268a-4815-ad48-8740b774c764}:5.0.0
    FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.4
    FF - prefs.js..extensions.enabledItems: stratareloaded@addons.mozilla.org:2.3.0
    FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81b1}:2.0
    FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.90
    FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.90
    FF - prefs.js..extensions.enabledItems: theme@yogurttree.com:0.6.2
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
    FF - prefs.js..extensions.enabledItems: {22119944-ed35-4ab1-910b-e619ea06a115}:6.9.93
    FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
    FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.2.6
    FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.84
    FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:0.8.1
    FF - prefs.js..extensions.enabledItems: {b042753d-f57e-4e8e-a01b-7379a6d4cefb}:1.08
    FF - prefs.js..extensions.enabledItems: en-gb@dictionaries.addons.mozilla.org:1.19
    FF - prefs.js..extensions.enabledItems: en-ca@dictionaries.addons.mozilla.org:1.1.1
    FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.1
    FF - prefs.js..extensions.enabledItems: {8051a235-3bdb-4450-9c02-8cd8c6f9e2cb}:0.3.1
    FF - prefs.js..extensions.enabledItems: custombuttons2@cbtnext.org:3.0.0
    FF - prefs.js..extensions.enabledItems: {d4dd63fa-01e4-46a7-b6b1-edab7d6ad389}:0.9.6.5
    FF - prefs.js..extensions.enabledItems: {ddc359d1-844a-42a7-9aa1-88a850a938a8}:1.1.3
    FF - prefs.js..extensions.enabledItems: {4bbdd651-70cf-4821-84f8-2b918cf89ca3}:6.1
    FF - prefs.js..extensions.enabledItems: {db9127a2-3381-41ec-82b3-1b6ed4c6f29a}:1.0
    FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.8.7
    FF - prefs.js..extensions.enabledItems: {0538e3e3-7e9b-4d49-8831-a227c80a7ad3}:0.9.9
    FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.5.11
    FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.4
    FF - prefs.js..extensions.enabledItems: {83874588-ae10-4dbb-8dba-8301c86cb8fc}:2.0.4.3
    FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.3.11
    FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.2
    FF - prefs.js..extensions.enabledItems: {81bf1d23-5f17-408d-ac6b-bd6df7caf670}:6.2.1.5
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {df8e5247-8e0a-4de6-b393-0735a39dfd80}:0.1.359
    FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.12
    FF - prefs.js..extensions.enabledItems: multipletab@piro.sakura.ne.jp:0.3.2009051101
    FF - prefs.js..extensions.enabledItems: {37e4d8ea-8bda-4831-8ea1-89053939a250}:2.2.0.0
    FF - prefs.js..extensions.enabledItems: {25a1388b-6b18-46c3-beba-a81915d0de8f}:1.6.9
    FF - prefs.js..extensions.enabledItems: {0e776007-9038-4eb9-ab46-9a0f50d97d02}:1.0.4
    FF - prefs.js..extensions.enabledItems: sudoku@petr.blahos:1.1.0
    FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7.3
    FF - prefs.js..extensions.enabledItems: tabsidebar@blueprintit.co.uk:2.0.1
    FF - prefs.js..extensions.enabledItems: {1b33e42f-ef14-4cd3-b6dc-174571c4349c}:3.5
    FF - prefs.js..extensions.enabledItems: en-us@dictionaries.addons.mozilla.org:3.0.3
    FF - prefs.js..extensions.enabledItems: {8f6a6fd9-0619-459f-b9d0-81de065d4e21}:1.9
    FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.11
    FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.1.0
    FF - prefs.js..extensions.enabledItems: {89f8dde0-010a-11da-8cd6-0800200c9a66}:1.0.0.16
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20081023
    FF - prefs.js..extensions.enabledItems: {22870005-adef-4c9d-ae36-d0e1f2f27e5a}:0.4.0.5
    FF - prefs.js..extensions.enabledItems: {2fbc1200-ad13-11db-abbd-0800200c9a66}:3.0.1
    FF - prefs.js..extensions.enabledItems: {ded0fc70-7215-4802-afeb-b2982d3e7225}:3.3
    FF - prefs.js..extensions.enabledItems: {1deae5aa-e19e-458b-9c8c-73cb651b9a58}:3.3
    FF - prefs.js..extensions.enabledItems: {5c876f30-10ce-11dd-bd0b-0800200c9a66}:3.0.2
    FF - prefs.js..extensions.enabledItems: {47e5a66c-0e35-11dc-8314-0800200c9a66}:3.0.1
    FF - prefs.js..extensions.enabledItems: atlas@www.spuler.us:3.0
    FF - prefs.js..extensions.enabledItems: {d62e0de0-401b-11dd-ae16-0800200c9a66}:3.1
    FF - prefs.js..extensions.enabledItems: {1bb9ca60-cdad-11dd-ad8b-0800200c9a66}:1.1
    FF - prefs.js..extensions.enabledItems: {04ca07ab-7fc3-4110-a83f-ef1e6b75d5b0}:4.0.1
    FF - prefs.js..extensions.enabledItems: {99de5f32-88bf-43c9-b47e-a894a4b72e71}:2.1
    FF - prefs.js..extensions.enabledItems: foxdie@tanjihay.com:3.0.3
    FF - prefs.js..extensions.enabledItems: foxdiegraphite@tanjihay.com:3.0.4
    FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.63
    FF - prefs.js..extensions.enabledItems: {dd30bf68-268a-4815-ad48-8740b774c764}:4.2.3.3
    FF - prefs.js..extensions.enabledItems: stratareloaded@addons.mozilla.org:1.7.4
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?form=GLBTDF&pc=GLBL&q="
    FF - prefs.js..keyword.url: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationtype=tb50ffwinampab&query="
    FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.type: 0

    FF - user.js..network.proxy.type: 0
    FF - user.js..network.proxy.http: ""
    FF - user.js..network.proxy.http_port:
    FF - user.js..network.proxy.no_proxies_on: ""

    FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/05 15:57:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/05 15:57:56 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\A-www\Mozilla Firefox\components [2010/11/06 19:11:18 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\A-www\Mozilla Firefox\plugins [2011/02/21 19:49:22 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/04/01 22:09:20 | 000,000,000 | ---D | M]

    [2010/04/01 23:03:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Extensions
    [2011/05/02 14:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions
    [2010/04/04 00:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}
    [2010/04/03 23:48:18 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2010/04/03 23:48:18 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    [2010/04/03 23:48:20 | 000,000,000 | ---D | M] (Phoenity Next (formerly Phoenity Reborn)) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}
    [2010/04/03 23:48:20 | 000,000,000 | ---D | M] (Vista on XP) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81b1}
    [2010/04/03 23:48:30 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
    [2010/04/03 23:48:30 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
    [2010/04/03 23:48:30 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
    [2010/04/03 23:48:31 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2010/04/03 23:48:32 | 000,000,000 | ---D | M] (Aeon Colors) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}
    [2010/04/03 23:48:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/04/03 23:48:32 | 000,000,000 | ---D | M] ("æ–°åŒæ–‡å*‚ (New Tong Wen Tang)") -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{22870005-adef-4c9d-ae36-d0e1f2f27e5a}
    [2010/04/03 23:48:32 | 000,000,000 | ---D | M] (Quick Locale Switcher) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}
    [2010/04/03 23:48:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2010/04/03 23:48:35 | 000,000,000 | ---D | M] (WindowsUpdate) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2b}
    [2010/04/03 23:48:35 | 000,000,000 | ---D | M] (Qute) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
    [2010/04/03 23:48:36 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2010/04/03 23:48:36 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
    [2010/04/03 23:48:39 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
    [2010/04/03 23:48:39 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
    [2010/04/03 23:48:40 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
    [2010/04/03 23:48:40 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
    [2010/04/03 23:48:42 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
    [2010/04/03 23:48:42 | 000,000,000 | ---D | M] (Context Highlight) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{8051A235-3BDB-4450-9C02-8CD8C6F9E2CB}
    [2010/04/03 23:48:42 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
    [2010/04/03 23:48:43 | 000,000,000 | ---D | M] (Glubble) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{83874588-ae10-4dbb-8dba-8301c86cb8fc}
    [2010/04/03 23:48:46 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    [2010/04/04 00:26:16 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
    [2010/04/03 23:48:47 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
    [2010/04/03 23:48:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/04/03 23:48:52 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
    [2010/04/04 00:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}
    [2010/04/03 23:48:53 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2010/04/03 23:48:55 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
    [2010/04/03 23:48:55 | 000,000,000 | ---D | M] (Red Cats (green flavor)) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
    [2010/04/03 23:48:56 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    [2010/04/03 23:48:56 | 000,000,000 | ---D | M] (Aeon) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}
    [2010/04/03 23:48:56 | 000,000,000 | ---D | M] (jsLib) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{DF8E5247-8E0A-4de6-B393-0735A39DFD80}
    [2010/04/03 23:49:02 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
    [2010/04/03 23:49:02 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    [2010/04/03 23:49:03 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
    [2010/04/03 23:47:40 | 000,000,000 | ---D | M] (AnyColor) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\anycolor.pavlos256@gmail.com
    [2010/04/04 00:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\atlas@www.spuler.us
    [2010/04/03 23:47:44 | 000,000,000 | ---D | M] ("Better Gmail 2") -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\bettergmail2@ginatrapani.org
    [2010/04/03 23:47:45 | 000,000,000 | ---D | M] (Camifox) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\camifox@altmusictv.com
    [2010/04/03 23:47:46 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\CustomButtons2@cbtnext.org
    [2010/04/03 23:47:46 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\en-CA@dictionaries.addons.mozilla.org
    [2010/04/03 23:47:46 | 000,000,000 | ---D | M] (United States English Dictionary) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\en-US@dictionaries.addons.mozilla.org
    [2010/04/03 23:47:46 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\firefox@tvunetworks.com
    [2010/04/03 23:47:50 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\foxmarks@kei.com
    [2010/04/03 23:47:50 | 000,000,000 | ---D | M] (Kempelton) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\kempelton-fx@arvidaxelsson.se
    [2010/04/03 23:47:50 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\noia2_option@kk.noia
    [2010/04/03 23:49:29 | 000,000,000 | ---D | M] (Silvermel) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\silvermel@pardal.de
    [2010/04/03 23:47:51 | 000,000,000 | ---D | M] (Silvermel and Charamel XT) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\silvermelxt@pardal.de
    [2010/04/03 23:47:53 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\smarterwiki@wikiatic.com
    [2010/04/03 23:48:12 | 000,000,000 | ---D | M] (Strata RELOADED) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\stratareloaded@addons.mozilla.org
    [2010/04/03 23:48:13 | 000,000,000 | ---D | M] (Auto Hide IP) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\support@auto-hide-ip.com
    [2010/04/03 23:48:16 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\support@lastpass.com
    [2010/04/03 23:48:16 | 000,000,000 | ---D | M] (Tab Sidebar) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\TabSidebar@blueprintit.co.uk
    [2010/04/03 23:48:17 | 000,000,000 | ---D | M] (yogurttree) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\theme@yogurttree.com
    [2010/10/26 22:38:01 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\vshare@toolbar
    [2010/04/03 23:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
    [2010/04/03 23:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
    [2010/04/03 23:47:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.0x\mozapps\extensions
    [2010/04/03 23:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.5x\mozapps\extensions
    [2010/04/03 23:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.6x\mozapps\extensions
    [2010/04/03 23:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.7x\mozapps\extensions
    [2009/04/23 09:04:00 | 000,002,267 | ---- | M] () -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\searchplugins\ask.xml
    [2010/01/22 01:04:22 | 000,001,949 | ---- | M] () -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\searchplugins\bing.xml
    [2010/01/20 05:20:48 | 000,000,925 | ---- | M] () -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\searchplugins\conduit.xml
    [2009/04/23 09:26:18 | 000,001,632 | ---- | M] () -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\searchplugins\weathercom.xml
    [2009/07/28 07:52:08 | 000,001,201 | ---- | M] () -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\searchplugins\winamp-search.xml
    [2011/01/05 15:57:55 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
    [2011/01/05 15:57:56 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
    [2010/08/02 01:12:37 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- D:\A-WWW\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
    [2010/03/29 23:27:12 | 000,000,000 | ---D | M] (Java Console) -- D:\A-WWW\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    [2010/03/29 23:27:13 | 000,000,000 | ---D | M] (flashget3 Extension) -- D:\A-WWW\MOZILLA FIREFOX\EXTENSIONS\{DB9127A2-3381-41EC-82B3-1B6ED4C6F29A}

    O1 HOSTS File: ([2011/05/26 12:12:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\A-system\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
    O2 - BHO: (no name) - {CE439C63-384A-747A-A357-23D96B5D652B} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\IEPro\IEProRecorder.dll ()
    O3 - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\IEPro\IEProRecorder.dll ()
    O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4 - HKLM..\Run: [IObit Security 360] D:\A-www\IObit Security 360\IS360tray.exe (IObit)
    O4 - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000..\Run: [SpybotSD TeaTimer] D:\A-system\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbar present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbar present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbar present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbar present
    O7 - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000\Software\Policies\Microsoft\Internet Explorer\Toolbar present
    O7 - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
    O7 - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
    O7 - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
    O7 - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
    O7 - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 16
    O7 - HKU\S-1-5-21-2114088240-1154956335-2722242917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &使用BitComet下載 - D:\A-www\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &使用BitComet下載全部影片 - D:\A-www\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &使用BitComet下載全部連結 - D:\A-www\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: Google 網頁註解... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
    O8 - Extra context menu item: 剪貼簿文字: 簡 > 繁 - D:\A-www\ALiBaBar\ALiBaBar.dll (Alfred, C. S. Li)
    O8 - Extra context menu item: 剪貼簿文字: 繁 > 簡 - D:\A-www\ALiBaBar\ALiBaBar.dll (Alfred, C. S. Li)
    O8 - Extra context menu item: 網頁: [簡體] 顯示 - D:\A-www\ALiBaBar\ALiBaBar.dll (Alfred, C. S. Li)
    O8 - Extra context menu item: 網頁: [繁體] 顯示 - D:\A-www\ALiBaBar\ALiBaBar.dll (Alfred, C. S. Li)
    O8 - Extra context menu item: 轉換成簡體中文(&S) - C:\Windows\System32\tcscconv.dll (Microsoft Corporation)
    O8 - Extra context menu item: 轉換成繁體中文(&T) - C:\Windows\System32\tcscconv.dll (Microsoft Corporation)
    O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
    O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
    O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
    O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - D:\A-www\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\A-system\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.12.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (pgdfgsvc C 1) - C:\Windows\System32\pgdfgsvc.exe (Sysinternals - www.sysinternals.com)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    (continued below)
     
  10. JYZero

    JYZero TS Rookie Topic Starter Posts: 39

    Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
    Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
    Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioD FileDescription)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.DIV3 - C:\Windows\System32\DivXc32.dll (Hacked with Joy !)
    Drivers32: VIDC.DIV4 - C:\Windows\System32\DivXc32f.dll (Hacked with Joy !)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: VIDC.HFYU - C:\Windows\System32\huffyuv.dll (Disappearing Inc.)
    Drivers32: vidc.i263 - C:\Windows\System32\I263_32.drv (Intel Corporation)
    Drivers32: VIDC.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: VIDC.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: VIDC.VP62 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: VIDC.VP70 - C:\Windows\System32\vp7vfw.dll (On2.com)
    Drivers32: VIDC.X264 - C:\Windows\System32\x264vfw.dll ()
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\System32\DivX.dll (DivX, Inc.)


    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/27 12:03:17 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Jeffery\Desktop\OTL.exe
    [2011/05/27 03:28:53 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/05/26 12:16:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/05/26 12:16:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/05/26 12:16:29 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\temp
    [2011/05/26 12:00:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/05/24 14:34:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/05/24 14:34:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/05/24 14:34:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/05/24 13:45:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/05/24 13:37:45 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/24 12:33:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
    [2011/05/24 12:32:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
    [2011/05/24 12:26:17 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Jeffery\Desktop\aswMBR.exe
    [2011/05/23 20:13:16 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
    [2011/05/23 15:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATMA V
    [2011/05/23 02:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Editor
    [2011/05/23 02:29:26 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hero Editor
    [2011/05/21 02:27:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/05/21 02:18:45 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.50.1.1100.exe
    [2011/05/20 18:40:43 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II
    [2011/05/20 18:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
    [2011/05/20 18:18:13 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
    [2011/05/20 01:04:28 | 000,212,992 | ---- | C] (SoftDesigner) -- C:\Users\Jeffery\Desktop\Unhider.exe
    [2011/05/20 00:50:03 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Jeffery\Desktop\dds.scr
    [2011/05/20 00:21:38 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Roaming\Malwarebytes
    [2011/05/20 00:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/05/20 00:20:34 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jeffery\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/05/19 23:08:19 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
    [2011/05/05 22:53:47 | 000,000,000 | ---D | C] -- D:\My Documents\My Downloads
    [2011/01/03 03:19:33 | 130,359,064 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-Aware90Install.exe
    [2010/09/14 23:16:46 | 001,888,672 | ---- | C] (mIRC Co. Ltd.) -- C:\Program Files\mirc71.exe

    ========== Files - Modified Within 30 Days ==========

    [2011/05/27 12:15:42 | 000,014,416 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/27 12:15:42 | 000,014,416 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/27 12:03:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jeffery\Desktop\OTL.exe
    [2011/05/27 11:48:06 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/05/27 11:45:55 | 000,631,174 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/05/27 11:45:55 | 000,414,902 | ---- | M] () -- C:\Windows\System32\perfh012.dat
    [2011/05/27 11:45:55 | 000,403,684 | ---- | M] () -- C:\Windows\System32\perfh011.dat
    [2011/05/27 11:45:55 | 000,400,486 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
    [2011/05/27 11:45:55 | 000,376,934 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
    [2011/05/27 11:45:55 | 000,111,346 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
    [2011/05/27 11:45:55 | 000,111,346 | ---- | M] () -- C:\Windows\System32\perfc011.dat
    [2011/05/27 11:45:55 | 000,111,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/05/27 11:45:55 | 000,109,634 | ---- | M] () -- C:\Windows\System32\perfc012.dat
    [2011/05/27 11:45:55 | 000,109,206 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
    [2011/05/27 11:41:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/05/27 11:41:32 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/27 02:40:03 | 000,000,532 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/05/27 01:28:14 | 000,000,056 | ---- | M] () -- C:\Windows\kgt2k.INI
    [2011/05/26 12:12:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/05/24 13:53:03 | 002,337,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/05/24 12:35:17 | 004,353,961 | R--- | M] () -- C:\Users\Jeffery\Desktop\ComboFix.exe
    [2011/05/24 12:31:34 | 000,000,512 | ---- | M] () -- C:\Users\Jeffery\Desktop\MBR.dat
    [2011/05/24 12:26:17 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Jeffery\Desktop\aswMBR.exe
    [2011/05/22 02:08:18 | 000,000,614 | ---- | M] () -- C:\Windows\tasks\Pointstone Quick Maintenance.job
    [2011/05/21 19:07:29 | 000,037,762 | ---- | M] () -- C:\Windows\DIIUnin.dat
    [2011/05/21 17:27:12 | 000,021,840 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll
    [2011/05/21 17:27:11 | 000,017,212 | ---- | M] () -- C:\Windows\System32\SIntf32.dll
    [2011/05/21 17:27:11 | 000,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll
    [2011/05/21 02:22:21 | 000,014,282 | -HS- | M] () -- C:\Users\Jeffery\AppData\Local\4kfewgx2ou258k5cofb45m2n4a0c7s62ftya45hw34e01b
    [2011/05/21 02:22:21 | 000,014,282 | -HS- | M] () -- C:\ProgramData\4kfewgx2ou258k5cofb45m2n4a0c7s62ftya45hw34e01b
    [2011/05/20 18:18:14 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
    [2011/05/20 18:18:13 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
    [2011/05/20 01:18:52 | 000,606,104 | ---- | M] () -- C:\Users\Jeffery\Desktop\unhide.exe
    [2011/05/20 00:50:10 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Jeffery\Desktop\dds.scr
    [2011/05/20 00:45:16 | 000,302,080 | ---- | M] () -- C:\Users\Jeffery\Desktop\608v5p50.exe
    [2011/05/20 00:20:44 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jeffery\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/05/20 00:20:44 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.50.1.1100.exe
    [2011/05/20 00:20:28 | 052,676,424 | ---- | M] () -- C:\avira_antivir_personal_en.exe
    [2011/05/19 23:08:20 | 000,000,136 | ---- | M] () -- C:\ProgramData\~26402552r
    [2011/05/19 23:08:20 | 000,000,112 | ---- | M] () -- C:\ProgramData\~26402552
    [2011/05/19 23:08:01 | 000,000,336 | ---- | M] () -- C:\ProgramData\26402552
    [2011/04/27 21:08:49 | 000,183,528 | ---- | M] () -- D:\My Documents\Streptococcal cells.pdf
    [2011/04/27 21:03:51 | 000,472,088 | ---- | M] () -- D:\My Documents\DifferentReagents.pdf
    [2011/04/27 21:01:50 | 000,662,524 | ---- | M] () -- D:\My Documents\DNAExtactionforPCR.pdf

    color=#E56717]========== Files Created - No Company Name ==========[/color]

    [2011/05/24 14:34:54 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/05/24 14:34:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/05/24 14:34:54 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/05/24 14:34:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/05/24 14:34:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/05/24 14:15:36 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2011/05/24 12:35:17 | 004,353,961 | R--- | C] () -- C:\Users\Jeffery\Desktop\ComboFix.exe
    [2011/05/24 12:31:34 | 000,000,512 | ---- | C] () -- C:\Users\Jeffery\Desktop\MBR.dat
    [2011/05/23 20:15:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2011/05/23 20:14:34 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
    [2011/05/23 20:12:52 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/05/23 20:12:46 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
    [2011/05/23 20:12:20 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
    [2011/05/20 18:36:14 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
    [2011/05/20 18:36:14 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
    [2011/05/20 18:36:14 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
    [2011/05/20 18:18:16 | 000,037,762 | ---- | C] () -- C:\Windows\DIIUnin.dat
    [2011/05/20 18:18:14 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
    [2011/05/20 03:28:01 | 000,014,282 | -HS- | C] () -- C:\Users\Jeffery\AppData\Local\4kfewgx2ou258k5cofb45m2n4a0c7s62ftya45hw34e01b
    [2011/05/20 03:28:01 | 000,014,282 | -HS- | C] () -- C:\ProgramData\4kfewgx2ou258k5cofb45m2n4a0c7s62ftya45hw34e01b
    [2011/05/20 01:30:28 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011/05/20 01:30:28 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/05/20 01:30:28 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011/05/20 01:30:28 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Update ESET's license.lnk
    [2011/05/20 01:30:28 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011/05/20 01:30:28 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\Hard Drive Inspector.lnk
    [2011/05/20 01:30:28 | 000,000,406 | ---- | C] () -- C:\Users\Public\Desktop\Messenger Center.lnk
    [2011/05/20 01:30:28 | 000,000,406 | ---- | C] () -- C:\Users\Public\Desktop\Media Player Center.lnk
    [2011/05/20 01:18:44 | 000,606,104 | ---- | C] () -- C:\Users\Jeffery\Desktop\unhide.exe
    [2011/05/20 00:45:13 | 000,302,080 | ---- | C] () -- C:\Users\Jeffery\Desktop\608v5p50.exe
    [2011/05/20 00:20:28 | 052,676,424 | ---- | C] () -- C:\avira_antivir_personal_en.exe
    [2011/05/19 23:08:20 | 000,000,136 | ---- | C] () -- C:\ProgramData\~26402552r
    [2011/05/19 23:08:20 | 000,000,112 | ---- | C] () -- C:\ProgramData\~26402552
    [2011/05/19 23:08:01 | 000,000,336 | ---- | C] () -- C:\ProgramData\26402552
    [2011/04/27 21:08:49 | 000,183,528 | ---- | C] () -- D:\My Documents\Streptococcal cells.pdf
    [2011/04/27 21:03:51 | 000,472,088 | ---- | C] () -- D:\My Documents\DifferentReagents.pdf
    [2011/04/27 21:01:50 | 000,662,524 | ---- | C] () -- D:\My Documents\DNAExtactionforPCR.pdf
    [2011/01/15 04:39:27 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
    [2010/08/02 01:16:07 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2010/05/02 22:42:12 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1018.EXE
    [2010/04/29 22:49:34 | 000,005,632 | ---- | C] () -- C:\Users\Jeffery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/04 01:17:54 | 002,378,752 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
    [2010/04/04 01:17:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2010/04/01 23:02:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/04/01 19:59:51 | 000,001,024 | ---- | C] () -- C:\Windows\System32\pdfeditor.dat
    [2010/04/01 06:43:44 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2010/03/31 02:28:58 | 000,000,055 | ---- | C] () -- C:\Windows\srstati.ini
    [2010/03/30 00:43:40 | 000,001,606 | ---- | C] () -- C:\Windows\System32\IE 8.INI
    [2010/02/21 04:48:22 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/12/07 22:36:34 | 000,400,486 | ---- | C] () -- C:\Windows\System32\prfh0404.dat
    [2009/12/07 22:36:34 | 000,117,840 | ---- | C] () -- C:\Windows\System32\prfi0404.dat
    [2009/12/07 22:36:34 | 000,111,346 | ---- | C] () -- C:\Windows\System32\prfc0404.dat
    [2009/12/07 22:36:34 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0404.dat
    [2009/12/07 22:31:02 | 000,376,934 | ---- | C] () -- C:\Windows\System32\prfh0804.dat
    [2009/12/07 22:31:02 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat
    [2009/12/07 22:31:02 | 000,109,206 | ---- | C] () -- C:\Windows\System32\prfc0804.dat
    [2009/12/07 22:31:02 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat
    [2009/12/07 22:25:45 | 000,414,902 | ---- | C] () -- C:\Windows\System32\perfh012.dat
    [2009/12/07 22:25:45 | 000,157,694 | ---- | C] () -- C:\Windows\System32\perfi012.dat
    [2009/12/07 22:25:45 | 000,109,634 | ---- | C] () -- C:\Windows\System32\perfc012.dat
    [2009/12/07 22:25:45 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd012.dat
    [2009/12/07 22:20:27 | 000,403,684 | ---- | C] () -- C:\Windows\System32\perfh011.dat
    [2009/12/07 22:20:27 | 000,141,988 | ---- | C] () -- C:\Windows\System32\perfi011.dat
    [2009/12/07 22:20:27 | 000,111,346 | ---- | C] () -- C:\Windows\System32\perfc011.dat
    [2009/12/07 22:20:27 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd011.dat
    [2009/08/16 10:08:36 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 00:33:53 | 002,337,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/13 22:05:48 | 000,631,174 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/13 22:05:48 | 000,111,346 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009/05/29 15:52:26 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/05/29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

    ========== LOP Check ==========

    [2011/01/03 02:44:44 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Auslogics
    [2010/07/01 17:05:48 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\ChemTable Software
    [2010/04/13 22:50:24 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\DAEMON Tools Lite
    [2010/04/01 22:11:44 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\ESET
    [2010/04/01 19:46:25 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Foxit
    [2010/04/01 19:50:05 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Foxit Software
    [2011/02/26 14:11:01 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\GetRightToGo
    [2010/04/03 23:38:34 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\GrabPro
    [2010/04/04 09:55:51 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\IObit
    [2010/10/23 23:59:35 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\JAM Software
    [2010/10/03 14:06:51 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\MxBoost
    [2010/04/03 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Pointstone
    [2010/03/31 02:31:57 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Super Rabbit
    [2011/01/22 21:34:49 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\TeraCopy
    [2010/04/04 10:14:49 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Thinstall
    [2010/04/04 22:27:03 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Uniblue
    [2010/03/31 02:32:05 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\URSoft
    [2010/04/04 00:57:16 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Win7codecs
    [2011/05/25 13:37:41 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\XnView
    [2011/05/22 02:08:18 | 000,000,614 | ---- | M] () -- C:\Windows\Tasks\Pointstone Quick Maintenance.job
    [2011/01/28 19:38:51 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/01/03 03:21:59 | 130,359,064 | ---- | M] (Lavasoft ) -- C:\Ad-Aware90Install.exe
    [2010/09/12 11:27:38 | 000,029,421 | ---- | M] () -- C:\applicant_signature.pdf
    [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2011/05/20 00:20:28 | 052,676,424 | ---- | M] () -- C:\avira_antivir_personal_en.exe
    [2011/05/26 12:16:27 | 000,023,155 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/05/26 12:16:43 | 000,000,174 | -HS- | M] () -- C:\desktop.ini
    [2011/05/27 11:41:32 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/20 13:38:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/05/02 22:42:44 | 000,017,468 | ---- | M] () -- C:\M1319.log
    [2011/05/20 00:20:44 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.50.1.1100.exe
    [2011/01/20 13:38:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/05/27 11:41:30 | 1594,884,096 | -HS- | M] () -- C:\pagefile.sys
    [2010/09/12 11:27:44 | 000,028,435 | ---- | M] () -- C:\parent_signature.pdf
    [2011/05/21 02:36:58 | 000,000,463 | ---- | M] () -- C:\rkill.log
    [2010/05/13 19:32:36 | 000,314,973 | ---- | M] () -- C:\ShuChu-archive09.pdf
    [2011/01/03 03:26:06 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\spybotsd162.exe
    [2011/05/24 11:05:43 | 000,067,948 | ---- | M] () -- C:\TDSSKiller.2.5.2.0_24.05.2011_11.04.03_log.txt
    [2010/05/13 19:32:29 | 000,312,257 | ---- | M] () -- C:\TsungMing-archive09.pdf

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
    [2010/11/20 08:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
    [2007/12/09 20:00:00 | 000,057,344 | ---- | M] (Zenographics, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\ZIMFPRNT.DLL

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/04/17 01:35:10 | 000,303,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/06/03 18:48:12 | 000,001,654 | -HS- | M] () -- C:\Users\Jeffery\AppData\Roaming\Microsoft\LastFlashConfig.wfc

    < %PROGRAMFILES%\*.* >
    [2011/01/03 03:19:41 | 130,359,064 | ---- | M] (Lavasoft ) -- C:\Program Files\Ad-Aware90Install.exe
    [2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
    [2010/09/14 23:17:04 | 001,888,672 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mirc71.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/03/30 10:56:07 | 000,000,221 | -HS- | M] () -- C:\Users\Jeffery\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/05/20 00:45:16 | 000,302,080 | ---- | M] () -- C:\Users\Jeffery\Desktop\608v5p50.exe
    [2011/05/24 12:26:17 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Jeffery\Desktop\aswMBR.exe
    [2011/05/24 12:35:17 | 004,353,961 | R--- | M] () -- C:\Users\Jeffery\Desktop\ComboFix.exe
    [2011/05/20 00:20:44 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jeffery\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/05/27 12:03:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jeffery\Desktop\OTL.exe
    [2011/05/20 01:18:52 | 000,606,104 | ---- | M] () -- C:\Users\Jeffery\Desktop\unhide.exe
    [2008/05/24 00:36:24 | 000,212,992 | ---- | M] (SoftDesigner) -- C:\Users\Jeffery\Desktop\Unhider.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/03/29 17:18:00 | 000,000,402 | -HS- | M] () -- C:\Users\Jeffery\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/05/19 23:08:01 | 000,000,336 | ---- | M] () -- C:\ProgramData\26402552
    [2011/05/21 02:22:21 | 000,014,282 | -HS- | M] () -- C:\ProgramData\4kfewgx2ou258k5cofb45m2n4a0c7s62ftya45hw34e01b
    [2011/05/19 23:08:20 | 000,000,112 | ---- | M] () -- C:\ProgramData\~26402552
    [2011/05/19 23:08:20 | 000,000,136 | ---- | M] () -- C:\ProgramData\~26402552r

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2011/05/22 02:08:00 | 000,000,000 | --SD | M](D:\My Documents\???????) -- D:\My Documents\我已接收的檔案
    [2011/05/20 01:30:29 | 000,000,766 | ---- | C] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\快速關機.lnk
    [2011/05/20 01:30:29 | 000,000,720 | ---- | C] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\重新開機.lnk
    [2010/04/04 09:59:07 | 000,001,683 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-SLOW-PCfighter.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-SLOW-PCfighter.lnk
    [2010/04/04 09:59:07 | 000,001,683 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-SLOW-PCfighter.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-SLOW-PCfighter.lnk
    [2010/04/04 09:46:22 | 000,000,747 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-PowerSuite.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統維護-PowerSuite.lnk
    [2010/04/04 09:46:22 | 000,000,747 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-PowerSuite.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統維護-PowerSuite.lnk
    [2010/04/04 01:19:01 | 000,000,870 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\?????-Media Player Classic - Home Cinema.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\多媒體播放-Media Player Classic - Home Cinema.lnk
    [2010/04/04 01:13:33 | 000,001,005 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-PowerDVD.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\影像播放-PowerDVD.lnk
    [2010/04/04 01:13:33 | 000,001,005 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-PowerDVD.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\影像播放-PowerDVD.lnk
    [2010/04/03 22:11:53 | 000,000,748 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-System Cleaner 5.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟清理-System Cleaner 5.lnk
    [2010/04/03 22:11:53 | 000,000,748 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-System Cleaner 5.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟清理-System Cleaner 5.lnk
    [2010/03/31 02:41:38 | 000,000,805 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-EmEditor.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\文書撰寫-EmEditor.lnk
    [2010/03/31 02:41:38 | 000,000,785 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Auslogics BoostSpeed.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統設定-Auslogics BoostSpeed.lnk
    [2010/03/31 02:41:38 | 000,000,621 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\??????.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統清理工具.lnk
    [2010/03/31 02:41:37 | 000,001,703 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Windows 7 Manager.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統設定-Windows 7 Manager.lnk
    [2010/03/31 02:41:37 | 000,001,000 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-TuneUp Utilities.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統設定-TuneUp Utilities.lnk
    [2010/03/31 02:41:37 | 000,000,833 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Windows 7 ????.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統設定-Windows 7 優化大師.lnk
    [2010/03/31 02:41:37 | 000,000,726 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-WinUtilities.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統設定-WinUtilities.lnk
    [2010/03/31 02:41:37 | 000,000,704 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-WinTools.net Ultimate.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統設定-WinTools.net Ultimate.lnk
    [2010/03/31 02:41:36 | 000,001,022 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-TuneUp 1-Click Maintenance.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統維護-TuneUp 1-Click Maintenance.lnk
    [2010/03/31 02:41:36 | 000,000,874 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Advanced SystemCare.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統維護-Advanced SystemCare.lnk
    [2010/03/31 02:41:36 | 000,000,681 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-????.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統設定-超級兔子.lnk
    [2010/03/31 02:41:36 | 000,000,673 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Glary Utilities.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統維護-Glary Utilities.lnk
    [2010/03/31 02:41:35 | 000,000,884 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\開啟光碟.lnk
    [2010/03/31 02:41:35 | 000,000,831 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-WinASO Registry Optimizer.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-WinASO Registry Optimizer.lnk
    [2010/03/31 02:41:35 | 000,000,683 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-RegVac Registry Cleaner.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-RegVac Registry Cleaner.lnk
    [2010/03/31 02:41:35 | 000,000,681 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-RegCure.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-RegCure.lnk
    [2010/03/31 02:41:35 | 000,000,672 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Reg Organizer.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-Reg Organizer.lnk
    [2010/03/31 02:41:35 | 000,000,630 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-xnview.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\圖像瀏覽-xnview.lnk
    [2010/03/31 02:41:34 | 000,000,828 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Window Washer.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟清理-Window Washer.lnk
    [2010/03/31 02:41:34 | 000,000,781 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Smart Defrag.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟重組-Smart Defrag.lnk
    [2010/03/31 02:41:34 | 000,000,756 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-CCleaner.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟清理-CCleaner.lnk
    [2010/03/31 02:41:34 | 000,000,716 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Vopt.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟重組-Vopt.lnk
    [2010/03/31 02:41:34 | 000,000,673 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-BitComet.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\網路下載-BitComet.lnk
    [2010/03/31 02:41:34 | 000,000,670 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-SuperCleaner.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟清理-SuperCleaner.lnk
    [2010/03/31 02:41:33 | 000,000,822 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\?????.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\關閉顯示器.lnk
    [2010/03/31 02:41:33 | 000,000,773 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\???-Mozilla Firefox.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\瀏覽器-Mozilla Firefox.lnk
    [2010/03/31 02:41:33 | 000,000,681 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\???-Avant Browser.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\瀏覽器-Avant Browser.lnk
    [2010/03/31 02:41:33 | 000,000,671 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Total Commander.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\檔案管理-Total Commander.lnk
    [2010/03/31 02:41:33 | 000,000,664 | ---- | C] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\???-Maxthon2.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\瀏覽器-Maxthon2.lnk
    [2010/03/30 11:14:51 | 000,000,000 | --SD | M](D:\My Documents\??????) -- D:\My Documents\我的資料來源
    [2010/03/30 11:14:45 | 000,000,000 | ---D | M](D:\My Documents\??????) -- D:\My Documents\我的最愛主題
    [2010/03/30 11:14:44 | 000,000,000 | ---D | M](D:\My Documents\?? Google ???) -- D:\My Documents\我的 Google 小工具
    [2010/03/30 11:12:18 | 000,000,000 | ---D | M](D:\My Documents\OneNote ???) -- D:\My Documents\OneNote 筆記本
    [2010/03/29 17:18:13 | 000,000,000 | ---D | M](C:\Users\Jeffery\Favorites\MSN ??) -- C:\Users\Jeffery\Favorites\MSN 網站
    [2010/03/29 17:18:13 | 000,000,000 | ---D | M](C:\Users\Jeffery\Favorites\Microsoft ??) -- C:\Users\Jeffery\Favorites\Microsoft 網站

    (Continued Below)
     
  11. JYZero

    JYZero TS Rookie Topic Starter Posts: 39

    [2010/03/29 17:17:26 | 000,000,000 | -HSD | M](C:\Users\Jeffery\[??] ???) -- C:\Users\Jeffery\[開始] 功能表
    [2010/03/29 17:12:46 | 000,000,000 | -HSD | M](C:\ProgramData\[??] ???) -- C:\ProgramData\[開始] 功能表
    [2010/03/29 17:12:46 | 000,000,000 | -HSD | M](C:\ProgramData\??) -- C:\ProgramData\桌面
    [2010/03/29 17:12:46 | 000,000,000 | -HSD | M](C:\ProgramData\[??] ???) -- C:\ProgramData\[開始] 功能表
    [2010/03/29 17:12:46 | 000,000,000 | -HSD | M](C:\ProgramData\??) -- C:\ProgramData\桌面
    [2010/03/28 20:05:08 | 000,000,438 | ---- | C] ()(D:\My Documents\???????.lnk) -- D:\My Documents\我的共用資料夾.lnk
    [2010/03/28 20:04:56 | 000,015,907 | ---- | C] ()(D:\My Documents\NP Bookkeeping (????).xlsx) -- D:\My Documents\NP Bookkeeping (自動儲存).xlsx
    [2010/03/28 20:04:07 | 000,014,243 | ---- | C] ()(D:\My Documents\Book1 (????).xlsx) -- D:\My Documents\Book1 (自動儲存).xlsx
    [2010/03/28 20:04:04 | 000,000,000 | --SD | C](D:\My Documents\??????) -- D:\My Documents\我的資料來源
    [2010/03/28 20:03:56 | 000,000,000 | ---D | C](D:\My Documents\??????) -- D:\My Documents\我的最愛主題
    [2010/03/28 20:03:56 | 000,000,000 | ---D | C](D:\My Documents\?? Google ???) -- D:\My Documents\我的 Google 小工具
    [2010/03/28 20:03:42 | 000,000,000 | --SD | C](D:\My Documents\???????) -- D:\My Documents\我已接收的檔案
    [2010/03/28 19:59:09 | 000,000,000 | ---D | C](D:\My Documents\OneNote ???) -- D:\My Documents\OneNote 筆記本
    [2010/03/10 08:07:47 | 000,000,726 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-WinUtilities.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統設定-WinUtilities.lnk
    [2010/03/10 04:16:48 | 000,000,681 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-RegCure.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-RegCure.lnk
    [2010/03/05 03:09:44 | 000,001,703 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Windows 7 Manager.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統設定-Windows 7 Manager.lnk
    [2010/01/22 04:43:08 | 000,000,822 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\?????.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\關閉顯示器.lnk
    [2010/01/18 02:15:58 | 000,000,672 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Reg Organizer.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-Reg Organizer.lnk
    [2010/01/15 02:20:47 | 000,000,785 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Auslogics BoostSpeed.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統設定-Auslogics BoostSpeed.lnk
    [2010/01/11 02:34:12 | 000,000,781 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Smart Defrag.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟重組-Smart Defrag.lnk
    [2010/01/08 16:38:28 | 000,014,243 | ---- | M] ()(D:\My Documents\Book1 (????).xlsx) -- D:\My Documents\Book1 (自動儲存).xlsx
    [2010/01/08 04:26:13 | 000,000,870 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\?????-Media Player Classic - Home Cinema.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\多媒體播放-Media Player Classic - Home Cinema.lnk
    [2010/01/03 21:23:29 | 000,000,766 | ---- | M] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\快速關機.lnk
    [2010/01/03 21:23:00 | 000,000,720 | ---- | M] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\重新開機.lnk
    [2010/01/03 20:23:59 | 000,000,805 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-EmEditor.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\文書撰寫-EmEditor.lnk
    [2010/01/01 04:39:07 | 000,000,831 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-WinASO Registry Optimizer.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-WinASO Registry Optimizer.lnk
    [2010/01/01 02:40:53 | 000,000,673 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Glary Utilities.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統維護-Glary Utilities.lnk
    [2010/01/01 00:29:59 | 000,000,833 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Windows 7 ????.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統設定-Windows 7 優化大師.lnk
    [2009/12/30 02:42:37 | 000,000,874 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Advanced SystemCare.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統維護-Advanced SystemCare.lnk
    [2009/12/27 23:49:16 | 000,000,630 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-xnview.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\圖像瀏覽-xnview.lnk
    [2009/12/26 00:40:26 | 000,000,670 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-SuperCleaner.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟清理-SuperCleaner.lnk
    [2009/12/25 17:27:50 | 000,000,683 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-RegVac Registry Cleaner.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\登錄清理-RegVac Registry Cleaner.lnk
    [2009/12/21 00:09:23 | 000,000,716 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Vopt.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟重組-Vopt.lnk
    [2009/12/20 23:59:37 | 000,000,828 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Window Washer.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟清理-Window Washer.lnk
    [2009/12/20 23:06:16 | 000,000,673 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-BitComet.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\網路下載-BitComet.lnk
    [2009/12/20 22:58:21 | 000,000,704 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-WinTools.net Ultimate.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統設定-WinTools.net Ultimate.lnk
    [2009/12/18 02:57:48 | 000,000,621 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\??????.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統清理工具.lnk
    [2009/12/18 01:13:16 | 000,001,022 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-TuneUp 1-Click Maintenance.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統維護-TuneUp 1-Click Maintenance.lnk
    [2009/12/18 01:13:16 | 000,001,000 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-TuneUp Utilities.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統設定-TuneUp Utilities.lnk
    [2009/12/17 18:11:19 | 000,000,756 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-CCleaner.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\磁碟清理-CCleaner.lnk
    [2009/12/17 01:06:05 | 000,000,773 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\???-Mozilla Firefox.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\瀏覽器-Mozilla Firefox.lnk
    [2009/12/14 03:45:51 | 000,000,671 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-Total Commander.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\檔案管理-Total Commander.lnk
    [2009/12/14 03:27:49 | 000,000,884 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\開啟光碟.lnk
    [2009/12/10 01:51:01 | 000,000,664 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\???-Maxthon2.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\瀏覽器-Maxthon2.lnk
    [2009/12/09 20:31:42 | 000,000,681 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\????-????.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\系統設定-超級兔子.lnk
    [2009/12/09 19:12:10 | 000,000,681 | ---- | M] ()(C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\???-Avant Browser.lnk) -- C:\Users\Jeffery\Application Data\Microsoft\Internet Explorer\Quick Launch\瀏覽器-Avant Browser.lnk
    [2009/02/20 16:12:56 | 000,000,438 | ---- | M] ()(D:\My Documents\???????.lnk) -- D:\My Documents\我的共用資料夾.lnk
    [2008/03/02 02:53:43 | 000,015,907 | ---- | M] ()(D:\My Documents\NP Bookkeeping (????).xlsx) -- D:\My Documents\NP Bookkeeping (自動儲存).xlsx
    (C:\Users\Jeffery\[??] ???) -- C:\Users\Jeffery\[開始] 功能表
    (C:\ProgramData\[??] ???) -- C:\ProgramData\[開始] 功能表
    (C:\ProgramData\??) -- C:\ProgramData\桌面

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:1CE11B51

    < End of report >



    This Extra log is from my initial run, which was NOT of the custom scan you instructed me to do. Hopefully, this is okay, because my other runs are not generating new extra logs, for some odd reason.

    OTL Extras logfile created on: 27/05/2011 12:04:52 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Jeffery\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00001009 | Country: 加拿大 | Language: ENC | Date Format: dd/MM/yyyy

    1014.12 Mb Total Physical Memory | 209.34 Mb Available Physical Memory | 20.64% Memory free
    2.48 Gb Paging File | 1.61 Gb Available in Paging File | 65.23% Paging File free
    Paging file location(s): C:\pagefile.sys 1521 1521 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 41.60 Gb Total Space | 7.79 Gb Free Space | 18.71% Space Free | Partition Type: NTFS
    Drive D: | 25.08 Gb Total Space | 14.35 Gb Free Space | 57.23% Space Free | Partition Type: NTFS
    Drive E: | 45.00 Gb Total Space | 9.32 Gb Free Space | 20.71% Space Free | Partition Type: NTFS

    Computer Name: NB02 | User Name: Jeffery | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .ini [@ = emeditor.ini] -- D:\A-system\EmEditor\EMEDITOR.EXE (Emurasoft, Inc.)
    .txt [@ = emeditor.txt] -- D:\A-system\EmEditor\EMEDITOR.EXE (Emurasoft, Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\IEPro\MiniDM.exe" = C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live 上載工具
    "{226DED00-5B8B-4877-AEF6-C41E00B57E36}" = Windows Live Mail
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}" = Foxit Phantom
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{32D36E99-46CF-4C1B-B260-368202E0853D}" = Windows Live Call
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{40D5E798-3DBC-4695-8CC3-45BEAF1C3941}" = Windows Live 影像中心
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E4F8EE0-43EC-4AB9-9A04-702F2AE7E229}" = Windows Live 登入小幫手
    "{533F30A1-89CA-4824-8268-1A0AB9D7DC5C}" = Windows Live Movie Maker
    "{548CC5A0-F2E2-11DD-6172-0DC7E1C11916}" = Vopt 9
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{86CC84D0-4446-4F70-8B84-1B3183B00693}" = EmEditor Professional (English)
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-0404-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A35682B-4C64-4F37-B1A0-3E21063C80DC}" = Windows Live Messenger
    "{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1028-7B44-A94000000001}" = Adobe Reader 9.4.2 - Chinese Traditional
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BDE0CF4C-8DE2-41DB-A845-78D48874E2C6}" = SLOW-PCfighter
    "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{CC084EC0-5F74-4A17-8635-3ED61D501643}_is1" = Flyff
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D2711393-0008-45FD-9D60-6903AEC0F0FF}" = Windows Live Sync
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
    "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F353BD3E-1BBC-491C-A0A7-A93D6B56FFD4}" = Windows Live 程式集
    "{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "ALiBaBar" = ALiBaBar
    "ATMA V" = ATMA V 5.05
    "AvantBrowser" = Avant Browser (remove only)
    "BitComet" = BitComet(比特彗星) 1.20
    "CCleaner" = CCleaner
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Diablo II" = Diablo II
    "DivX Setup.divx.com" = DivX Setup
    "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Foxit PDF Editor" = Foxit PDF Editor
    "Foxit Reader" = Foxit Reader
    "FoxyTunesForFirefox" = FoxyTunes for Firefox
    "Hard Drive Inspector" = Hard Drive Inspector Professional 3.60 build # 321
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "IE7Pro" = IE7Pro
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "IObit Security 360_is1" = IObit Security 360
    "JPG2PDF_is1" = JPG2PDF 2.2
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.8.3
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Maxthon2" = Maxthon2
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "mIRC" = mIRC
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "Ninotech Path Copy" = Ninotech Path Copy 4.0
    "PDF Protection Remover_is1" = PDF Protection Remover 3.0
    "RegCure" = RegCure
    "RegVac Registry Cleaner (Trial Version)_is1" = RegVac Registry Cleaner 5.02 (Trial Version)
    "SLOW-PCfighter" = SLOW-PCfighter
    "Smart Defrag_is1" = Smart Defrag
    "SpeedConnect Internet Accelerator v.7.5_is1" = SpeedConnect Internet Accelerator v.7.5
    "ST6UNST #1" = Hero Editor V1.04
    "ST6UNST #2" = Hero Editor V1.04 (e:\Games\Diablo 2\Diablo 2 full game with expansion\Hero Editor\)
    "StartupRun" = StartupRun
    "System Cleaner 5" = System Cleaner 5
    "tcscconv" = Microsoft Internet Explorer 中文繁簡轉換
    "Totalcmd" = Total Commander (Remove or Repair)
    "VeryPDF PDF Editor v2.6_is1" = VeryPDF PDF Editor v2.6
    "WinASO Registry Optimizer 4.5.3_is1" = WinASO Registry Optimizer 4.5.3
    "Window Washer" = Window Washer
    "WinLiveSuite_Wave3" = Windows Live 程式集
    "WinRAR archiver" = WinRAR 壓縮工具
    "XnView_is1" = XnView 1.97.2
    "YU2010_is1" = Your Uninstaller! 2010
    "超級兔子" = 超級兔子 V9.03

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 26/05/2011 3:47:16 PM | Computer Name = NB02 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: ?????????????????????,????????????? .

    Error - 26/05/2011 3:47:23 PM | Computer Name = NB02 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: ?????????????????????,????????????? .

    Error - 26/05/2011 3:47:24 PM | Computer Name = NB02 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: ?????????????????????,????????????? .

    Error - 26/05/2011 3:47:25 PM | Computer Name = NB02 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: ?????????????????????,????????????? .

    Error - 26/05/2011 3:47:26 PM | Computer Name = NB02 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: ?????????????????????,????????????? .

    Error - 26/05/2011 3:49:11 PM | Computer Name = NB02 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: ?????????????????????,????????????? .

    Error - 26/05/2011 3:49:11 PM | Computer Name = NB02 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: ?????????????????????,????????????? .

    Error - 26/05/2011 4:05:33 PM | Computer Name = NB02 | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 26/05/2011 4:06:50 PM | Computer Name = NB02 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "d:\A-system\WinASO\registry
    optimizer\regx64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 26/05/2011 4:07:15 PM | Computer Name = NB02 | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "d:\A-system\spybot - search
    & destroy\DelZip179.dll".Error in manifest or policy file "d:\A-system\spybot -
    search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
    in element "assemblyIdentity" is invalid.

    [ OSession Events ]
    Error - 13/07/2010 9:32:43 PM | Computer Name = NB02 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 6755
    seconds with 1680 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 27/05/2011 11:43:54 AM | Computer Name = NB02 | Source = WMPNetworkSvc | ID = 866300
    Description =

    Error - 27/05/2011 11:43:57 AM | Computer Name = NB02 | Source = DCOM | ID = 10005
    Description =

    Error - 27/05/2011 11:43:57 AM | Computer Name = NB02 | Source = Service Control Manager | ID = 7001
    Description = The UPnP Device Host service depends on the SSDP Discovery service
    which failed to start because of the following error: %%1058

    Error - 27/05/2011 11:43:57 AM | Computer Name = NB02 | Source = Service Control Manager | ID = 7001
    Description = The UPnP Device Host service depends on the SSDP Discovery service
    which failed to start because of the following error: %%1058

    Error - 27/05/2011 11:47:18 AM | Computer Name = NB02 | Source = NetBT | ID = 4321
    Description = The name "FAMILY :1d" could not be registered on the interface
    with IP address 192.168.12.103. The computer with the IP address 192.168.12.100
    did not allow the name to be claimed by this computer.

    Error - 27/05/2011 11:52:28 AM | Computer Name = NB02 | Source = NetBT | ID = 4321
    Description = The name "FAMILY :1d" could not be registered on the interface
    with IP address 192.168.12.103. The computer with the IP address 192.168.12.100
    did not allow the name to be claimed by this computer.

    Error - 27/05/2011 11:57:38 AM | Computer Name = NB02 | Source = NetBT | ID = 4321
    Description = The name "FAMILY :1d" could not be registered on the interface
    with IP address 192.168.12.103. The computer with the IP address 192.168.12.100
    did not allow the name to be claimed by this computer.

    Error - 27/05/2011 12:02:48 PM | Computer Name = NB02 | Source = BROWSER | ID = 8009
    Description =

    Error - 27/05/2011 12:02:48 PM | Computer Name = NB02 | Source = NetBT | ID = 4321
    Description = The name "FAMILY :1d" could not be registered on the interface
    with IP address 192.168.12.103. The computer with the IP address 192.168.12.100
    did not allow the name to be claimed by this computer.

    Error - 27/05/2011 12:07:58 PM | Computer Name = NB02 | Source = NetBT | ID = 4321
    Description = The name "FAMILY :1d" could not be registered on the interface
    with IP address 192.168.12.103. The computer with the IP address 192.168.12.100
    did not allow the name to be claimed by this computer.


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (no name) - {CE439C63-384A-747A-A357-23D96B5D652B} - No CLSID value found.
      [2011/05/21 02:22:21 | 000,014,282 | -HS- | M] () -- C:\Users\Jeffery\AppData\Local\4kfewgx2ou258k5cofb45m2n4a0c7s62ftya45hw34e01b
      [2011/05/21 02:22:21 | 000,014,282 | -HS- | M] () -- C:\ProgramData\4kfewgx2ou258k5cofb45m2n4a0c7s62ftya45hw34e01b
      [2010/04/04 22:27:03 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Uniblue
      [2011/05/19 23:08:19 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
      @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:1CE11B51
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a BitDefender Online Scan

    • Disable your antivirus program.
    • Click Start Scanner button.
    • Click Free scan now button
    • Allow browser plug-in to be installed when prompted.
    • Click I Agree to agree to the EULA.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on View report.
    • Notepad will open with scan results.
    • Save the report to your desktop and post its content in your next reply.
     
  13. JYZero

    JYZero TS Rookie Topic Starter Posts: 39

    OTL Fix Log:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE439C63-384A-747A-A357-23D96B5D652B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE439C63-384A-747A-A357-23D96B5D652B}\ not found.
    C:\Users\Jeffery\AppData\Local\4kfewgx2ou258k5cofb45m2n4a0c7s62ftya45hw34e01b moved successfully.
    C:\ProgramData\4kfewgx2ou258k5cofb45m2n4a0c7s62ftya45hw34e01b moved successfully.
    C:\Users\Jeffery\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp folder moved successfully.
    C:\Users\Jeffery\AppData\Roaming\Uniblue\SpeedUpMyPC folder moved successfully.
    C:\Users\Jeffery\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
    C:\Users\Jeffery\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
    C:\Users\Jeffery\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
    C:\Users\Jeffery\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
    C:\Users\Jeffery\AppData\Roaming\Uniblue\PowerSuite\_temp folder moved successfully.
    C:\Users\Jeffery\AppData\Roaming\Uniblue\PowerSuite folder moved successfully.
    C:\Users\Jeffery\AppData\Roaming\Uniblue\DriverScanner\_temp folder moved successfully.
    C:\Users\Jeffery\AppData\Roaming\Uniblue\DriverScanner\drivers folder moved successfully.
    C:\Users\Jeffery\AppData\Roaming\Uniblue\DriverScanner folder moved successfully.
    C:\Users\Jeffery\AppData\Roaming\Uniblue folder moved successfully.
    C:\Users\Jeffery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery folder moved successfully.
    ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes

    User: Jeffery
    ->Temp folder emptied: 0 bytes
    ->Java cache emptied: 2714092 bytes
    ->FireFox cache emptied: 59551034 bytes
    ->Flash cache emptied: 2398749 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    Session Manager Temp folder emptied: 5678008 bytes
    Session Manager Tmp folder emptied: 49152 bytes
    RecycleBin emptied: 323756525 bytes

    Total Files Cleaned = 376.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Jeffery
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.23.0 log created on 05302011_140456

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    ----------------------------------------------------------------------------------------------------------------------------------------------

    Security Check Log:

    Results of screen317's Security Check version 0.99.7
    Windows 7 Service Pack 1 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    RegVac Registry Cleaner 5.02 (Trial Version)
    System Cleaner 5
    Java(TM) 6 Update 25
    Out of date Java installed!
    Adobe Flash Player 10.0.45.2
    Adobe Reader 9.4.2 - Chinese Traditional
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
     
  14. JYZero

    JYZero TS Rookie Topic Starter Posts: 39

    As for the Bitdefender scan, everytime I click to install the activex, it refreshes the page and asks me to download it again. I suspect it has something to do with my slow internet, but there's nothing that can be done about that atm.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Try BitDefender with Firefox.

    =====================================================================

    Uninstall RegVac Registry Cleaner 5.02 (Trial Version) and System Cleaner 5 .
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =======================================================================

    Update Firefox to the latest 4.0.1 version.

    ====================================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.
     
  16. JYZero

    JYZero TS Rookie Topic Starter Posts: 39

    I ran a QuickScan on BitDefender, because the "official scan" wasn't really working for me. Here's the report:


    QuickScan Beta 32-bit v0.9.9.93
    -------------------------------
    Scan date: Thu Jun 02 11:51:27 2011
    Machine ID: 2C9BCF99



    No infection found.
    -------------------



    Processes
    ---------
    (unsigned) TeaTimer.exe 3944 D:\A-system\Spybot - Search & Destroy\TeaTimer.exe

    (verified) Apple Mobile Device Service 1668 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (verified) Bonjour 1688 C:\Program Files\Bonjour\mDNSResponder.exe
    (verified) DAEMON Tools Lite 2268 D:\A-media\DAEMON Tools Lite\DTLite.exe
    (verified) DivX Download Manager Service 3824 C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    (verified) DivX Update 3804 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    (verified) ESET Smart Security 3776 C:\Program Files\ESET\ESET Smart Security\egui.exe
    (verified) ESET Smart Security 1740 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    (verified) Firefox 3868 D:\A-www\Mozilla Firefox\firefox.exe
    (verified) Firefox 3308 D:\A-www\Mozilla Firefox\plugin-container.exe
    (verified) GrooveMonitor Utility 3880 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (verified) IObit Security 360 3388 D:\A-www\IObit Security 360\is360.exe
    (verified) IObit Security 360 1880 D:\A-www\IObit Security 360\is360srv.exe
    (verified) IObit Security 360 3784 D:\A-www\IObit Security 360\is360tray.exe
    (verified) Microsoft® Visual Studio .NET 1912 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    (verified) Microsoft® Windows® Operating System 3668 C:\Windows\explorer.exe
    (verified) Microsoft® Windows® Operating System 484 C:\Windows\System32\csrss.exe
    (verified) Microsoft® Windows® Operating System 548 C:\Windows\System32\csrss.exe
    (verified) Microsoft® Windows® Operating System 3636 C:\Windows\System32\dwm.exe
    (verified) Microsoft® Windows® Operating System 632 C:\Windows\System32\lsass.exe
    (verified) Microsoft® Windows® Operating System 640 C:\Windows\System32\lsm.exe
    (verified) Microsoft® Windows® Operating System 624 C:\Windows\System32\services.exe
    (verified) Microsoft® Windows® Operating System 264 C:\Windows\System32\smss.exe
    (verified) Microsoft® Windows® Operating System 1504 C:\Windows\System32\spoolsv.exe
    (verified) Microsoft® Windows® Operating System 1964 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1376 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1208 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1056 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1008 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 880 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 832 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1776 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 768 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1540 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 3676 C:\Windows\System32\taskeng.exe
    (verified) Microsoft® Windows® Operating System 3140 C:\Windows\System32\taskhost.exe
    (verified) Microsoft® Windows® Operating System 3408 C:\Windows\System32\taskhost.exe
    (verified) Microsoft® Windows® Operating System 2228 C:\Windows\System32\wermgr.exe
    (verified) Microsoft® Windows® Operating System 536 C:\Windows\System32\wininit.exe
    (verified) Microsoft® Windows® Operating System 604 C:\Windows\System32\winlogon.exe
    (verified) Window Washer 828 D:\A-system\Webroot\Washer\WasherSvc.exe
    (verified) Windows® Internet Explorer 2180 C:\Program Files\Internet Explorer\iexplore.exe
    (verified) Windows® Internet Explorer 2628 C:\Program Files\Internet Explorer\iexplore.exe


    Network activity
    ----------------
    Process iexplore.exe (2628) connected on port 80 (HTTP) --> 74.125.226.177
    Process iexplore.exe (2628) connected on port 80 (HTTP) --> 216.246.75.226
    Process iexplore.exe (2628) connected on port 80 (HTTP) --> 216.246.75.226
    Process iexplore.exe (2628) connected on port 80 (HTTP) --> 216.246.75.226
    Process iexplore.exe (2628) connected on port 80 (HTTP) --> 216.246.75.226
    Process iexplore.exe (2628) connected on port 80 (HTTP) --> 216.246.75.226
    Process iexplore.exe (2628) connected on port 80 (HTTP) --> 216.246.75.226
    Process iexplore.exe (2628) connected on port 80 (HTTP) --> 66.235.142.20

    Process wininit.exe (536) listens on ports: 49152 (RPC)
    Process services.exe (624) listens on ports: 49158 (RPC)
    Process lsass.exe (632) listens on ports: 49155 (RPC)
    Process svchost.exe (832) listens on ports: 135 (RPC)
    Process svchost.exe (880) listens on ports: 49153 (RPC)
    Process svchost.exe (1056) listens on ports: 49154 (RPC)
    Process svchost.exe (1964) listens on ports: 49156 (RPC)


    Autoruns and critical files
    ---------------------------
    (unsigned) System Cleaner D:\A-system\System Cleaner 5\SystemCleaner.exe
    (unsigned) TeaTimer.exe D:\A-system\Spybot - Search & Destroy\TeaTimer.exe

    (verified) Adobe Acrobat D:\A-edit\Adobe\Reader 9.0\Reader\Reader_sl.exe
    (verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (verified) DivX Download Manager Service C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    (verified) DivX Update C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    (verified) ESET Smart Security C:\Program Files\ESET\ESET Smart Security\egui.exe
    (verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
    (verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    (verified) GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    (verified) Intel(R) Common User Interface C:\Windows\system32\igfxdev.dll
    (verified) IObit Security 360 D:\A-www\IObit Security 360\is360tray.exe
    (verified) Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
    (verified) QuickTime C:\Program Files\QuickTime\QTTask.exe
    (verified) Smart Defrag D:\A-system\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
    (verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll


    Browser plugins
    ---------------
    (unsigned) BitComet Extension C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
    (unsigned) BitCometAgent D:\A-www\Mozilla Firefox\plugins\npBitCometAgent.dll
    (unsigned) Fast Search C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
    (unsigned) frozen.dll C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    (unsigned) googletoolbar-ff2.dll C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    (unsigned) googletoolbar-ff3.dll C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    (unsigned) googletoolbarloader.dll C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    (unsigned) Grab Pro c:\program files\iepro\ieprorecorder.dll
    (unsigned) IE7Pro C:\Program Files\IEPro\IEPro.dll
    (unsigned) Java(TM) Platform SE 6 U25 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    (unsigned) libcurl.dll C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
    (unsigned) libexpatw.dll C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
    (unsigned) The OpenSSL Toolkit C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll
    (unsigned) The OpenSSL Toolkit C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll

    (verified) 2007 Microsoft Office system D:\A-www\Mozilla Firefox\plugins\NPOFF12.DLL
    (verified) AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    (verified) Adobe Acrobat D:\A-www\Mozilla Firefox\plugins\nppdf32.dll
    (verified) bdoscandel.exe C:\Windows\bdoscandel.exe
    (verified) bdscanonline C:\Windows\Downloaded Program Files\oscan82.ocx
    (verified) BitDefender QuickScan C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    (verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
    (verified) DivX OVS Helper Plug-in C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    (verified) DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    (verified) FlashGot.exe C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\FlashGot.exe
    (verified) Foxit Reader Plugin for Mozilla D:\A-www\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    (verified) Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
    (verified) Google Update C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    (verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
    (verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    (verified) ipsupd.dll C:\Windows\Downloaded Program Files\ipsupd.dll
    (verified) Java Deployment Toolkit 6.0.250.6 D:\A-www\Mozilla Firefox\plugins\npdeployJava1.dll
    (verified) Java(TM) Platform SE 6 U25 C:\Program Files\Java\jre6\bin\jp2ssv.dll
    (verified) Microsoft Office Live Plug-in for Firef C:\Program Files\Microsoft\Office Live\npOLW.dll
    (verified) Microsoft® Visual Studio .NET C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
    (verified) Microsoft® Visual Studio .NET C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll
    (verified) Microsoft® Windows Media Player Firefox D:\A-www\Mozilla Firefox\plugins\np-mswmp.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
    (verified) Mozilla Default Plug-in D:\A-www\Mozilla Firefox\plugins\npnul32.dll
    (verified) npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    (verified) NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll
    (verified) Pando Web Plugin C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    (verified) PDF-XChange Viewer D:\A-www\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
    (verified) QuickTime Plug-in 7.6.6 D:\A-www\Mozilla Firefox\plugins\npqtplugin.dll
    (verified) QuickTime Plug-in 7.6.6 D:\A-www\Mozilla Firefox\plugins\npqtplugin2.dll
    (verified) QuickTime Plug-in 7.6.6 D:\A-www\Mozilla Firefox\plugins\npqtplugin3.dll
    (verified) QuickTime Plug-in 7.6.6 D:\A-www\Mozilla Firefox\plugins\npqtplugin4.dll
    (verified) QuickTime Plug-in 7.6.6 D:\A-www\Mozilla Firefox\plugins\npqtplugin5.dll
    (verified) QuickTime Plug-in 7.6.6 D:\A-www\Mozilla Firefox\plugins\npqtplugin6.dll
    (verified) RealPlayer Version Plugin D:\A-media\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    (verified) RealPlayer Version Plugin D:\A-www\Mozilla Firefox\plugins\nprpjplug.dll
    (verified) RealPlayer(tm) G2 LiveConnect-Enabled P D:\A-media\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    (verified) RealPlayer(tm) G2 LiveConnect-Enabled P D:\A-www\Mozilla Firefox\plugins\nppl3260.dll
    (verified) SDHelper.dll D:\A-system\Spybot - Search & Destroy\SDHelper.dll
    (verified) Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
    (verified) TVU Web Player for FireFox C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    (verified) Winamp Toolbar for Firefox Plugin Dynam C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
    (verified) Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    (verified) Windows® Internet Explorer C:\Windows\System32\ieframe.dll
    (verified) XpcomOpusConnector.dll C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
    (verified) zlib C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll


    Scan
    ----
    (unsigned) MD5: 4b988e3393789572cdb143ddac3a2fc0 C:\Program Files\DivX\DivX Plus Web Player\DivXDownloadManager.dll
    (unsigned) MD5: 805a6ccebb8cc41c79b2e66f519e6be3 C:\Program Files\DivX\DivX Plus Web Player\libxml2.dll
    (unsigned) MD5: ab1c115f832d1c4af5ae8aa769dc63fd C:\Program Files\IEPro\IEPro.dll
    (unsigned) MD5: 48673844cbd311b9574571a01c379197 C:\Program Files\IEPro\IEProFrm.dll
    (unsigned) MD5: 65fe7911c06f961d354b9c92155267e1 c:\program files\iepro\ieprorecorder.dll
    (unsigned) MD5: 85dda1f05dd91b7faad9467e2af1e316 C:\Program Files\IEPro\modules\adblock.dll
    (unsigned) MD5: 9cc3f5c1b26bc6b647707752ca7a8bef C:\Program Files\IEPro\modules\autoform.dll
    (unsigned) MD5: e191f8a02f7d1864fc392f3c6be365f8 C:\Program Files\IEPro\modules\basemod.dll
    (unsigned) MD5: 6ddddce3b89ea5f2f77c4d25183e6818 C:\Program Files\IEPro\modules\downmod.dll
    (unsigned) MD5: fbb7285cc0d07be79f4b4af7c18b6daf C:\Program Files\IEPro\modules\fasterie.dll
    (unsigned) MD5: e8dcc886f5b42e6103ef237a5067e2d1 C:\Program Files\IEPro\modules\findbar.dll
    (unsigned) MD5: 12e3a72f8bdec6594c635c9d61f87175 C:\Program Files\IEPro\modules\iecleaner.dll
    (unsigned) MD5: 41490f63613a72710afa87813dfab0c4 C:\Program Files\IEPro\modules\iescript.dll
    (unsigned) MD5: dd232771aea415c0cac95044865b0259 C:\Program Files\IEPro\modules\liveserv.dll
    (unsigned) MD5: bc46b431a5fb9965abf618b6885fe467 C:\Program Files\IEPro\modules\spellchk.dll
    (unsigned) MD5: ed5394c852ae873d5a67e14e8049881d C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    (unsigned) MD5: 596ae98746cea4c2b4a54266b26b433a C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
    (unsigned) MD5: 2e07a92527c8ab899f5a42e1df5dc283 C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll
    (unsigned) MD5: 41813f05f1babc907640550d1c41b456 C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
    (unsigned) MD5: 2f53a197cf546a7ca5e4927b42013240 C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
    (unsigned) MD5: 86e4568fd57fd97d1b701033e3b5eb62 C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
    (unsigned) MD5: 2f0c90066637cdbce0d06b23b80b4909 C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
    (unsigned) MD5: 5d1103865a704b175b98b97599ad53a9 C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    (unsigned) MD5: fefff3218cd759ce9e4515938e9cc7fc C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    (unsigned) MD5: 862add55fa07b77a233a1f90630fdfbf C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    (unsigned) MD5: ab4573fab542d50f4d2a55f77635bac5 C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    (unsigned) MD5: 5cea858ea7ad92eaabac8b5a44f501e7 C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
    (unsigned) MD5: 08718f3054c668a3da2f124f49e35026 C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\p7dy6x7s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
    (unsigned) MD5: 16f3bb89525ee0a857923e63206409d9 C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d1cb520e4353d918\ATL80.dll
    (unsigned) MD5: e983dc6a5c218016252af33b6ca6bfcb C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_cbf62b764709d1c9\mfc80u.dll
    (unsigned) MD5: 390679f7a217a5e73d756276c40ae887 D:\A-system\Spybot - Search & Destroy\TeaTimer.exe
    (unsigned) MD5: 1750c018beef0d8ff2e2d1b859cdfc60 D:\A-system\System Cleaner 5\SystemCleaner.exe
    (unsigned) MD5: fb5200b314747963d1530d166755aa89 D:\A-www\IObit Security 360\madbasic_.bpl
    (unsigned) MD5: 155734ba4f8408328656f35269b9eb83 D:\A-www\IObit Security 360\maddisAsm_.bpl
    (unsigned) MD5: dd82eb68d97944b192c7803eb585b03c D:\A-www\IObit Security 360\rtl120.bpl
    (unsigned) MD5: 773ebd87010a6f644869a59d98792c9c D:\A-www\IObit Security 360\vcl120.bpl
    (unsigned) MD5: f14ef279310f1e6586f04b811cb67e6e D:\A-www\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
    (unsigned) MD5: c45acc127f6f735f2dab67ef0df763da D:\A-www\Mozilla Firefox\freebl3.dll
    (unsigned) MD5: 4e9609521fc1e0687daf47541b2c0da1 D:\A-www\Mozilla Firefox\nssdbm3.dll
    (unsigned) MD5: 38f339e6a43d2bb3d857983c79215389 D:\A-www\Mozilla Firefox\plugins\npBitCometAgent.dll
    (unsigned) MD5: e776d886684937a140b1b68077760441 D:\A-www\Mozilla Firefox\softokn3.dll


    No file uploaded.

    Scan finished - communication took 241 sec
    Total traffic - 0.09 MB sent, 2.18 KB recvd
    Scanned 1566 files and modules - 366 seconds

    ==============================================================================
     
  17. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  18. JYZero

    JYZero TS Rookie Topic Starter Posts: 39

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes

    User: Jeffery
    ->Temp folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 60262026 bytes
    ->Flash cache emptied: 1202 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    Session Manager Temp folder emptied: 68439239 bytes
    Session Manager Tmp folder emptied: 98304 bytes
    RecycleBin emptied: 1776617 bytes

    Total Files Cleaned = 125.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Jeffery
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.23.0 log created on 06032011_122932

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    Thanks, Broni!
     
  19. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Whenever ready....
     
  20. JYZero

    JYZero TS Rookie Topic Starter Posts: 39

    Hi Broni, everything on my computer feels fine now. If there's anything else, just let me know. Thanks!
     
  21. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...