TechSpot

Random sounds playing on Vista Home Premium

By Arfer
Nov 13, 2011
  1. Hi all,
    Have been given a friend's Japanese Vista Home Premium to have a look at.
    It plays out random sounds...
    I have run Microsoft Security Essentials which comes back clean, as does Spybot.
    I have attached Malwarebytes, SuperAntiSpyware and HIjackthis logs.
    Really need some help on this one,
    TIA for any help offered,
    Arfer
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Arfer

    Arfer TS Rookie Topic Starter Posts: 22

    New - Random sounds playing on Vista Home Premium

    Hi Broni,
    thanks again so much for your time and expertise with this,
    ps. in case you see non English in the logs, the machine is , Japanese Keyboard and Language.
    As well as the random sounds, I have been trying to make restore points this morning without success, that also appears to be affected......
    Have all the logs ready so here goes with Malwarebytes....

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8198

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    2011/11/20 19:48:48
    mbam-log-2011-11-20 (19-48-48).txt

    Scan type: Quick scan
    Objects scanned: 172616
    Time elapsed: 5 minute(s), 15 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  4. Arfer

    Arfer TS Rookie Topic Starter Posts: 22

    Gmer Log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-20 21:31:46
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
    Running: gmer.exe; Driver: C:\Users\JONATH~1\AppData\Local\Temp\afxcykod.sys


    ---- Processes - GMER 1.0.15 ----

    Process IMJPCMNT.EXE (*** hidden *** ) 2544

    ---- EOF - GMER 1.0.15 ----
     
  5. Arfer

    Arfer TS Rookie Topic Starter Posts: 22

    DDS.txt Log

    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by jonathan taylor at 21:56:39 on 2011-11-20
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Fingerprint Sensor\AtService.exe
    C:\Program Files\Softex\OmniPass\OmniServ.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fujitsu\NetworkPlayer\Kernel\DMP\CLHNService.exe
    c:\Program Files\Fujitsu\DustSolution\FJDService.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Fujitsu\NetworkPlayer Server\NetworkPlayerServer.exe
    c:\Windows\system32\o2flash.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Program Files\FUJITSU\Plugfree NETWORK\PFNService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\PSIService.exe
    C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSRVC.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Fujitsu\chitose\updnvsrv.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\fjuty\sptnavi\EzSptBtn4.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
    C:\Program Files\Softex\OmniPass\opvapp.exe
    C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
    C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\CyberLink\AVCHD Player\PCMAgent.exe
    C:\Program Files\CyberLink\AVCHD Player\Kernel\CLML\CLMLSvc.exe
    C:\Program Files\Fujitsu\DustSolution\HokoriApp.exe
    C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
    C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
    C:\Program Files\Corel\Corel MyPhoto\Corel Photo Downloader.exe
    C:\Program Files\Fujitsu\NetworkPlayer Server\NetworkPlayerServerHelper.exe
    C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCHOOK.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Fujitsu\chitose\updatenv.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\SetPoint\SetPoint.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHndHkb.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\HidFind.exe
    C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    c:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://home.bt.yahoo.com/
    mStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = about:blank
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Toolbar Browser Helper Objects: {b37b14b8-699f-4002-9254-d1ab00fd07b5} - c:\program files\@nifty toolbar\nbho.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: AzbyClubƒc[ƒ‹ƒo[(&A): {3db1c21b-a7e0-4c3f-b39e-e00dd8792d90} - c:\program files\@nifty toolbar\ntoolbar.dll
    TB: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [FLAB_FirstInput]
    uRun: [Sidebar] c:\program files\windows sidebar\Sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [EzSptBtn] c:\fjuty\sptnavi\EzSptBtn4.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
    mRun: [TvOutSwitch] c:\program files\fujitsu\dispswitch\DispSwitchLauncher.exe
    mRun: [PUSCKAPLEXE] c:\program files\fujitsu\powerutility\schedule\PUSCKAPLEXE.exe
    mRun: [IME JPN 2007 Migration] c:\progra~1\common~1\micros~1\ime12\imejp\IMJPKLMG.EXE /Preload
    mRun: [PfNet] c:\program files\fujitsu\plugfree network\PFNet.exe /r
    mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
    mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [PCMAgent] "c:\program files\cyberlink\avchd player\PCMAgent.exe"
    mRun: [CLMLServer] "c:\program files\cyberlink\avchd player\kernel\clml\CLMLSvc.exe"
    mRun: [FJDust] c:\program files\fujitsu\dustsolution\HokoriApp.exe
    mRun: [IndicatorUtility] c:\program files\fujitsu\indicatorutility\IndicatorUty.exe
    mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\fujitsu quick touch\QuickTouch.exe
    mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
    mRun: [LoadPUSCDaemon] c:\program files\fujitsu\powerutility\schedule\PUSCDaemon.exe
    mRun: [UVS11 Preload] c:\program files\corel\dvd moviewriter for fujitsu\movie wizard\uvPL.exe
    mRun: [Corel Photo Downloader] "c:\program files\corel\corel myphoto\Corel Photo Downloader.exe" -startup
    mRun: [NetTVViewerAgent] "c:\program files\fujitsu\net tv viewer\NetTVViewerAgent.exe"
    mRun: [NetworkPlayerServerHelper] c:\program files\fujitsu\networkplayer server\NetworkPlayerServerHelper.exe
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\chitose\updatenv.exe
    StartupFolder: c:\users\jonath~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: @nifty: @search‚ÅŒŸõ - c:\program files\@nifty toolbar\ntoolbar.dll/atsearch.htm
    IE: @nifty: ƒy[ƒW‚ð“ú–{Œê‚É–|–ó - c:\program files\@nifty toolbar\ntoolbar.dll/en_to_jp.htm
    IE: @nifty: ‘I‘ð”͈͂ð“ú–{Œê‚É–|–ó - c:\program files\@nifty toolbar\ntoolbar.dll/en_to_jp_txt.htm
    IE: Google ƒTƒCƒhƒEƒBƒL... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: Microsoft Excel ‚ɃGƒNƒXƒ|[ƒg(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{3CA30D41-91D0-4B05-BDBE-C9CACC48310C} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{8C442C9F-D794-4541-A0F1-1F6F843CA73D} : DhcpNameServer = 192.168.1.254
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2009-2-23 8960]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 MpKsla2bdefda;MpKsla2bdefda;c:\programdata\microsoft\microsoft antimalware\definition updates\{05d0e893-510e-4eb4-868a-4b3976fcbbc2}\MpKsla2bdefda.sys [2011-11-20 28752]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-10-20 1664248]
    R2 CLHNService3;CLHNService3;c:\program files\fujitsu\networkplayer\kernel\dmp\CLHNService.exe [2009-2-23 81920]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
    R2 FjDstService;FjDstService;c:\program files\fujitsu\dustsolution\FJDService.exe [2007-11-21 62760]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 NetworkPlayer Server;NetworkPlayer Server;c:\program files\fujitsu\networkplayer server\NetworkPlayerServer.exe [2009-2-23 86016]
    R2 ntk3;ntk3;c:\program files\fujitsu\networkplayer\kernel\dmp\ntk3.sys [2009-2-23 120048]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]
    R2 PFNService;PFNService;c:\program files\fujitsu\plugfree network\PFNService.exe [2009-2-23 213800]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-1 1153368]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
    R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\chitose\updnvsrv.exe [2011-6-16 12800]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-10-20 478720]
    R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2009-2-23 5632]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-2-23 112128]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-2-5 47448]
    R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-8-12 43808]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google ƒAƒbƒvƒf[ƒg ƒT[ƒrƒX (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
    S3 gupdatem;Google Update ƒT[ƒrƒX (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
    S3 MatSvc;ƒ}ƒCƒNƒƒ\ƒtƒgf’fƒ\ƒŠƒ…[ƒVƒ‡ƒ“;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
    S3 NisSrv;Microsoft ƒlƒbƒgƒ[ƒNŒŸ¸;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 putlrsrv;PowerUtility Remote Power Management Service;c:\progra~1\fujitsu\poweru~1\remote\PUTLRSRV.exe [2008-2-5 84520]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-11-1 27192]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WSDPrintDevice;UMB ‚ðŒo—R‚µ‚½ WSD ˆóüƒTƒ|[ƒg;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
    .
    =============== Created Last 30 ================
    .
    2011-11-20 11:55:17 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{05d0e893-510e-4eb4-868a-4b3976fcbbc2}\MpKsla2bdefda.sys
    2011-11-20 11:55:15 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{05d0e893-510e-4eb4-868a-4b3976fcbbc2}\offreg.dll
    2011-11-20 11:55:12 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{05d0e893-510e-4eb4-868a-4b3976fcbbc2}\mpengine.dll
    2011-11-20 10:17:41 -------- d-----w- c:\program files\Windows Portable Devices
    2011-11-20 10:14:40 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2011-11-20 10:14:40 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2011-11-20 10:14:39 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2011-11-20 10:10:53 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2011-11-20 10:10:53 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2011-11-20 10:10:53 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2011-11-20 10:10:52 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2011-11-20 10:10:52 519680 ----a-w- c:\windows\system32\d3d11.dll
    2011-11-20 10:10:52 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2011-11-20 10:10:52 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2011-11-20 09:57:13 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-11-20 09:57:13 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-11-20 09:57:13 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-11-20 09:57:13 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-11-20 09:57:12 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-11-20 09:57:08 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-20 09:55:56 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-11-20 09:55:55 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-11-20 09:55:54 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-11-20 09:55:53 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-20 09:55:53 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-20 09:55:53 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2011-11-20 09:55:44 231424 ----a-w- c:\windows\system32\msshsq.dll
    2011-11-20 09:34:21 -------- d-----w- c:\windows\system32\vi-VN
    2011-11-20 09:34:21 -------- d-----w- c:\windows\system32\eu-ES
    2011-11-20 09:34:21 -------- d-----w- c:\windows\system32\ca-ES
    2011-11-20 09:31:49 -------- d-----w- c:\windows\system32\SPReview
    2011-11-19 21:10:27 -------- d-----w- C:\Temp
    2011-11-19 18:38:15 -------- d-----w- c:\users\jonathan taylor\appdata\local\FixItCenter
    2011-11-19 16:03:36 -------- d-----w- c:\users\jonathan taylor\appdata\local\•xŽm’ÊŠ”Ž®‰ïŽÐ
    2011-11-11 17:54:20 388096 ----a-r- c:\users\jonathan taylor\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-11-11 17:54:19 -------- d-----w- c:\program files\Trend Micro
    2011-11-11 17:02:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-11-11 16:50:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-06 18:25:02 -------- d-----w- c:\windows\Hewlett-Packard
    2011-11-04 15:04:41 -------- d-----w- C:\HPAppData
    2011-11-01 21:52:47 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2011-11-01 13:18:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-11-01 13:18:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-11-01 12:41:56 -------- d-----w- c:\program files\OpenOffice.org 3
    2011-11-01 08:19:50 -------- d-----w- c:\windows\MATS
    2011-11-01 08:19:49 -------- d-----w- c:\program files\Microsoft Fix it Center
    2011-11-01 07:37:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-31 21:32:09 -------- d-----w- c:\program files\CCleaner
    2011-10-31 20:33:24 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{88ffea9b-adc9-41a2-987a-f293c4ae4733}\gapaengine.dll
    2011-10-31 20:24:59 -------- d-----w- c:\windows\system32\EventProviders
    2011-10-31 20:09:16 355832 ----a-w- c:\program files\internet explorer\pdm.dll
    2011-10-31 20:09:16 265720 ----a-w- c:\program files\internet explorer\msdbg2.dll
    2011-10-31 19:54:51 -------- d-----w- c:\program files\Microsoft Security Client
    2011-10-31 19:54:28 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-10-31 18:55:58 -------- d-----w- c:\users\jonathan taylor\appdata\local\VS Revo Group
    2011-10-31 18:55:52 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2011-10-31 18:55:49 -------- d-----w- c:\program files\VS Revo Group
    2011-10-31 17:29:36 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-28 15:09:49 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9c67d16d-d52a-4f11-a358-7d91147d82d2}\mpengine.dll
    2011-10-23 10:08:52 -------- d-----w- c:\programdata\Citrix
    2011-10-23 10:08:25 -------- d-----w- c:\users\jonathan taylor\appdata\local\Citrix
    2011-10-23 10:08:23 103784 ----a-w- c:\users\jonathan taylor\GoToAssistDownloadHelper.exe
    2011-10-23 10:08:06 -------- d-----w- c:\users\jonathan taylor\appdata\local\Deployment
    2011-10-23 10:08:06 -------- d-----w- c:\users\jonathan taylor\appdata\local\Apps
    .
    ==================== Find3M ====================
    .
    2011-11-20 10:10:53 4096 ----a-w- c:\windows\system32\drivers\ja-jp\dxgkrnl.sys.mui
    2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 21:57:17.89 ===============
     
  6. Arfer

    Arfer TS Rookie Topic Starter Posts: 22

    DDS Attach Log

    DDS (Ver_2011-06-23.01)
    .
    .
    Motherboard: FUJITSU | | FJNB201
    Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Onboard | 2533/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 100 GiB total, 58.037 GiB free.
    D: is FIXED (NTFS) - 349 GiB total, 341.767 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    .
    
    Update for Microsoft Office 2007 (KB2508958)
    —‚e‚s‚o
    @nifty‚Ńuƒ[ƒhƒoƒ“ƒh
    —ƒtƒHƒgƒŒƒ^ƒbƒ`
    —ƒ[ƒ‹
    —ƒƒjƒ…[
    —‰f‘œŠÙ
    32 Bit HP CIO Components Installer
    3D MediaSurfing
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.1)
    ALPS Touch Pad Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATLAS –|–óƒp[ƒ\ƒiƒ‹ 2008 LE
    AuthenTec Fingerprint Software
    AzbyClubƒKƒWƒFƒbƒgƒvƒƒOƒ‰ƒ€
    AzbyClubƒc[ƒ‹ƒo[
    BIBLOƒ‰ƒ“ƒvÝ’è
    Big City Adventure Vancouver
    Bonjour
    BT Broadband Desktop Help
    BT Yahoo! Toolbar
    BTHomeHub
    BufferChm
    C309a
    CardRecovery 5.30
    Casino Island To Go
    Catan - The Computer Game
    CCleaner
    CDDRV_Installer
    Cribbage Quest
    CyberLink AVCHD Player
    Destinations
    DeviceDiscovery
    Direct DiscRecorder
    DocProc
    Drawn The Painted Tower
    DVD MovieWriter for FUJITSU
    Fax
    FM ‚©‚ñ‚½‚ñƒoƒbƒNƒAƒbƒv
    FMVƒTƒ|[ƒgƒiƒr
    FMVƒXƒNƒŠ[ƒ“ƒZ[ƒo[
    FMVƒ†[ƒU[“o˜^
    ‚e‚l‚u‰æ–Ê‚ÅŒ©‚éƒ}ƒjƒ…ƒAƒ‹
    FMVŽ«‘ƒZƒbƒg(LŽ«‰‘‘æ˜Z”Å+Œ»‘ã—pŒê‚ÌŠî‘b’mŽ¯+ŠwŒ¤ƒp[ƒ\ƒiƒ‹“‡Ž«“T)
    FoxTab PDF Converter
    Fujitsu Display Manager
    GAMEPACK2009F
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist Corporate
    Governor of Poker
    GPBaseService2
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 13.0
    HP Imaging Device Functions 13.0
    HP Photosmart C309a All-In-One Driver 14.0 Rel. 5
    HP Photosmart Essential 3.5
    HP Smart Web Printing 4.60
    HP Solution Center 13.0
    HP Update
    HPDiagnosticAlert
    HPPhotoGadget
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    IndicatorUtility
    InspiriumŽ«‘ŒŸõƒ‰ƒCƒuƒ‰ƒŠ
    Inst5671
    Intel(R) Graphics Media Accelerator Driver
    Internet Explorer (Enable DEP)
    its-moNavi PC
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    KhalInstallWrapper
    Luxor Quest for the Afterlife
    MarketResearch
    Microsoft .NET Framework 3.5 Language Pack SP1 - jpn
    Microsoft .NET Framework 3.5 Language Pack SP1 - “ú–{Œê
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile JPN Language Pack
    Microsoft .NET Framework 4 Client Profile Language Pack - “ú–{Œê
    Microsoft Antimalware
    Microsoft Antimalware Service JA-JP Language Pack
    Microsoft Fix it Center
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel 2007 Help XVƒvƒƒOƒ‰ƒ€ (KB963678)
    Microsoft Office Excel MUI (Japanese) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office IME (Japanese) 2007
    Microsoft Office Outlook 2007 Help XVƒvƒƒOƒ‰ƒ€ (KB963677)
    Microsoft Office Outlook MUI (Japanese) 2007
    Microsoft Office Personal 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (Japanese) 2007
    Microsoft Office Proofing (Japanese) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (Japanese) 2007
    Microsoft Office Word 2007 Help XVƒvƒƒOƒ‰ƒ€ (KB963665)
    Microsoft Office Word MUI (Japanese) 2007
    Microsoft Security Client
    Microsoft Security Client JA-JP Language Pack
    Microsoft Security Essentials
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mirror Mysteries
    MovieWizard
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    muveeNow 2.2
    MyBookEditor3
    NBC Heads-Up Poker
    Network
    NetworkPlayer
    NetworkPlayer ƒT[ƒo[
    O2Micro Flash Memory Card Windows Driver
    OCR Software by I.R.I.S. 13.0
    OmniPass 6.00.28
    OpenOffice.org 3.3
    Pat Sajak’s Lucky Letters
    PC抷ƒKƒCƒh
    Plugfree NETWORK
    Poker Pop
    Poker Superstars III
    PowerUtility - ƒXƒPƒWƒ…[ƒ‹‹@”\
    PowerUtility - ƒŠƒ‚[ƒgŠÇ—‹@”\
    PS_AIO_05_C309_Software_Min
    QuickTime
    Rainbow Web
    Realtek High Definition Audio Driver
    Revo Uninstaller Pro 2.5.5
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Creator LJ
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - “ú–{Œê (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - “ú–{Œê (KB2518870)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Serif DrawPlus 8
    Serif DrawPlus 8 Resources
    Serif ImpactPlus 5.0
    Serif ImpactPlus 5.0 Resource CD-ROM
    Serif PagePlus 11
    Serif PagePlus 11 Resources
    SetPoint
    Shop for HP Supplies
    Skype Toolbars
    Skype? 5.3
    SmartWebPrinting
    SolutionCenter
    Spybot - Search & Destroy
    Status
    Tiks Texas Hold em
    Toolbox
    TrayApp
    Undeleter
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    WebReg
    WinDVD for FUJITSU
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Yahoo! Search Protection
    Yahoo! Software Update
    ƒAƒbƒvƒf[ƒgƒiƒr
    ‚¤‚ꂵƒŒƒVƒs
    ‚¨Žè“ü‚êƒiƒr
    ‚©‚ñ‚½‚ñ•ÒW for FUJITSU
    ƒZƒLƒ…ƒŠƒeƒB‘Îôƒ\ƒtƒg‘I‘ð
    ‚Ä‚«‚Ï‚«‰ÆŒv•ëƒ}ƒ€‚U
    ƒeƒŒƒro—̓†[ƒeƒBƒŠƒeƒB
    ƒlƒbƒgƒeƒŒƒrƒrƒ…[ƒA[
    ƒpƒ\ƒRƒ“€”õ‚΂Á‚¿‚èƒKƒCtƒgØ‚è‘Ö‚¦ƒc[ƒ‹
    ‚ä‚Á‚½‚èÝ’è‚Q
    ‚ç‚*‚ç‚*ƒY[ƒ€
    ‚ç‚*‚ç‚*Žè‘‚«“ü—Í
    ƒƒ“ƒ^ƒbƒ`ƒ{ƒ^ƒ“Ý’è
    ŽžŽ–’ÊMŽÐ@ˆãŠwEŒ’NƒRƒ“ƒeƒ“ƒc
    抷ˆÄ“à
    抷ˆÄ“à —·”︎Z
    “dŽqŽ«‘
    ”]—̓gƒŒ[ƒi[
    •xŽm’ʃfƒoƒCƒXÄŒŸoƒc[ƒ‹
    •xŽm’ʃ‚ƒrƒŠƒeƒBƒZƒ“ƒ^[Šg’£
    •xŽm’ÊŠg’£‹@”\ƒ†[ƒeƒBƒŠƒeƒB
    •xŽm’Ê‹N“®ƒ†[ƒeƒBƒŠƒeƒB
    •ÇŽ†‚©‚ñ‚½‚ñ–Í—l‘Ö‚¦
    .
    ==== End Of File ===========================
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Broni clearly states this:

    Please do as asked. I am going to close this thread. He can have the 2 threads merged.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Reopened.

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. Arfer

    Arfer TS Rookie Topic Starter Posts: 22

    aswMBR Log

    Thanks Broni, here's the aswMBR Log. I will send ComboFix ASAP, thanks again :)


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-21 05:18:25
    -----------------------------
    05:18:25.986 OS Version: Windows 6.0.6002 Service Pack 2
    05:18:25.986 Number of processors: 2 586 0x170A
    05:18:25.987 ComputerName: JONATHANTAYL-PC UserName: jonathan taylor
    05:18:26.456 Initialize success
    05:20:11.293 AVAST engine defs: 11112001
    05:20:50.460 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    05:20:50.463 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
    05:20:50.478 Disk 0 MBR read successfully
    05:20:50.481 Disk 0 MBR scan
    05:20:50.495 Disk 0 Windows XP default MBR code
    05:20:50.499 Disk 0 scanning sectors +976771072
    05:20:50.596 Disk 0 scanning C:\Windows\system32\drivers
    05:21:05.194 Service scanning
    05:21:05.714 Service MpKsl929dd1cc C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6CC33874-0A86-40C3-833B-9C68E514DA80}\MpKsl929dd1cc.sys **LOCKED** 32
    05:21:05.717 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    05:21:06.312 Modules scanning
    05:21:13.514 Disk 0 trace - called modules:
    05:21:13.542 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
    05:21:13.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863c4148]
    05:21:13.550 3 CLASSPNP.SYS[8a5a38b3] -> nt!IofCallDriver -> [0x84f1e2f0]
    05:21:13.553 5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x858d7028]
    05:21:14.180 AVAST engine scan C:\Windows
    05:21:16.910 AVAST engine scan C:\Windows\system32
    05:24:24.459 AVAST engine scan C:\Windows\system32\drivers
    05:24:54.919 AVAST engine scan C:\Users\jonathan taylor
    05:30:24.519 AVAST engine scan C:\ProgramData
    05:32:45.503 Scan finished successfully
    05:33:33.147 Disk 0 MBR has been saved successfully to "C:\Users\jonathan taylor\Desktop\MBR.dat"
    05:33:33.154 The log file has been saved successfully to "C:\Users\jonathan taylor\Desktop\aswMBR.txt"
     
  10. Arfer

    Arfer TS Rookie Topic Starter Posts: 22

    ComboFix Log

    ComboFix 11-11-20.01 - jonathan taylor 2011/11/21 5:42.1.2 - x86
    Running from: c:\users\jonathan taylor\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\Start Menu\HP ƒ\ƒŠƒ…[ƒVƒ‡ƒ“ ƒZƒ“ƒ^[ .lnk
    c:\programdata\ntuser.dat
    c:\users\jonathan taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
    c:\users\jonathan taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
    c:\users\jonathan taylor\GoToAssistDownloadHelper.exe
    c:\windows\IsUn0411.exe
    c:\windows\security\Database\tmp.edb
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_COMSysApp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-20 20:49 . 2011-11-20 20:49 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E220197-AEA9-4DE9-8BB8-E06815C3DD3F}\offreg.dll
    2011-11-20 20:47 . 2011-11-20 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-20 20:24 . 2011-10-17 17:28 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E220197-AEA9-4DE9-8BB8-E06815C3DD3F}\mpengine.dll
    2011-11-20 10:17 . 2011-11-20 10:17 -------- d-----w- c:\program files\Windows Portable Devices
    2011-11-20 10:14 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2011-11-20 10:14 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2011-11-20 10:14 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2011-11-20 10:10 . 2011-11-20 10:10 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2011-11-20 10:10 . 2011-11-20 10:10 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2011-11-20 10:10 . 2011-11-20 10:10 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2011-11-20 10:10 . 2011-11-20 10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2011-11-20 10:10 . 2011-11-20 10:10 519680 ----a-w- c:\windows\system32\d3d11.dll
    2011-11-20 10:10 . 2011-11-20 10:10 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2011-11-20 10:10 . 2011-11-20 10:10 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2011-11-20 09:57 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-11-20 09:57 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-11-20 09:57 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-11-20 09:57 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-11-20 09:57 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-11-20 09:57 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-20 09:55 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-11-20 09:55 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-11-20 09:55 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-11-20 09:55 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-20 09:55 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2011-11-20 09:55 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-20 09:55 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2011-11-20 09:34 . 2011-11-20 09:34 -------- d-----w- c:\windows\system32\ca-ES
    2011-11-20 09:34 . 2011-11-20 09:34 -------- d-----w- c:\windows\system32\eu-ES
    2011-11-20 09:34 . 2011-11-20 09:34 -------- d-----w- c:\windows\system32\vi-VN
    2011-11-20 09:31 . 2011-11-20 09:31 -------- d-----w- c:\windows\system32\SPReview
    2011-11-19 21:10 . 2011-11-19 21:10 -------- d-----w- C:\Temp
    2011-11-19 18:55 . 2011-11-20 20:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SoftGrid Client
    2011-11-19 18:55 . 2011-11-19 18:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
    2011-11-19 16:03 . 2011-11-19 16:03 -------- d-----w- c:\users\jonathan taylor\AppData\Local\•xŽm’ÊŠ”Ž®‰ïŽÐ
    2011-11-16 17:11 . 2011-11-16 17:11 -------- d-----w- c:\programdata\WindowsSearch
    2011-11-11 17:54 . 2011-11-11 17:54 388096 ----a-r- c:\users\jonathan taylor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-11 17:54 . 2011-11-11 17:54 -------- d-----w- c:\program files\Trend Micro
    2011-11-11 17:02 . 2011-11-11 17:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-11-11 16:50 . 2011-11-11 16:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-06 18:25 . 2011-11-13 23:01 -------- d-----w- c:\users\jonathan taylor\AppData\Roaming\HpUpdate
    2011-11-06 18:25 . 2011-11-06 18:25 -------- d-----w- c:\windows\Hewlett-Packard
    2011-11-04 15:04 . 2011-11-04 15:04 -------- d-----w- C:\HPAppData
    2011-11-01 21:52 . 2011-10-17 17:28 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-11-01 13:18 . 2011-11-19 13:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-11-01 13:18 . 2011-11-01 13:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-11-01 12:45 . 2011-11-01 12:45 -------- d-----w- c:\users\jonathan taylor\AppData\Roaming\OpenOffice.org
    2011-11-01 12:41 . 2011-11-01 12:42 -------- d-----w- c:\program files\OpenOffice.org 3
    2011-11-01 09:32 . 2011-11-20 20:35 -------- d-----w- c:\users\jonathan taylor\AppData\Roaming\U3
    2011-11-01 07:37 . 2011-11-01 07:37 -------- d-----w- c:\program files\Common Files\Java
    2011-11-01 07:37 . 2011-10-02 20:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-31 21:32 . 2011-10-31 21:32 -------- d-----w- c:\program files\CCleaner
    2011-10-31 20:33 . 2011-10-04 08:22 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88FFEA9B-ADC9-41A2-987A-F293C4AE4733}\gapaengine.dll
    2011-10-31 20:24 . 2011-10-31 20:24 -------- d-----w- c:\windows\system32\EventProviders
    2011-10-31 20:09 . 2009-01-08 01:20 355832 ----a-w- c:\program files\Internet Explorer\pdm.dll
    2011-10-31 20:09 . 2009-01-08 01:20 265720 ----a-w- c:\program files\Internet Explorer\msdbg2.dll
    2011-10-31 19:54 . 2011-10-31 19:55 -------- d-----w- c:\program files\Microsoft Security Client
    2011-10-31 19:54 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-10-31 18:55 . 2011-10-31 18:55 -------- d-----w- c:\users\jonathan taylor\AppData\Local\VS Revo Group
    2011-10-31 18:55 . 2009-12-30 02:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2011-10-31 18:55 . 2011-10-31 18:55 -------- d-----w- c:\program files\VS Revo Group
    2011-10-31 17:29 . 2011-10-31 17:29 -------- d-----w- c:\users\jonathan taylor\AppData\Roaming\Malwarebytes
    2011-10-31 17:29 . 2011-10-31 17:29 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-23 10:08 . 2011-10-23 10:08 -------- d-----w- c:\programdata\Citrix
    2011-10-23 10:08 . 2011-10-23 10:08 -------- d-----w- c:\users\jonathan taylor\AppData\Local\Citrix
    2011-10-23 10:08 . 2011-10-23 10:08 -------- d-----w- c:\users\jonathan taylor\AppData\Local\Deployment
    2011-10-23 10:08 . 2011-10-23 10:08 -------- d-----w- c:\users\jonathan taylor\AppData\Local\Apps
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-20 10:10 . 2011-11-20 10:10 4096 ----a-w- c:\windows\system32\drivers\ja-JP\dxgkrnl.sys.mui
    2011-10-07 03:48 . 2011-10-28 15:09 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C67D16D-D52A-4F11-A358-7D91147D82D2}\mpengine.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
    "EzSptBtn"="c:\fjuty\sptnavi\EzSptBtn4.exe" [2008-09-25 372736]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-05 154136]
    "TvOutSwitch"="c:\program files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2008-04-02 102400]
    "PUSCKAPLEXE"="c:\program files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe" [2008-09-10 158248]
    "IME JPN 2007 Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2009-02-13 63856]
    "PfNet"="c:\program files\FUJITSU\Plugfree NETWORK\PFNet.exe" [2009-01-09 6390568]
    "OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2008-11-11 3153920]
    "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-28 76304]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-05 178712]
    "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-01-08 29992]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-27 204800]
    "PCMAgent"="c:\program files\CyberLink\AVCHD Player\PCMAgent.exe" [2009-01-23 143360]
    "CLMLServer"="c:\program files\CyberLink\AVCHD Player\Kernel\CLML\CLMLSvc.exe" [2009-01-23 196608]
    "FJDust"="c:\program files\Fujitsu\DustSolution\HokoriApp.exe" [2008-07-23 118784]
    "IndicatorUtility"="c:\program files\Fujitsu\IndicatorUtility\IndicatorUty.exe" [2009-01-06 43304]
    "LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe" [2009-01-13 212776]
    "LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2009-01-13 33576]
    "LoadPUSCDaemon"="c:\program files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe" [2008-09-10 140584]
    "UVS11 Preload"="c:\program files\Corel\DVD MovieWriter for FUJITSU\Movie Wizard\uvPL.exe" [2007-04-12 341488]
    "Corel Photo Downloader"="c:\program files\Corel\Corel MyPhoto\Corel Photo Downloader.exe" [2009-01-09 1188680]
    "NetTVViewerAgent"="c:\program files\Fujitsu\Net TV Viewer\NetTVViewerAgent.exe" [2009-02-17 222504]
    "NetworkPlayerServerHelper"="c:\program files\Fujitsu\NetworkPlayer Server\NetworkPlayerServerHelper.exe" [2008-09-16 451856]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
    "FJUPDNV_Chitose"="c:\program files\Fujitsu\chitose\updatenv.exe" [2011-07-01 147456]
    .
    c:\users\jonathan taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2010-2-12 805392]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2010-12-30 11:04 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
    Ime File REG_SZ imjp12.ime
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R1 MpKsla0be6dd4;MpKsla0be6dd4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E220197-AEA9-4DE9-8BB8-E06815C3DD3F}\MpKsla0be6dd4.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google ƒAƒbƒvƒf[ƒg ƒT[ƒrƒX (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 12:51 135664]
    R3 gupdatem;Google Update ƒT[ƒrƒX (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 12:51 135664]
    R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft ƒlƒbƒgƒ[ƒNŒŸ¸;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 06:39 208944]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    R3 putlrsrv;PowerUtility Remote Power Management Service;c:\progra~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe [2008-02-05 84520]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 WSDPrintDevice;UMB ‚ðŒo—R‚µ‚½ WSD ˆóüƒTƒ|[ƒg;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 02:23 16896]
    S0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2006-08-28 8960]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-10-20 1664248]
    S2 CLHNService3;CLHNService3;c:\program files\Fujitsu\NetworkPlayer\Kernel\DMP\CLHNService.exe [2008-09-24 81920]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
    S2 FjDstService;FjDstService;c:\program files\Fujitsu\DustSolution\FJDService.exe [2007-11-21 62760]
    S2 NetworkPlayer Server;NetworkPlayer Server;c:\program files\Fujitsu\NetworkPlayer Server\NetworkPlayerServer.exe [2008-09-29 86016]
    S2 ntk3;ntk3;c:\program files\Fujitsu\NetworkPlayer\Kernel\DMP\ntk3.sys [2008-09-24 120048]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
    S2 PFNService;PFNService;c:\program files\FUJITSU\Plugfree NETWORK\PFNService.exe [2008-12-19 213800]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-13 508264]
    S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\chitose\updnvsrv.exe [2011-06-16 12800]
    S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-10-20 478720]
    S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-21 112128]
    S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-02-05 47448]
    S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-08-12 43808]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-13 577384]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-13 194408]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-13 21864]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-13 19304]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-13 219496]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 12:51]
    .
    2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 12:51]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://home.bt.yahoo.com/
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    IE: @nifty: @search‚ÅŒŸõ - c:\program files\@nifty toolbar\ntoolbar.dll/atsearch.htm
    IE: @nifty: ƒy[ƒW‚ð“ú–{Œê‚É–|–ó - c:\program files\@nifty toolbar\ntoolbar.dll/en_to_jp.htm
    IE: @nifty: ‘I‘ð”͈͂ð“ú–{Œê‚É–|–ó - c:\program files\@nifty toolbar\ntoolbar.dll/en_to_jp_txt.htm
    IE: Google ƒTƒCƒhƒEƒBƒL... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: Microsoft Excel ‚ɃGƒNƒXƒ|[ƒg(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-FLAB_FirstInput - (no file)
    HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
    HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
    Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    AddRemove-‚o‚bƒhƒLƒ…ƒƒ“ƒgƒiƒrƒQ[ƒ^ - c:\windows\IsUn0411.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-21 05:52
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Softex\OmniPass\OmniServ.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\windows\system32\o2flash.exe
    c:\windows\system32\PSIService.exe
    c:\program files\Fujitsu\PowerUtility\schedule\PUSCSRVC.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\conime.exe
    c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
    c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
    c:\program files\Softex\OmniPass\opvapp.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2011-11-21 05:57:54 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-20 20:57
    .
    Pre-Run: 62,117,371,904 ƒoƒCƒg‚̋󂫗̈æ
    Post-Run: 61,911,494,656 ƒoƒCƒg‚̋󂫗̈æ
    .
    - - End Of File - - 840FD4DE68D5F9FEC0E0410BEF76F956
     
  11. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. Arfer

    Arfer TS Rookie Topic Starter Posts: 22

    It's looking good I think,start menu has reappeared,can't tell about the random sounds as they were intermittent. Am running OTL with the Custom Scan.
    Could I be extra cheeky when we're done and ask you to take me through what we've done and how you've sorted it for me ?
    Hope that would be ok- I love to learn..
    OTL log to follow,
    Thanks again ;)
     
  13. Arfer

    Arfer TS Rookie Topic Starter Posts: 22

    Here's the OTL Log PART 1 Due to length !!

    OTL logfile created on: 2011/11/21 6:52:53 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jonathan taylor\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

    2.93 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 58.07% Memory free
    6.09 Gb Paging File | 4.36 Gb Available in Paging File | 71.53% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 100.00 Gb Total Space | 58.06 Gb Free Space | 58.06% Space Free | Partition Type: NTFS
    Drive D: | 348.76 Gb Total Space | 341.77 Gb Free Space | 98.00% Space Free | Partition Type: NTFS
    Drive F: | 14.91 Gb Total Space | 8.85 Gb Free Space | 59.33% Space Free | Partition Type: FAT32
    Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: JONATHANTAYL-PC | User Name: jonathan taylor | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/20 21:48:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jonathan taylor\Desktop\OTL.exe
    PRC - [2011/07/01 11:02:42 | 000,147,456 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\chitose\updatenv.exe
    PRC - [2011/06/16 14:25:08 | 000,012,800 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\chitose\updnvsrv.exe
    PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2011/01/27 18:57:48 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    PRC - [2011/01/17 19:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 19:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2009/12/07 20:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    PRC - [2009/11/10 15:39:26 | 005,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    PRC - [2009/04/11 15:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/01/31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Hidfind.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2009/01/23 10:58:58 | 000,196,608 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\AVCHD Player\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/01/23 10:58:52 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\AVCHD Player\PCMAgent.exe
    PRC - [2009/01/15 15:55:26 | 000,257,320 | ---- | M] (Fujitsu Limited.) -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
    PRC - [2009/01/13 22:26:00 | 000,033,576 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    PRC - [2009/01/13 22:26:00 | 000,017,192 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHndHkb.exe
    PRC - [2009/01/13 15:42:22 | 000,212,776 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
    PRC - [2009/01/10 02:02:00 | 001,188,680 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel MyPhoto\Corel Photo Downloader.exe
    PRC - [2009/01/09 15:30:06 | 001,218,856 | ---- | M] (Fujitsu Limited.) -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
    PRC - [2009/01/08 17:10:06 | 000,029,992 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    PRC - [2009/01/06 16:38:20 | 000,043,304 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
    PRC - [2008/12/19 14:21:48 | 000,213,800 | ---- | M] () -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
    PRC - [2008/12/09 11:11:04 | 000,144,680 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSRVC.exe
    PRC - [2008/11/11 15:34:48 | 003,153,920 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
    PRC - [2008/11/11 14:41:18 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
    PRC - [2008/11/11 14:32:42 | 000,073,728 | ---- | M] () -- C:\Program Files\Softex\OmniPass\opvapp.exe
    PRC - [2008/11/10 05:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/10/20 12:12:38 | 001,664,248 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
    PRC - [2008/10/20 12:12:38 | 000,124,152 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
    PRC - [2008/09/29 17:14:34 | 000,086,016 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\NetworkPlayerServer.exe
    PRC - [2008/09/25 19:10:00 | 000,372,736 | ---- | M] (FUJITSU LIMITED) -- C:\fjuty\sptnavi\EzSptBtn4.exe
    PRC - [2008/09/24 23:02:16 | 000,081,920 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer\Kernel\DMP\CLHNService.exe
    PRC - [2008/09/16 20:45:44 | 000,451,856 | ---- | M] (DigiOn, Inc.) -- C:\Program Files\Fujitsu\NetworkPlayer Server\NetworkPlayerServerHelper.exe
    PRC - [2008/09/10 14:37:22 | 000,140,584 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
    PRC - [2008/09/10 14:36:32 | 000,158,248 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
    PRC - [2008/09/10 14:36:32 | 000,092,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCHOOK.exe
    PRC - [2008/07/23 19:26:50 | 000,118,784 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\DustSolution\HokoriApp.exe
    PRC - [2008/05/02 03:52:16 | 000,805,392 | ---- | M] (Logicool, Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
    PRC - [2008/05/02 03:48:52 | 000,076,304 | ---- | M] (Logicool, Inc.) -- c:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2007/11/21 16:33:28 | 000,062,760 | R--- | M] (FUJITSU LIMITED) -- c:\Program Files\Fujitsu\DustSolution\FJDService.exe
    PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
    PRC - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    PRC - [2005/09/13 15:30:14 | 000,057,344 | ---- | M] (O2Micro International) -- C:\Windows\System32\o2flash.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/20 20:13:30 | 001,301,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PFNTray\a99ccad677ef4e96ee2bf55b1390393c\PFNTray.ni.exe
    MOD - [2011/11/20 20:13:29 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PFNetDm\bc4efc2f9a5054062e33c4816db0a0f5\PFNetDm.ni.exe
    MOD - [2011/11/20 20:13:27 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
    MOD - [2011/11/20 20:13:27 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PFNLocSet\b423edb34bbf4f4e71b433c1e366b2ad\PFNLocSet.ni.dll
    MOD - [2011/11/20 20:12:59 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
    MOD - [2011/11/20 20:12:51 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
    MOD - [2011/11/20 19:29:28 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
    MOD - [2011/11/20 19:29:21 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
    MOD - [2011/11/01 21:43:59 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/01/27 18:57:50 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
    MOD - [2011/01/27 18:57:48 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    MOD - [2011/01/27 18:57:48 | 000,352,256 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
    MOD - [2011/01/27 18:57:48 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
    MOD - [2011/01/27 18:57:48 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
    MOD - [2011/01/27 18:57:46 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
    MOD - [2009/11/10 15:39:24 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
    MOD - [2009/01/23 10:59:00 | 000,868,352 | ---- | M] () -- C:\Program Files\CyberLink\AVCHD Player\Kernel\CLML\CLMediaLibrary.dll
    MOD - [2009/01/23 10:58:56 | 000,007,680 | ---- | M] () -- C:\Program Files\CyberLink\AVCHD Player\Kernel\CLML\CLMLSvcPS.dll
    MOD - [2008/11/11 15:34:48 | 003,153,920 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
    MOD - [2008/11/11 15:27:06 | 000,544,768 | ---- | M] () -- C:\Program Files\Softex\OmniPass\userdata.dll
    MOD - [2008/11/11 14:50:04 | 000,051,152 | ---- | M] () -- C:\Program Files\Softex\OmniPass\hdddrv.dll
    MOD - [2008/11/11 14:32:10 | 000,065,536 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scuredll.dll
    MOD - [2008/11/11 14:31:30 | 001,425,408 | ---- | M] () -- C:\Program Files\Softex\OmniPass\autheng.dll
    MOD - [2008/11/11 14:31:14 | 000,016,896 | ---- | M] () -- C:\Program Files\Softex\OmniPass\cryptodll.dll
    MOD - [2008/11/11 14:31:12 | 000,557,056 | ---- | M] () -- C:\Program Files\Softex\OmniPass\storeng.dll
    MOD - [2008/11/11 14:30:54 | 000,014,336 | ---- | M] () -- C:\Program Files\Softex\OmniPass\SSPLogon.dll
    MOD - [2008/09/19 20:20:48 | 000,147,456 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_upnp.dll
    MOD - [2008/09/19 20:20:48 | 000,143,360 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_av.dll
    MOD - [2008/09/19 20:20:48 | 000,131,072 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_util.dll
    MOD - [2008/09/19 20:20:48 | 000,110,592 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_msd.dll
    MOD - [2008/09/19 20:20:48 | 000,053,248 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_media.dll
    MOD - [2008/09/19 20:20:48 | 000,040,960 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_crawler_fs.dll
    MOD - [2008/09/19 20:20:48 | 000,036,864 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_access_control.dll
    MOD - [2008/09/19 20:20:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_metadata.dll
    MOD - [2008/09/19 20:20:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_device_manager.dll
    MOD - [2008/09/19 20:20:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_crawler.dll
    MOD - [2008/09/06 03:09:36 | 000,466,975 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\sqlite3.dll
    MOD - [2008/08/20 18:03:38 | 000,061,440 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\scew.dll
    MOD - [2008/05/13 19:47:28 | 000,151,552 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\libexpat.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/06/16 14:25:08 | 000,012,800 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\chitose\updnvsrv.exe -- (UpdateNaviInstallService)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/12/30 20:04:14 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
    SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/12/19 14:21:48 | 000,213,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)
    SRV - [2008/12/09 11:11:04 | 000,144,680 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSRVC.exe -- (PUSCSRVC)
    SRV - [2008/11/11 14:41:18 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
    SRV - [2008/11/10 05:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/10/20 12:12:38 | 001,664,248 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
    SRV - [2008/09/29 17:14:34 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu\NetworkPlayer Server\NetworkPlayerServer.exe -- (NetworkPlayer Server)
    SRV - [2008/09/24 23:02:16 | 000,081,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu\NetworkPlayer\Kernel\DMP\CLHNService.exe -- (CLHNService3)
    SRV - [2008/02/05 15:20:30 | 000,084,520 | ---- | M] (FUJITSU LIMITED) [On_Demand | Stopped] -- C:\Program Files\Fujitsu\PowerUtility\remote\PUTLRSRV.exe -- (putlrsrv)
    SRV - [2008/01/21 11:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/11/21 16:33:28 | 000,062,760 | R--- | M] (FUJITSU LIMITED) [Auto | Running] -- c:\Program Files\Fujitsu\DustSolution\FJDService.exe -- (FjDstService)
    SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
    SRV - [2005/09/13 15:30:14 | 000,057,344 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\o2flash.exe -- (O2Flash)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/11/21 06:41:37 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E14B41E5-269B-49A8-B455-16C484567653}\MpKsl2e861598.sys -- (MpKsl2e861598)
    DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2010/09/14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
    DRV - [2010/09/14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
    DRV - [2010/09/14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
    DRV - [2010/09/14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
    DRV - [2010/06/23 10:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
    DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009/12/07 20:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2009/12/07 20:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
    DRV - [2009/02/25 18:16:18 | 000,195,632 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2009/01/13 17:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/10/20 15:57:06 | 000,478,720 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
    DRV - [2008/09/24 23:02:24 | 000,120,048 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu\NetworkPlayer\Kernel\DMP\ntk3.sys -- (ntk3)
    DRV - [2008/09/22 05:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV - [2008/08/12 11:55:00 | 000,043,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
    DRV - [2008/02/29 04:12:44 | 000,029,072 | ---- | M] (Logicool, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2008/02/29 04:12:32 | 000,037,008 | ---- | M] (Logicool, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/02/29 04:12:26 | 000,035,472 | ---- | M] (Logicool, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2008/02/05 09:23:14 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
    DRV - [2008/01/21 11:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
    DRV - [2006/11/01 19:59:24 | 000,005,632 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
    DRV - [2006/11/01 19:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
    DRV - [2006/08/28 17:56:41 | 000,008,960 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\FBIOSDRV.SYS -- (FBIOSDRV)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
    IE - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
    IE - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\jonathan taylor\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/05 19:43:30 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/05 19:43:30 | 000,000,000 | ---D | M]

    [2011/04/12 05:15:51 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

    O1 HOSTS File: ([2011/11/21 05:50:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (Toolbar Browser Helper Objects) - {B37B14B8-699F-4002-9254-D1AB00FD07B5} - C:\Program Files\@nifty toolbar\nbho.dll (NIFTY Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (AzbyClubツールバー(&A)) - {3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} - C:\Program Files\@nifty toolbar\ntoolbar.dll (NIFTY Corporation)
    O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\..\Toolbar\WebBrowser: (AzbyClubツールバー(&A)) - {3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} - C:\Program Files\@nifty toolbar\ntoolbar.dll (NIFTY Corporation)
    O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
    O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\AVCHD Player\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel MyPhoto\Corel Photo Downloader.exe (Corel, Inc.)
    O4 - HKLM..\Run: [EzSptBtn] C:\fjuty\sptnavi\EzSptBtn4.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [FJDust] c:\Program Files\Fujitsu\DustSolution\HokoriApp.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logicool, Inc.)
    O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [LoadPUSCDaemon] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NetTVViewerAgent] c:\Program Files\Fujitsu\Net TV Viewer\NetTVViewerAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [NetworkPlayerServerHelper] C:\Program Files\Fujitsu\NetworkPlayer Server\NetworkPlayerServerHelper.exe (DigiOn, Inc.)
    O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
    O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\AVCHD Player\PCMAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PfNet] C:\Program Files\FUJITSU\Plugfree NETWORK\PFNet.exe (Fujitsu Limited.)
    O4 - HKLM..\Run: [PUSCKAPLEXE] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [TvOutSwitch] c:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Corel\DVD MovieWriter for FUJITSU\Movie Wizard\uvPL.exe (InterVideo Digital Technology Corporation)
    O4 - HKU\S-1-5-21-142404555-2497891713-1179873967-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - Startup: C:\Users\jonathan taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: @nifty: @searchで検索 - C:\Program Files\@nifty toolbar\ntoolbar.dll (NIFTY Corporation)
    O8 - Extra context menu item: @nifty: ページを日本語に翻訳 - C:\Program Files\@nifty toolbar\ntoolbar.dll (NIFTY Corporation)
    O8 - Extra context menu item: @nifty: 選択範囲を日本語に翻訳 - C:\Program Files\@nifty toolbar\ntoolbar.dll (NIFTY Corporation)
    O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA30D41-91D0-4B05-BDBE-C9CACC48310C}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C442C9F-D794-4541-A0F1-1F6F843CA73D}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Users\jonathan taylor\Application Data\Microsoft\Windows Photo Gallery\Windows フォト ギャラリー壁紙.jpg
    O24 - Desktop BackupWallPaper: C:\Users\jonathan taylor\Application Data\Microsoft\Windows Photo Gallery\Windows フォト ギャラリー壁紙.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/02/23 12:20:58 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2008/05/06 21:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FJMV - C:\Windows\System32\f1fqmven.dll (FUJITSU LIMITED)
     
  14. Arfer

    Arfer TS Rookie Topic Starter Posts: 22

    OTL Log Pt2

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/21 06:48:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jonathan taylor\Desktop\OTL.exe
    [2011/11/21 05:57:55 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Local\temp
    [2011/11/21 05:50:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/11/21 05:41:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/11/21 05:41:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/11/21 05:41:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/11/21 05:41:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/11/21 05:41:29 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/11/21 05:41:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/21 05:16:13 | 004,302,603 | R--- | C] (Swearware) -- C:\Users\jonathan taylor\Desktop\ComboFix.exe
    [2011/11/21 05:16:09 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\jonathan taylor\Desktop\aswMBR.exe
    [2011/11/20 22:29:09 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\Desktop\Log Files
    [2011/11/20 19:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
    [2011/11/20 18:34:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
    [2011/11/20 18:34:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
    [2011/11/20 18:34:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
    [2011/11/20 18:31:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
    [2011/11/20 06:10:27 | 000,000,000 | ---D | C] -- C:\Temp
    [2011/11/20 01:14:12 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\jonathan taylor\Desktop\dds.pif
    [2011/11/20 01:03:36 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Local\富士通株式会社
    [2011/11/17 02:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2011/11/15 22:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2011/11/12 02:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/11/12 02:54:19 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/11/12 02:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/11/10 07:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\アップデートナビ
    [2011/11/07 03:25:05 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Roaming\HpUpdate
    [2011/11/07 03:25:02 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
    [2011/11/05 00:04:41 | 000,000,000 | ---D | C] -- C:\HPAppData
    [2011/11/01 22:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011/11/01 22:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/11/01 22:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/11/01 22:10:15 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\Desktop\Mick Office Tests
    [2011/11/01 21:45:03 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Roaming\OpenOffice.org
    [2011/11/01 21:43:27 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
    [2011/11/01 21:41:56 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
    [2011/11/01 18:32:43 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Roaming\U3
    [2011/11/01 16:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2011/11/01 16:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/11/01 06:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/11/01 06:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/11/01 05:24:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
    [2011/11/01 04:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2011/11/01 03:55:58 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Local\VS Revo Group
    [2011/11/01 03:55:52 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
    [2011/11/01 03:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    [2011/11/01 03:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2011/11/01 02:29:45 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Roaming\Malwarebytes
    [2011/11/01 02:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/10/23 19:08:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
    [2011/10/23 19:08:25 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Local\Citrix
    [2011/10/23 19:08:06 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Local\Deployment
    [2011/10/23 19:08:06 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Local\Apps

    ========== Files - Modified Within 30 Days ==========

    [2011/11/21 06:51:14 | 000,601,444 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/11/21 06:51:14 | 000,385,782 | ---- | M] () -- C:\Windows\System32\perfh011.dat
    [2011/11/21 06:51:14 | 000,106,200 | ---- | M] () -- C:\Windows\System32\perfc011.dat
    [2011/11/21 06:51:14 | 000,106,100 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/11/21 06:38:03 | 000,001,024 | ---- | M] () -- C:\Users\jonathan taylor\.rnd
    [2011/11/21 06:38:01 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2011/11/21 06:37:58 | 000,000,692 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/11/21 06:37:46 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/21 06:37:46 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/21 06:37:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/21 06:37:37 | 3149,803,520 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/21 05:58:10 | 000,000,696 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/11/21 05:50:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/11/21 05:33:33 | 000,000,512 | ---- | M] () -- C:\Users\jonathan taylor\Desktop\MBR.dat
    [2011/11/20 21:48:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jonathan taylor\Desktop\OTL.exe
    [2011/11/20 20:14:48 | 004,302,603 | R--- | M] (Swearware) -- C:\Users\jonathan taylor\Desktop\ComboFix.exe
    [2011/11/20 20:13:44 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\jonathan taylor\Desktop\aswMBR.exe
    [2011/11/20 19:22:13 | 000,000,937 | ---- | M] () -- C:\Users\jonathan taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/11/20 19:20:32 | 000,523,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/11/20 19:17:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2011/11/20 19:17:27 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2011/11/20 19:12:00 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
    [2011/11/20 19:12:00 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
    [2011/11/20 19:11:51 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
    [2011/11/20 10:39:56 | 000,684,297 | ---- | M] () -- C:\Users\jonathan taylor\Desktop\unhide.exe
    [2011/11/20 01:02:49 | 000,006,756 | ---- | M] () -- C:\Users\jonathan taylor\AppData\Local\d3d9caps.dat
    [2011/11/19 12:39:12 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\jonathan taylor\Desktop\dds.pif
    [2011/11/18 07:09:42 | 000,020,361 | ---- | M] () -- C:\Users\jonathan taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\610533_main[2].jpg
    [2011/11/15 22:00:21 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2011/11/12 02:54:19 | 000,001,970 | ---- | M] () -- C:\Users\jonathan taylor\Desktop\HiJackThis.lnk
    [2011/11/08 03:15:16 | 000,176,388 | ---- | M] () -- C:\Windows\hpoins35.dat
    [2011/11/08 03:08:29 | 000,002,112 | ---- | M] () -- C:\Users\Public\Desktop\Add a Device - Photosmart C309a series.lnk
    [2011/11/01 22:25:46 | 000,437,862 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.old
    [2011/11/01 22:24:26 | 000,437,862 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111101-222546.backup
    [2011/11/01 22:19:01 | 000,001,073 | ---- | M] () -- C:\Users\jonathan taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/11/01 22:19:01 | 000,001,055 | ---- | M] () -- C:\Users\jonathan taylor\Desktop\Spybot - Search & Destroy.lnk
    [2011/11/01 21:46:23 | 000,001,028 | ---- | M] () -- C:\Users\jonathan taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    [2011/11/01 21:43:27 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
    [2011/11/01 04:55:41 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2011/11/01 04:33:09 | 000,000,616 | RHS- | M] () -- C:\Users\jonathan taylor\ntuser.pol
    [2011/10/29 23:14:29 | 000,000,456 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
    [2011/10/29 23:13:14 | 000,000,192 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
    [2011/10/29 23:13:14 | 000,000,088 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr

    ========== Files Created - No Company Name ==========

    [2011/11/21 06:38:01 | 000,001,024 | ---- | C] () -- C:\Users\jonathan taylor\.rnd
    [2011/11/21 06:37:40 | 000,001,024 | ---- | C] () -- C:\.rnd
    [2011/11/21 05:41:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/21 05:41:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/21 05:41:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/21 05:41:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/21 05:41:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/21 05:33:33 | 000,000,512 | ---- | C] () -- C:\Users\jonathan taylor\Desktop\MBR.dat
    [2011/11/20 22:40:01 | 3149,803,520 | -HS- | C] () -- C:\hiberfil.sys
    [2011/11/20 19:57:23 | 000,684,297 | ---- | C] () -- C:\Users\jonathan taylor\Desktop\unhide.exe
    [2011/11/20 19:17:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2011/11/20 19:17:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2011/11/20 19:11:51 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2011/11/20 02:24:03 | 000,302,592 | ---- | C] () -- C:\Users\jonathan taylor\Desktop\gmer.exe
    [2011/11/18 07:10:05 | 000,020,361 | ---- | C] () -- C:\Users\jonathan taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\610533_main[2].jpg
    [2011/11/15 22:00:21 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2011/11/12 02:54:19 | 000,001,970 | ---- | C] () -- C:\Users\jonathan taylor\Desktop\HiJackThis.lnk
    [2011/11/08 03:08:29 | 000,002,112 | ---- | C] () -- C:\Users\Public\Desktop\Add a Device - Photosmart C309a series.lnk
    [2011/11/01 22:19:01 | 000,001,073 | ---- | C] () -- C:\Users\jonathan taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/11/01 22:19:01 | 000,001,055 | ---- | C] () -- C:\Users\jonathan taylor\Desktop\Spybot - Search & Destroy.lnk
    [2011/11/01 21:46:23 | 000,001,028 | ---- | C] () -- C:\Users\jonathan taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    [2011/11/01 21:43:27 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
    [2011/11/01 05:21:37 | 000,000,937 | ---- | C] () -- C:\Users\jonathan taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/11/01 04:55:41 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2011/11/01 04:55:01 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2011/11/01 04:33:09 | 000,000,616 | RHS- | C] () -- C:\Users\jonathan taylor\ntuser.pol
    [2011/10/29 18:19:55 | 000,000,192 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
    [2011/10/29 18:19:55 | 000,000,088 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
    [2011/10/29 18:19:51 | 000,000,456 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
    [2011/04/12 05:15:53 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
    [2010/05/12 20:30:15 | 000,585,728 | ---- | C] () -- C:\Windows\System32\SerifVideo0.dll
    [2010/05/12 20:30:15 | 000,393,216 | ---- | C] () -- C:\Windows\System32\SerifVideoDX0.dll
    [2010/05/12 20:30:15 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SerifAnimation0.dll
    [2010/05/12 20:30:14 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SerifDSFiltEnum0.dll
    [2010/04/05 19:43:04 | 000,023,220 | ---- | C] () -- C:\Windows\hpqins15.dat
    [2010/04/05 05:30:13 | 000,213,826 | ---- | C] () -- C:\Windows\hpoins35.dat.temp
    [2010/04/05 05:30:13 | 000,001,062 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp
    [2010/04/05 03:18:17 | 000,176,388 | ---- | C] () -- C:\Windows\hpoins35.dat
    [2010/02/20 10:26:31 | 000,005,120 | ---- | C] () -- C:\Users\jonathan taylor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/02/15 12:08:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2010/02/15 12:08:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/02/13 21:57:10 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/02/12 17:13:06 | 000,006,756 | ---- | C] () -- C:\Users\jonathan taylor\AppData\Local\d3d9caps.dat
    [2009/06/24 19:01:10 | 000,001,062 | ---- | C] () -- C:\Windows\hpomdl35.dat
    [2009/03/09 19:53:56 | 000,209,040 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2009/03/09 19:53:56 | 000,204,944 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2009/03/09 19:53:56 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2009/03/09 19:53:56 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2009/03/09 19:53:56 | 000,192,656 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2009/03/09 19:53:56 | 000,024,720 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2009/03/09 19:52:22 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
    [2009/02/23 12:41:48 | 000,000,256 | ---- | C] () -- C:\Windows\System32\LTAP8FNR.BIN
    [2009/02/23 11:43:49 | 000,013,824 | ---- | C] () -- C:\Windows\System32\vchannel.dll
    [2009/02/23 11:08:31 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
    [2009/02/23 11:08:29 | 002,026,604 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2009/02/23 11:08:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
    [2009/02/23 11:08:27 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
    [2009/02/23 11:08:26 | 000,445,796 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2009/02/02 17:35:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/01/29 11:43:48 | 000,001,602 | ---- | C] () -- C:\Windows\System32\FMVSaver.ini
    [2008/01/21 16:26:54 | 000,385,782 | ---- | C] () -- C:\Windows\System32\perfh011.dat
    [2008/01/21 16:26:54 | 000,139,030 | ---- | C] () -- C:\Windows\System32\perfi011.dat
    [2008/01/21 16:26:54 | 000,106,200 | ---- | C] () -- C:\Windows\System32\perfc011.dat
    [2008/01/21 16:26:54 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd011.dat
    [2007/06/05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
    [2006/11/02 21:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 21:47:37 | 000,523,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 21:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 19:33:01 | 000,601,444 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 19:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 19:33:01 | 000,106,100 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 19:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 19:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 17:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 17:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 16:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 16:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2009/02/23 11:45:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Fujitsu
    [2009/02/23 12:22:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\MyBookEditor3
    [2009/02/23 11:56:12 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\PowerCinema
    [2009/03/09 19:59:23 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Ulead Systems
    [2009/02/23 11:45:34 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Fujitsu
    [2009/02/23 12:22:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\MyBookEditor3
    [2009/02/23 11:56:12 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\PowerCinema
    [2009/03/09 19:59:23 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Ulead Systems
    [2010/02/21 21:35:59 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\Big Fish Games
    [2011/06/06 03:56:11 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\Blitware
    [2010/03/04 18:35:56 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\DATT JAPAN
    [2010/02/20 10:59:37 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\EA
    [2011/08/31 15:07:14 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\Fujitsu
    [2010/02/20 10:25:46 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\funkitron
    [2011/06/06 03:41:25 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\HTC
    [2011/05/10 03:46:47 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2010/02/13 09:48:39 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\InterVideo
    [2009/02/23 12:22:03 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\MyBookEditor3
    [2011/11/01 21:45:03 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\OpenOffice.org
    [2010/02/20 13:09:17 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\PlayFirst
    [2009/02/23 11:56:12 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\PowerCinema
    [2010/05/12 21:15:25 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\Serif
    [2011/09/18 18:51:34 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\SoftGrid Client
    [2011/06/18 17:48:50 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\TP
    [2009/03/09 19:59:23 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\Ulead Systems
    [2010/11/21 07:58:20 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\Uniblue
    [2011/11/21 06:19:26 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/11/21 06:38:01 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2009/02/23 12:20:58 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 15:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2009/02/02 17:24:56 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006/09/19 06:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/11/21 06:37:37 | 3149,803,520 | -HS- | M] () -- C:\hiberfil.sys
    [2009/02/09 21:14:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/02/09 21:14:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/11/21 06:37:36 | 3463,405,568 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/11/02 21:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 21:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 21:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2011/11/20 18:29:27 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/19 06:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/10/17 14:55:18 | 000,321,536 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp696.dll
    [2006/11/02 21:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/21 11:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/21 12:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/21 12:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/21 12:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 19:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 19:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/11/18 07:09:42 | 000,020,361 | ---- | M] () -- C:\Users\jonathan taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\610533_main[2].jpg
    [2011/11/20 19:22:13 | 000,000,097 | -HS- | M] () -- C:\Users\jonathan taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/11/20 20:13:44 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\jonathan taylor\Desktop\aswMBR.exe
    [2011/11/20 20:14:48 | 004,302,603 | R--- | M] (Swearware) -- C:\Users\jonathan taylor\Desktop\ComboFix.exe
    [2011/11/20 03:32:44 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\Users\jonathan taylor\Desktop\FixitCenter_Run.exe
    [2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\jonathan taylor\Desktop\gmer.exe
    [2011/11/20 21:48:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jonathan taylor\Desktop\OTL.exe
    [2011/11/20 10:39:56 | 000,684,297 | ---- | M] () -- C:\Users\jonathan taylor\Desktop\unhide.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >
    [2011/10/07 19:29:50 | 000,000,698 | ---- | M] () -- C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2010/12/13 14:23:32 | 000,029,184 | ---- | M] () -- C:\Users\jonathan taylor\rebasegui.exe

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/11/20 18:39:59 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/11/20 18:39:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/11/20 18:39:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/11/20 18:39:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/11/20 18:39:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/02/12 17:13:23 | 000,000,402 | -HS- | M] () -- C:\Users\jonathan taylor\Favorites\desktop.ini
    [2011/11/20 19:24:31 | 000,001,740 | ---- | M] () -- C:\Users\jonathan taylor\Favorites\muveeNow.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/10/29 23:14:29 | 000,000,456 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
    [2011/11/08 03:15:17 | 000,003,516 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2011/10/29 23:13:14 | 000,000,192 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
    [2011/10/29 23:13:14 | 000,000,088 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:73933431
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AA7BE830
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:82C50600
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C5F7BBCF
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1E3397DC
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:1A60DE96
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5F15D632
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:1DF79F4B
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:DD160B0D
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8BBD1F9A
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:52DBE86F
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:91EA783C
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:F7862839
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:322EAACD

    < End of report >
     
  15. Arfer

    Arfer TS Rookie Topic Starter Posts: 22

    OTL Extras

    OTL Extras logfile created on: 2011/11/21 6:52:53 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jonathan taylor\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

    2.93 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 58.07% Memory free
    6.09 Gb Paging File | 4.36 Gb Available in Paging File | 71.53% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 100.00 Gb Total Space | 58.06 Gb Free Space | 58.06% Space Free | Partition Type: NTFS
    Drive D: | 348.76 Gb Total Space | 341.77 Gb Free Space | 98.00% Space Free | Partition Type: NTFS
    Drive F: | 14.91 Gb Total Space | 8.85 Gb Free Space | 59.33% Space Free | Partition Type: FAT32
    Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: JONATHANTAYL-PC | User Name: jonathan taylor | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-142404555-2497891713-1179873967-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{722A5E7C-B1D8-4FF4-8407-3E4ABF69CB0D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{7A42B9B9-2646-4184-ABF7-A717BD6B3A87}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0580B5AA-7915-45DD-8B11-406FFB3955E0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
    "{08E0333A-DAC5-4A97-B7B0-4EEF3A24A0CC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
    "{0E95F6A6-A370-4971-8EBD-1463A8C0F266}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
    "{0EBDDAA1-949D-4304-9B61-B8674A227C23}" = dir=in | app=c:\program files\fujitsu\net tv viewer\kernel\dmp\clbrowserengine.exe |
    "{12107CC3-AA1D-466B-A405-9A6B4A9E975D}" = protocol=6 | dir=in | app=e:\x86\ibiscont.exe |
    "{127C1D9C-8EF7-40DA-815A-55211F64E180}" = protocol=17 | dir=in | app=c:\users\jonathan taylor\appdata\local\microsoft\windows\temporary internet files\content.ie5\7hfjy5hk\pdfconvertersetup[1].exe |
    "{13A97BBA-0F39-4D38-9831-0A29C04AE29E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{238EF0FD-9308-48D4-96A6-DEDFCCF6508C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
    "{262D146F-7195-47DB-ACFE-A6AFB0AE378B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
    "{2C9C896E-6762-4FA1-89BD-E2398A5380DF}" = dir=in | app=c:\program files\cyberlink\avchd player\kernel\dms\clmsservice.exe |
    "{2D22BC62-0DFD-4DB7-874C-C730E12FE547}" = protocol=6 | dir=in | app=c:\program files\fujitsu\nrs\wizardezweb.exe |
    "{2D3103E8-F952-4FC6-BDA3-22C0C7322A5B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{2F410451-321C-456D-94A7-FAB656199478}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{3449C796-08ED-4897-9C25-93B2CC85B7F5}" = protocol=17 | dir=in | app=c:\program files\fujitsu\nrs\wizardezweb.exe |
    "{382B6BFE-1EC8-46C6-B1E7-2EA139783C7E}" = protocol=17 | dir=in | app=c:\program files\fujitsu\nrs\wizardhtml.exe |
    "{39E27FBA-A916-43FB-9F7D-8249089E61D7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
    "{39FE975C-FD0A-4A60-817C-64776F77FFF8}" = protocol=17 | dir=in | app=c:\program files\fujitsu\networkplayer server\fmvsttool.exe |
    "{43E2E33E-DC71-424D-92C2-CD2588C21367}" = protocol=6 | dir=in | app=c:\program files\fujitsu\nrs\wizardjskyweb.exe |
    "{46D581E2-0200-427D-BD8E-D12CD01298BC}" = protocol=6 | dir=in | app=c:\program files\fujitsu\powerutility\remote\putlradm.exe |
    "{4988C05D-14F9-4C49-A067-A2F534BC4DA8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
    "{5187009D-5255-4EC9-9214-9A408F4E121F}" = protocol=6 | dir=in | app=c:\program files\fujitsu\nrs\wizardhtml.exe |
    "{5C614522-E797-43BC-A93B-DC0BA4591B9A}" = protocol=6 | dir=in | app=c:\program files\fujitsu\nrs\wizardchtml.exe |
    "{61FC6B1C-F9B8-48BC-9524-1FBDD0F0A6D8}" = protocol=6 | dir=in | app=c:\program files\fujitsu\networkplayer server\fmvsttool.exe |
    "{63EEEB8C-4B7A-4D7F-8DED-BFA4DF262EC6}" = dir=in | app=c:\program files\cyberlink\avchd player\kernel\dmp\clbrowserengine.exe |
    "{694270BD-99A3-4E55-852F-24479929B7B2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{70560FCD-64DD-4607-92A2-6086A107CB8E}" = protocol=6 | dir=in | app=c:\program files\fujitsu\networkplayer server\networkplayerservertool.exe |
    "{74A39943-0DBA-4556-9161-F0BE9BBD9B8B}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{7F2200BB-A478-42F3-84D3-112226ED3BCB}" = protocol=17 | dir=in | app=c:\program files\fujitsu\networkplayer server\networkplayerserver.exe |
    "{7F7E553C-D4D7-4E39-8005-8C088AD1DB22}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
    "{8192C213-D838-48DE-9DA0-8F8F91845621}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{82C1DFE1-3DD1-44A3-B0CE-BB34A405417D}" = protocol=17 | dir=in | app=c:\program files\fujitsu\networkplayer server\networkplayerservertool.exe |
    "{83E04812-7DF3-4DCB-8910-EB0582B5FD19}" = protocol=17 | dir=in | app=c:\program files\fujitsu\networkplayer server\networkplayerserverhelper.exe |
    "{88AE392D-6FA3-426D-8646-C88CFE8C82BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{88E51FCA-8A6F-4422-B376-C25509CE0CCD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{91D5D1A3-047A-4355-B7CA-97946F8B72C3}" = dir=in | app=c:\program files\fujitsu\networkplayer\networkplayer.exe |
    "{92DA881F-5003-4D6C-839E-CC3A3E221D7A}" = protocol=6 | dir=in | app=c:\program files\fujitsu\networkplayer server\networkplayerserverhelper.exe |
    "{96EC4057-9E87-480D-94F4-53FC9BB975FD}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{99664AFC-7FCB-434E-947E-A6E847D602AC}" = dir=in | app=c:\users\jonath~1\appdata\local\temp\7zs46fc\setup\hpznui01.exe |
    "{9DC4C0BB-649F-455C-BC87-E9BCDFBD6B9C}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
    "{A133C643-4CB7-40F8-BB60-CC248C55CAF0}" = protocol=6 | dir=in | app=c:\users\jonathan taylor\appdata\local\microsoft\windows\temporary internet files\content.ie5\7hfjy5hk\pdfconvertersetup[1].exe |
    "{A1E7EE77-B514-409D-8E48-5E4C500D97E9}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{A3AF0EEE-5950-498F-8D4F-51DD4F9F8B76}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{A704D367-FCDF-435F-A67B-A4C41F87A084}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{AB63BE67-D336-40AA-97E8-A2EC75C8A0EB}" = protocol=17 | dir=in | app=e:\x86\ibiscont.exe |
    "{B0D51A6B-FFD5-4783-9B7D-C7ACFD0C719A}" = dir=in | app=c:\program files\cyberlink\avchd player\powercinema.exe |
    "{B27F7668-C51F-4FDF-96C5-C049667F2B82}" = dir=in | app=c:\program files\fujitsu\net tv viewer\powercinema.exe |
    "{B44205A9-8D4B-4865-9384-B459A64A2165}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{BE769E90-B571-4A07-AA49-1EFADD990831}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
    "{C17F3C2F-CCA5-4823-A2E0-5FFE69AC4BB9}" = dir=in | app=c:\users\jonath~1\appdata\local\temp\7zs46fc\setup\hpznui01.exe |
    "{C281A4BA-D955-4F95-BD79-992DDA09C017}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{D148CFDA-E369-4563-B840-32A3DB05D764}" = protocol=17 | dir=in | app=c:\program files\fujitsu\nrs\wizardchtml.exe |
    "{D29DBF03-64A0-459F-A9A9-E062F6A265E8}" = dir=in | app=c:\program files\hp\digital imaging\{71c4f928-136a-4222-a191-310e081fb96b}\setup\hpznui01.exe |
    "{D4019292-3E77-4776-ABEF-A0A0E3E241D7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
    "{D849D474-DBEC-416F-8E4E-837B8896D5F1}" = dir=in | app=c:\program files\cyberlink\avchd player\pcmservice.exe |
    "{E2C83C08-321B-4E02-88BB-4CB9F6166DC5}" = protocol=17 | dir=in | app=c:\program files\fujitsu\nrs\wizardjskyweb.exe |
    "{E365E2F8-85AC-4B1D-B21C-9C616A189D35}" = protocol=6 | dir=in | app=c:\program files\fujitsu\networkplayer server\networkplayerserver.exe |
    "{E5B222A3-5E39-4A9C-8570-9637A6ED3F1A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{E8DD9AC9-B34A-4B8E-9411-5DCA1746AED9}" = dir=in | app=c:\program files\fujitsu\net tv viewer\pcmservice.exe |
    "{F12A4378-EC65-45B2-B5A6-CC73952ED506}" = dir=in | app=c:\program files\fujitsu\net tv viewer\kernel\dms\clmsservice.exe |
    "{F1A441DF-5E46-4B62-B6A9-7C312C67BB0A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    "{F7B7DFFB-7771-4184-882F-3FAF0CE24C0D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{F90D8987-D455-431E-BD82-C463F6B6A764}" = protocol=17 | dir=in | app=c:\program files\fujitsu\powerutility\remote\putlradm.exe |
    "TCP Query User{3420CBFE-D246-44C6-A1CE-B80ACBEE36B1}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{89A127E1-2889-46EF-98D8-B4A89BB19BB0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "TCP Query User{9F50E035-E00E-4C25-B833-80E652EC7E4E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{FCE60B52-A753-44C0-902E-D0710B74C58C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{041417B9-EE0C-4BC2-8B2E-79C44037E2DF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{4B1DED1D-8D5D-4BD6-830A-0218F00DF13B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{9455DE7D-5BA6-4781-B703-DDBF95523186}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "UDP Query User{A6E2A854-D708-49BD-862B-EFBF02B42049}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{071961C7-72B3-4BFF-A864-FFC69694C170}" = GAMEPACK2009F
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
    "{0B884C9B-5D85-4461-88EE-826E1BB33008}" = Serif PagePlus 11
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0EF12FF9-80B8-4E43-A279-7F218CE27393}" = FMV辞書セット(広辞苑第六版+現代用語の基礎知識+学研パーソナル統合辞典)
    "{106845DF-461C-46F6-B0B4-E940CF929623}" = 
    "{14B79826-8E53-30C2-8D88-28B8726C90FF}" = Microsoft .NET Framework 4 Client Profile JPN Language Pack
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1928F447-569E-4238-8E37-A4156A4F838C}" = らくらくズーム
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1A20AFF1-8171-49B0-A2F9-3205939DA176}" = @フォトレタッチ
    "{1D21451D-9C36-42A1-BD21-4A68410C9F2C}" = 壁紙かんたん模様替え
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for FUJITSU
    "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{224F03EA-8DA5-4413-9B80-FD3B7EABAF9B}" = 富士通モビリティセンター拡張
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink AVCHD Player
    "{26876AA9-86C6-4E6B-99E6-0FE449DF1971}" = メールソフト切り替えツール
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
    "{283BDB6B-DA47-436B-BD6E-29CF78E5EB9C}" = FMV画面で見るマニュアル
    "{29276E3F-15EF-49FC-9793-B07811C8059D}" = PC乗換ガイド
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
    "{353020C6-8E88-4F5B-B174-BE0BA12255D0}" = 脳力トレーナー
    "{378C547F-7AE3-467D-9E11-C888B026F62D}" = NetworkPlayer サーバー
    "{38508400-4782-4721-8648-32BD0D676E40}" = ネットテレビビューアー
    "{3B1E1F4C-031D-410F-A93A-1220236608C8}" = Microsoft Antimalware Service JA-JP Language Pack
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = マイフォト
    "{3F605785-48E5-49AC-846B-DE63AA957032}" = らくらく手書き入力
    "{41938788-1E1C-4A8B-A1CD-F34C7A4D3E0D}" = セキュリティ対策ソフト選択
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{44193AE6-D871-473C-8D1F-D55FBCB45552}" = Inst5671
    "{44BC6B79-CAD2-491B-9793-71A46ED02083}" = AuthenTec Fingerprint Software
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{47BC37A3-35C8-484A-8CBD-851914EB095E}" = アップデートナビ
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{4EC9E702-4FCF-4C63-B840-42C8A559C9C4}" = ゆったり設定2
    "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client JA-JP Language Pack
    "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieWriter for FUJITSU
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{60DAE067-F470-4FFC-9FEC-F67914FE2AEC}" = @映像館
    "{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = ワンタッチボタン設定
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{6A1110AB-79A2-4316-A0F3-D95525931FDC}_is1" = Undeleter
    "{6AACA25A-8C8A-4511-9B83-9B3858A4210F}" = MovieWizard
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver 14.0 Rel. 5
    "{723D1614-0571-4628-BC3E-B8AD9318143C}" = @FTP
    "{732FD072-CEFB-4F46-AF16-C537130CFDCB}" = Plugfree NETWORK
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{77DBFD53-F57D-4D0B-A70D-6D454AB7B6D2}" = MyBookEditor3
    "{77E46779-1EF3-4ED9-8D55-5BE365AF13CE}" = パソコン準備ばっちりガイド
    "{7BA0ECC1-2636-4169-9BF0-F49A1F7AAD87}" = 富士通起動ユーティリティ
    "{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110246513}" = Catan - The Computer Game
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110554843}" = Pat Sajak痴 Lucky Letters
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111125700}" = Rainbow Web
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111208880}" = Casino Island To Go
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112866767}" = NBC Heads-Up Poker
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112935120}" = Cribbage Quest
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113766567}" = Poker Superstars III
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115364873}" = Governor of Poker
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1156157}" = Luxor Quest for the Afterlife
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118186583}" = Drawn The Painted Tower
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118203740}" = Mirror Mysteries
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118341103}" = Big City Adventure Vancouver
    "{838E3304-69BE-4537-8297-1760E36A2DA5}" = Serif DrawPlus 8
    "{83F00304-550B-4652-A12C-E301CB8B1EE4}" = FMVスクリーンセーバー
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{888F0154-4AAA-4719-BFAE-01C3066B8408}" = C309a
    "{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30
    "{8E38F042-3863-43D6-9430-04B3610298C3}" = FM かんたんバックアップ
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0016-0411-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Japanese) 2007
    "{90120000-0016-0411-0000-0000000FF1CE}_PERSONALR_{2B20F8FF-CEDB-49F3-B00E-94B8E93F35A1}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0411-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Japanese) 2007
    "{90120000-001A-0411-0000-0000000FF1CE}_PERSONALR_{2B20F8FF-CEDB-49F3-B00E-94B8E93F35A1}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0411-0000-0000000FF1CE}" = Microsoft Office Word MUI (Japanese) 2007
    "{90120000-001B-0411-0000-0000000FF1CE}_PERSONALR_{2B20F8FF-CEDB-49F3-B00E-94B8E93F35A1}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PERSONALR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2007
    "{90120000-001F-0411-0000-0000000FF1CE}_PERSONALR_{09FD8ECF-B585-47FD-8E53-68BB8741DA65}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007
    "{90120000-0028-0411-0000-0000000FF1CE}_PERSONALR_{85644C8B-569F-4998-9A4F-0845AA579E9E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0411-0000-0000000FF1CE}" = Microsoft Office Proofing (Japanese) 2007
    "{90120000-006E-0411-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Japanese) 2007
    "{90120000-006E-0411-0000-0000000FF1CE}_PERSONALR_{B780C954-17E3-41D7-902B-94D21B349E08}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9044384C-1D53-4DEA-B257-0A0C7D6C7452}" = Serif DrawPlus 8 Resources
    "{91120000-0033-0000-0000-0000000FF1CE}" = Microsoft Office Personal 2007
    "{91120000-0033-0000-0000-0000000FF1CE}_PERSONALR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0033-0000-0000-0000000FF1CE}_PERSONALR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{923E3957-F939-453A-BD55-41CFB8D7F211}" = HTC Sync
    "{932245FB-2F3B-3E2E-B8AB-BDE96E434F21}" = Microsoft .NET Framework 3.5 Language Pack SP1 - jpn
    "{9A472982-E1B5-4504-8E2A-43E9C2E44F99}" = 3D MediaSurfing
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C665D73-1F28-470A-AB62-5A45B8B4172C}" = 時事通信社 医学・健康コンテンツ
    "{9F367848-4A9C-4400-A17C-DCDF5C5537B8}" = Serif ImpactPlus 5.0 Resource CD-ROM
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{A33E457B-5369-481F-8B53-71108AE2EB5B}" = Roxio Creator LJ
    "{A54F5CD3-317A-483B-99AE-B5100208902D}" = お手入れナビ
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = NetworkPlayer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
    "{B351DC34-2758-492A-ADEE-66C17A61860E}" = PowerUtility - スケジュール機能
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{B931A76E-3CBE-453F-A196-154DBAEA1B47}" = Inspirium辞書検索ライブラリ
    "{BA0CC975-682B-4678-A35C-05E607F36387}" = IndicatorUtility
    "{BBB567E6-73B5-40B1-B46C-9B13DA13A3A5}" = Serif ImpactPlus 5.0
    "{BBF08789-06CB-4D2F-9330-CD617AFDE528}" = Fax
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BF42FB05-6C5B-4BB7-A024-741D7E3DFD80}" = FMVユーザー登録
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C24447C3-CACD-4ce3-BA95-1BE092E0C4F8}" = AzbyClubガジェットプログラム
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
    "{C99E6F22-FD0E-4D6E-925A-268AD1C050D6}" = its-moNavi PC
    "{C9A391A7-E3C0-45B3-9A8E-1D878C9A3997}" = Serif PagePlus 11 Resources
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0038B10-4B2C-49D3-9C66-8B0A1518F1B9}" = muveeNow 2.2
    "{D1666DE7-C83C-4711-8AF8-D58004811F28}" = O2Micro Flash Memory Card Windows Driver
    "{D18E639E-0B65-4FC1-9065-78926EE90958}" = PowerUtility - リモート管理機能
    "{D1A1B85E-328C-47C0-80EB-3AF2C567114E}" = 電子辞書
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
    "{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{DDB64FC6-9298-4F6E-B8B4-896D71754741}" = Fujitsu Display Manager
    "{DFAC6623-5DE9-48A3-8F7C-44134D3B8194}" = 乗換案内
    "{E40CCCFF-E52F-49FC-8215-88B9F4D40227}" = ATLAS 翻訳パーソナル 2008 LE
    "{E440FCB2-6CA6-46A4-BA67-CEF6C009165F}" = @メール
    "{E868C148-D80D-4EB7-A3CD-42CF98A1AC89}" = 富士通デバイス再検出ツール
    "{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = 富士通拡張機能ユーティリティ
    "{E902DA50-B519-4820-81C2-694226E23B2E}" = @niftyでブロードバンド
    "{E9327EB0-7209-4E47-8EE2-999D5E567CAE}" = テレビ出力ユーティリティ
    "{EA44B14D-DE9B-41EF-BFEE-11CD240CE40F}" = BIBLOランプ設定
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = SetPoint
    "{F41DAAD0-58A1-4A9D-B0E8-304D3748D555}" = うれしレシピ
    "{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 6.00.28
    "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
    "{F7F60AC4-4B4B-48bd-A536-381F43DAED0E}" = AzbyClubツールバー
    "{F96D9B35-8713-49CC-910A-9742D7EB5F8E}" = FMVサポートナビ
    "{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min
    "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Creator LJ
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "BT Broadband Desktop Help" = BT Broadband Desktop Help
    "BTHomeHub" = BTHomeHub
    "CCleaner" = CCleaner
    "FoxTab PDF Converter" = FoxTab PDF Converter
    "Google Chrome" = Google Chrome
    "GoToAssist" = GoToAssist Corporate
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "InstallShield_{1928F447-569E-4238-8E37-A4156A4F838C}" = らくらくズーム
    "InstallShield_{1A20AFF1-8171-49B0-A2F9-3205939DA176}" = @フォトレタッチ
    "InstallShield_{1C725459-5053-42A5-B22A-F3E91484DF65}" = @メニュー
    "InstallShield_{1D21451D-9C36-42A1-BD21-4A68410C9F2C}" = 壁紙かんたん模様替え
    "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for FUJITSU
    "InstallShield_{224F03EA-8DA5-4413-9B80-FD3B7EABAF9B}" = 富士通モビリティセンター拡張
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink AVCHD Player
    "InstallShield_{29276E3F-15EF-49FC-9793-B07811C8059D}" = PC乗換ガイド
    "InstallShield_{38508400-4782-4721-8648-32BD0D676E40}" = ネットテレビビューアー
    "InstallShield_{41938788-1E1C-4A8B-A1CD-F34C7A4D3E0D}" = セキュリティ対策ソフト選択
    "InstallShield_{4EC9E702-4FCF-4C63-B840-42C8A559C9C4}" = ゆったり設定2
    "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieWriter for FUJITSU
    "InstallShield_{60DAE067-F470-4FFC-9FEC-F67914FE2AEC}" = @映像館
    "InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = ワンタッチボタン設定
    "InstallShield_{6AACA25A-8C8A-4511-9B83-9B3858A4210F}" = かんたん編集 for FUJITSU
    "InstallShield_{723D1614-0571-4628-BC3E-B8AD9318143C}" = @FTP
    "InstallShield_{77E46779-1EF3-4ED9-8D55-5BE365AF13CE}" = パソコン準備ばっちりガイド
    "InstallShield_{7BA0ECC1-2636-4169-9BF0-F49A1F7AAD87}" = 富士通起動ユーティリティ
    "InstallShield_{83F00304-550B-4652-A12C-E301CB8B1EE4}" = FMVスクリーンセーバー
    "InstallShield_{9A472982-E1B5-4504-8E2A-43E9C2E44F99}" = 3D MediaSurfing
    "InstallShield_{A54F5CD3-317A-483B-99AE-B5100208902D}" = お手入れナビ
    "InstallShield_{B351DC34-2758-492A-ADEE-66C17A61860E}" = PowerUtility - スケジュール機能
    "InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = IndicatorUtility
    "InstallShield_{BF42FB05-6C5B-4BB7-A024-741D7E3DFD80}" = FMVユーザー登録
    "InstallShield_{D1666DE7-C83C-4711-8AF8-D58004811F28}" = O2Micro Flash Memory Card Windows Driver
    "InstallShield_{D18E639E-0B65-4FC1-9065-78926EE90958}" = PowerUtility - リモート管理機能
    "InstallShield_{D1A1B85E-328C-47C0-80EB-3AF2C567114E}" = 電子辞書
    "InstallShield_{DDB64FC6-9298-4F6E-B8B4-896D71754741}" = Fujitsu Display Manager
    "InstallShield_{E868C148-D80D-4EB7-A3CD-42CF98A1AC89}" = 富士通デバイス再検出ツール
    "InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = 富士通拡張機能ユーティリティ
    "InstallShield_{E9327EB0-7209-4E47-8EE2-999D5E567CAE}" = テレビ出力ユーティリティ
    "InstallShield_{EA44B14D-DE9B-41EF-BFEE-11CD240CE40F}" = BIBLOランプ設定
    "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
    "Microsoft .NET Framework 3.5 Language Pack SP1 - jpn" = Microsoft .NET Framework 3.5 Language Pack SP1 - 日本語
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile JPN Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - 日本語
    "Microsoft Security Client" = Microsoft Security Essentials
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "PERSONALR" = Microsoft Office Personal 2007
    "Shop for HP Supplies" = Shop for HP Supplies
    "Yahoo! Companion" = BT Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Search Defender" = Yahoo! Search Protection
    "Yahoo! Software Update" = Yahoo! Software Update
    "てきぱき家計簿マム6" = てきぱき家計簿マム6
    "乗換案内 旅費精算_is1" = 乗換案内 旅費精算

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-142404555-2497891713-1179873967-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2011/11/20 9:45:55 | Computer Name = jonathantayl-PC | Source = System Restore | ID = 8193
    Description =

    Error - 2011/11/20 9:46:04 | Computer Name = jonathantayl-PC | Source = System Restore | ID = 8193
    Description =

    Error - 2011/11/20 9:46:08 | Computer Name = jonathantayl-PC | Source = System Restore | ID = 8193
    Description =

    Error - 2011/11/20 12:08:02 | Computer Name = jonathantayl-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2011/11/20 16:12:56 | Computer Name = jonathantayl-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2011/11/20 16:24:24 | Computer Name = jonathantayl-PC | Source = System Restore | ID = 8193
    Description =

    Error - 2011/11/20 16:41:35 | Computer Name = jonathantayl-PC | Source = System Restore | ID = 8193
    Description =

    Error - 2011/11/20 16:49:26 | Computer Name = jonathantayl-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2011/11/20 17:14:53 | Computer Name = jonathantayl-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2011/11/20 17:37:51 | Computer Name = jonathantayl-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 2011/11/20 16:47:34 | Computer Name = jonathantayl-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 2011/11/20 16:47:40 | Computer Name = jonathantayl-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 2011/11/20 16:49:26 | Computer Name = jonathantayl-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2011/11/20 16:50:27 | Computer Name = jonathantayl-PC | Source = DCOM | ID = 10016
    Description =

    Error - 2011/11/20 16:55:45 | Computer Name = jonathantayl-PC | Source = Service Control Manager | ID = 7022
    Description =

    Error - 2011/11/20 17:14:53 | Computer Name = jonathantayl-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2011/11/20 17:15:54 | Computer Name = jonathantayl-PC | Source = DCOM | ID = 10016
    Description =

    Error - 2011/11/20 17:17:24 | Computer Name = jonathantayl-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 2011/11/20 17:37:52 | Computer Name = jonathantayl-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2011/11/20 17:38:52 | Computer Name = jonathantayl-PC | Source = DCOM | ID = 10016
    Description =


    < End of report >
     
  16. Arfer

    Arfer TS Rookie Topic Starter Posts: 22

    Goodnight

    Broni I have to go for the evening here, will get back to your reply in the morning but once again THANK YOU SO SO MUCH :)
     
  17. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    You're very welcome [​IMG]

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
      [2011/10/29 23:14:29 | 000,000,456 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
      [2011/10/29 23:13:14 | 000,000,192 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
      [2011/10/29 23:13:14 | 000,000,088 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
      [2010/11/21 07:58:20 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\Uniblue
      @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:73933431
      @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AA7BE830
      @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:82C50600
      @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C5F7BBCF
      @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1E3397DC
      @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:1A60DE96
      @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5F15D632
      @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:1DF79F4B
      @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:DD160B0D
      @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8BBD1F9A
      @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:52DBE86F
      @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:91EA783C
      @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:F7862839
      @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:322EAACD
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===========================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. Arfer

    Arfer TS Rookie Topic Starter Posts: 22

    OTL Log

    All processes killed
    ========== OTL ==========
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google ??????...\ not found.
    C:\ProgramData\1kAlMiG2Kb7FzP moved successfully.
    C:\ProgramData\~1kAlMiG2Kb7FzP moved successfully.
    C:\ProgramData\~1kAlMiG2Kb7FzPr moved successfully.
    C:\Users\jonathan taylor\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
    C:\Users\jonathan taylor\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
    C:\Users\jonathan taylor\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
    C:\Users\jonathan taylor\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
    C:\Users\jonathan taylor\AppData\Roaming\Uniblue folder moved successfully.
    ADS C:\ProgramData\Temp:73933431 deleted successfully.
    ADS C:\ProgramData\Temp:AA7BE830 deleted successfully.
    ADS C:\ProgramData\Temp:82C50600 deleted successfully.
    ADS C:\ProgramData\Temp:C5F7BBCF deleted successfully.
    ADS C:\ProgramData\Temp:1E3397DC deleted successfully.
    ADS C:\ProgramData\Temp:1A60DE96 deleted successfully.
    ADS C:\ProgramData\Temp:5F15D632 deleted successfully.
    ADS C:\ProgramData\Temp:1DF79F4B deleted successfully.
    ADS C:\ProgramData\Temp:DD160B0D deleted successfully.
    ADS C:\ProgramData\Temp:8BBD1F9A deleted successfully.
    ADS C:\ProgramData\Temp:52DBE86F deleted successfully.
    ADS C:\ProgramData\Temp:91EA783C deleted successfully.
    ADS C:\ProgramData\Temp:F7862839 deleted successfully.
    ADS C:\ProgramData\Temp:322EAACD deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: jonathan taylor
    ->Temp folder emptied: 298616 bytes
    ->Temporary Internet Files folder emptied: 9616738 bytes
    ->Java cache emptied: 10278 bytes
    ->Flash cache emptied: 5208468 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 43993 bytes
    RecycleBin emptied: 200900 bytes

    Total Files Cleaned = 15.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: jonathan taylor
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 11212011_174913

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  19. Arfer

    Arfer TS Rookie Topic Starter Posts: 22

    Security Check Log

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Spybot - Search & Destroy
    CCleaner
    Java(TM) 6 Update 29
    Out of date Java installed!
    Adobe Flash Player ( 10.2.153.1) Flash Player Out of Date!
    Adobe Reader X (10.1.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Spybot Teatimer.exe is disabled!
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    ``````````End of Log````````````
     
  20. Arfer

    Arfer TS Rookie Topic Starter Posts: 22

    Broni, looking GOOD my friend....

    Have also ran as directed Temp File Cleaner (TFC) and then ESET Online Scanner which came back clean.
    I eagerly await your reply, ps still have MBR.dat on the desktop am very careful to follow to the letter your instructions ;)
     
  21. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Good news :)
    You can delete MBR.dat file now.


    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  22. Arfer

    Arfer TS Rookie Topic Starter Posts: 22

    Last OTL Log

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jonathan taylor
    ->Temp folder emptied: 6609658 bytes
    ->Temporary Internet Files folder emptied: 111468831 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 6713819 bytes
    ->Flash cache emptied: 58162 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 95679 bytes
    RecycleBin emptied: 2305081 bytes

    Total Files Cleaned = 121.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: jonathan taylor
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.31.0 log created on 11222011_063139

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  23. Arfer

    Arfer TS Rookie Topic Starter Posts: 22

    Thanks Broni

    Thanks Broni,
    have completed the rest of your instructions and had the machine running for 12 hrs with none of the original problems that you have so kindly helped out with so, HUGE THANKS and GRATITUDE and RESPECT to you.
    If you wouldn't mind giving me a guide as to how you found and treated the issues I would love to learn !!
    Thanks again Broni
    :)
     
  24. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Good news :)

    Technically impossible for various reasons.
    If you want to learn more you may be interested in some malware removal free schools: http://www.uniteagainstmalware.com/schools.php

    Good luck and stay safe :)
     
  25. Arfer

    Arfer TS Rookie Topic Starter Posts: 22

    Learning

    Hi Broni,
    thanks for the pointer,I have a free day tomorrow so I will make a start on that !
    Thank you again,
    All the very best to you,
    :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...