Solved Babylon.com search engine redirects in all browsers

Status
Not open for further replies.
A

airbornex

Posts: 31   +0
Hi,

my browsers are affected by something known as babylon.com, it redirects me to this site whenever i search something from the browsers' url bar, and I can't seem to get rid of it. Infected browsers include IE, firefox and chrome.

My McAfee antivirius seems to be sleeping, can't find anything. I'm attaching the requested logs below. Any help is much much appreciated!

P.S. It's an old laptop, so the logs are really long. Thank you for your time!
 
logs

Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/09/2011 12:06:00 AM
mbam-log-2011-05-09

Scan type: Quick scan
Objects scanned: 170266
Time elapsed: 12 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.


GMER]

Rootkit quick scan 2011-05-09 00:23:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0000
Running: ybzijyrw.exe; Driver: C:\DOCUME~1\LINYUE~1\LOCALS~1\Temp\pwlcafob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- System - GMER 1.0.15 ----

SSDT spkj.sys ZwEnumerateKey [0xF73D5DA4]
SSDT spkj.sys ZwEnumerateValueKey [0xF73D6132]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF71D9D8A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF71D9DB6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF71D9E0C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF71D9D34]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF71D9D48]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF71D9DA0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF71D9DE2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF71D9E36]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF71D9E22]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF71D9DF6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor \Device\Ide\iaStor0 [F72937B0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7243B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7243B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F72937B0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\axmgfl6s \Device\Scsi\axmgfl6s1 8668E1F8
Device \Driver\axmgfl6s \Device\Scsi\axmgfl6s1Port4Path0Target0Lun0 8668E1F8
Device \FileSystem\Ntfs \Ntfs 873B71F8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

DDS

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by at 0:17:11.09 on 05/09/2011 Mon
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.1014.386 [GMT 8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Documents and Settings\Lin Yue\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\mdm.exe
C:\Documents and Settings\Lin Yue\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lin Yue\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lin Yue\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lin Yue\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lin Yue\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lin Yue\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lin Yue\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Lin Yue\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lin Yue\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\My Documents\Downloads\ybzijyrw.exe
D:\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
uInternet Connection Wizard,ShellNext = hxxp://www.pc-ap.fujitsu.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=9cc292330000000000000019d29b12c4&tlver=1.4.19.19&affID=17159
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110425194121.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\lin yue\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\updnavi\updnavi.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\linyue~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\linyue~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\lin yue\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\lin yue\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: hotmail.com
Trusted Zone: live.com
Trusted Zone: msn.com
Trusted Zone: passport.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239576703515
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239526907578
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\linyue~1\applic~1\mozilla\firefox\profiles\169fjpom.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=9cc292330000000000000019d29b12c4&tlver=1.4.19.19&instlRef=sst&affID=17159&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\lin yue\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\lin yue\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Wappalyzer: wappalyzer@crunchlabz.com - %profile%\extensions\wappalyzer@crunchlabz.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2009-4-13 7168]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-2 459728]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-4-28 36768]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-4-27 28544]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-2 89368]
R2 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2009-8-6 24645]
R2 FlashDrv;FlashDrv;c:\progra~1\fujitsu\flashaid\FlashDrv.sys [2009-4-13 7196]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-2 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-2 214904]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-2 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-2 165000]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-2 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-2 148520]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-2 57432]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2009-4-13 4864]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-2 179248]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-2 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-2 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-2 83688]
S2 Tomcat5;Apache Tomcat;c:\program files\apache software foundation\tomcat 5.5\bin\tomcat5.exe [2006-9-12 53248]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [2006-8-3 6000]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-2 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-2 85984]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2010-2-4 133632]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2010-2-4 79360]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
.
=============== Created Last 30 ================
.
2011-04-25 11:41:22 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2011-04-14 17:29:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-14 17:29:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 17:29:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-14 16:25:17 -------- d-----w- c:\program files\Yuna Software
2011-04-13 19:39:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-04-13 19:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-04-10 16:52:33 -------- d-----w- c:\docume~1\linyue~1\applic~1\Dropbox
2011-04-10 13:26:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Skype Extras
2011-04-10 13:22:43 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-06 16:24:15 286720 ----a-w- c:\windows\iun506.exe
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 11:03:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2009-04-29 15:27:50 626688 ----a-w- c:\program files\common files\sapconsaccess.dll
2009-04-29 15:27:50 3100672 ----a-w- c:\program files\common files\sapxlhelper.dll
2009-04-29 15:27:50 192512 ----a-w- c:\program files\common files\sapconsr3.dll
2009-04-29 15:27:48 40960 ----a-w- c:\program files\common files\DigitalSignature.ocx
.
============= FINISH: 0:20:20.25 ===============
 
attach

ATTACH
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/13/2009 6:22:19 AM
System Uptime: 5/8/2011 11:50:32 PM (1 hours ago)
.
Motherboard: FUJITSU | | FJNB1B5
Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | Onboard | 1828/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 77 GiB total, 23.652 GiB free.
D: is FIXED (NTFS) - 23 GiB total, 9.316 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4363&SUBSYS_139A10CF&REV_12\4&192AC53F&0&00E0
Manufacturer: Marvell
Name: Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4363&SUBSYS_139A10CF&REV_12\4&192AC53F&0&00E0
Service: yukonwxp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3AD1EBE0E10
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3AD1EBE0E10
Service: NIC1394
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.4.4
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Agere Systems HDA Modem
Apache HTTP Server 2.2.13
Apache Tomcat 5.5 (remove only)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bluetooth Stack for Windows by Toshiba
Bonjour
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon My Printer
CCleaner
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Diner Dash Flo on the Go (remove only)
Dropbox
EA Download Manager
Farm Frenzy 2
FileZilla Client 3.3.2.1
Fingerprint Sensor Minimum Install
FlashAid
Free Audio CD Burner version 1.4
Free Studio version 4.2
Free YouTube to MP3 Converter version 3.9
Fujitsu Display Manager
Fujitsu Hotkey Utility
Fujitsu Radio Control
Fujitsu System Extension Utility
Google Chrome
HansWare 2002
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Icy Tower v1.4
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Internet Explorer Developer Toolbar
iTunes
iWisoft Free Video Converter 1.2
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) SE Development Kit 6
Java(TM) SE Runtime Environment 6
JCreator LE 3.50
LifeBook Application Panel
Macromedia Contribute 3.11
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Malwarebytes' Anti-Malware
Marvell Miniport Driver
McAfee AntiVirus Plus
mCore
mDriver
mDrWiFi
Messenger Plus! 5
Messenger Plus! Live
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project Professional 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Reader
Microsoft redistributable runtime DLLs VS2005(x86)
Microsoft Script Debugger
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
Microsoft WSE 3.0 Runtime
mIWA
mLogView
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.6.17)
mPfMgr
mPfWiz
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mXML
MySQL Server 5.0
MySQL Tools for 5.0
mZConfig
NetBeans IDE 5.5
O2Micro Flash Memory Card Windows Driver
O2Micro Smartcard Driver
PhotoScape
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Safari
SAP Business Explorer
SAP GUI 7.10
Security Panel Application
Security Panel Application for Supervisor
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shock Sensor Utility
Skype? 5.3
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Synaptics Pointing Device Driver
System Requirements Lab
The Management Scientist 6.0
The Sims 2
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims 3 Ambitions
The Sims 3 World Adventures
The Sims? 2 Apartment Life
The Sims? 2 Bon Voyage
The Sims? 2 FreeTime
The Sims? 2 IKEA? Home Stuff
The Sims? 2 Kitchen & Bath Interior Design Stuff
The Sims? 2 Seasons
The Sims?3
Theme Hospital
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Navi
VLC media player 1.0.3
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See KB887626 for more information]
Windows XP Service Pack 3
WinRAR archiver
Yahoo! BrowserPlus
YouTube Downloader 2.6.5
.
==== Event Viewer Messages From Past Week ========
.
5/8/2011 3:28:18 AM, error: PSched [14103] - QoS [Adapter {94F3C72B-604B-42FB-8F29-0BDB0621D7DD}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
5/8/2011 3:28:18 AM, error: NETw3x32 [43] -
5/7/2011 12:59:17 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\c_437.nls could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
5/6/2011 3:39:20 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\kbdus.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
5/6/2011 3:39:20 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\c_932.nls could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
5/5/2011 4:44:51 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\c_1252.nls could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
5/4/2011 3:51:11 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\sorttbls.nls could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
5/3/2011 5:13:48 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\sortkey.nls could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
5/3/2011 11:40:59 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer PORTEGEM900-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{94F3C72B-604B. The master browser is stopping or an election is being forced.
5/2/2011 3:18:51 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\spool\drivers\color\srgb color space profile.icm could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
5/2/2011 3:18:51 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\oembios.sig could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
5/2/2011 3:18:51 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\c_950.nls could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
5/2/2011 3:18:51 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\c_20127.nls could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
5/2/2011 3:18:51 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\c_1253.nls could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
5/2/2011 3:18:51 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\c_1251.nls could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
5/2/2011 3:18:51 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\c_1250.nls could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
5/2/2011 3:18:51 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\apppatch\sysmain.sdb could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
5/2/2011 3:18:51 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\apppatch\drvmain.sdb could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
5/2/2011 10:58:47 PM, error: Service Control Manager [7034] - The Apache Tomcat service terminated unexpectedly. It has done this 1 time(s).
5/2/2011 10:58:47 PM, error: Service Control Manager [7022] - The Apache Tomcat service hung on starting.
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
NOTE: I have enabled input for Chinese characters, that explains the funny words.

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...



ComboFix 11-05-08.02 - Lin Yue 9/2011 Mon 12:41:57.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.1014.289 [GMT 8:00]
Ö´ÐÐλÖÃ: c:\documents and settings\Lin Yue\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* ³É¹¦´´Ôìл¹Ô*µã
.
.
((((((((((((((((((((((((((((((((((((((( ±»É¾³ýµÄµµ°¸ )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lin Yue\WINDOWS
C:\Install.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\ldlist.txt
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( 2011-04-09 ÖÁ 2011-05-09 µÄеĵµ°¸ )))))))))))))))))))))))))))))))
.
.
2011-04-25 11:41 . 2011-03-13 03:42 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-04-17 17:27 . 2011-04-17 17:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-04-14 17:29 . 2010-12-20 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-14 17:29 . 2010-12-20 10:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 17:29 . 2011-04-14 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-14 16:25 . 2011-04-14 16:25 -------- d-----w- c:\program files\Yuna Software
2011-04-13 19:39 . 2011-04-13 19:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-13 19:39 . 2011-04-13 19:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-04-10 16:52 . 2011-05-09 04:12 -------- d-----w- c:\documents and settings\Lin Yue\Application Data\Dropbox
2011-04-10 13:26 . 2011-05-07 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-04-10 13:24 . 2011-05-07 17:44 -------- d-----w- c:\documents and settings\Lin Yue\Application Data\Skype
2011-04-10 13:22 . 2011-04-10 13:22 -------- d-----w- c:\program files\Common Files\Skype
2011-04-10 13:22 . 2011-04-10 13:22 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( ÔÚÈý¸öÔÂÄÚ±»Ð޸ĵĵµ°¸ ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-13 03:20 . 2010-08-02 09:35 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-13 03:20 . 2010-08-02 09:35 89368 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-03-13 03:20 . 2010-08-02 09:35 85984 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-03-13 03:20 . 2010-08-02 09:35 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-03-13 03:20 . 2010-08-02 09:35 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-03-13 03:20 . 2010-08-02 09:35 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-03-13 03:20 . 2010-08-02 09:35 459728 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-03-13 03:20 . 2010-08-02 09:35 337912 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-03-13 03:20 . 2010-08-02 09:35 179248 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-13 03:20 . 2010-08-02 09:35 118784 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-03-07 05:33 . 2006-08-04 04:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-06 16:24 . 2011-03-06 16:24 286720 ----a-w- c:\windows\iun506.exe
2011-03-04 06:37 . 2006-08-03 03:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2006-08-03 03:09 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2006-08-03 03:09 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2006-08-03 03:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2006-08-03 03:09 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2006-08-03 03:09 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-08-03 03:09 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-08-03 03:09 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 09:29 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-08-03 03:09 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2006-08-03 03:09 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-08-03 03:09 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-08-03 03:09 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 11:03 . 2006-08-03 03:09 974848 ----a-w- c:\windows\system32\mfc42u.dll
2009-04-29 15:27 . 2009-04-29 16:07 3100672 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2009-04-29 15:27 . 2009-04-29 16:07 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2009-04-29 15:27 . 2009-04-29 16:07 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2009-04-29 15:27 . 2009-04-29 16:07 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
2009-09-12 15:05 . 2009-09-12 15:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-12 15:06 . 2009-09-12 15:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-12 15:06 . 2009-09-12 15:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-12 15:06 . 2009-09-12 15:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-12 15:06 . 2009-09-12 15:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-12 15:07 . 2009-09-12 15:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-12 15:06 . 2009-09-12 15:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-12 15:06 . 2009-09-12 15:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 05:33 . 2009-08-14 05:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-12 15:06 . 2009-09-12 15:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2010-10-13 14:28 . 2010-08-02 09:35 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( ÖØÒªµÇÈëµã ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*×¢Òâ* ¿Õ°×ÓëºÏ·¨È±Ê¡µÇ¼½«²»»á±»ÏÔʾ
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Lin Yue\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Lin Yue\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Lin Yue\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Lin Yue\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-17 89541]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\updnavi\updnavi.exe" [2005-11-18 331776]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-01-27 73728]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-03-09 90112]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-11-04 61440]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-07-22 233472]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-18 202256]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-03-12 1306216]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\Lin Yue\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\documents and settings\Lin Yue\Application Data\Dropbox\bin\Dropbox.exe [2011-5-4 24172208]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2009-8-6 41051]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Lin Yue\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL
.
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [4/13/2009 6:31 AM 7168]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [4/28/2006 6:16 PM 36768]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [4/27/2006 1:30 PM 28544]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/8/2009 11:28 PM 691696]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 6:13 PM 65584]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/2/2010 5:35 PM 89368]
R2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [8/6/2009 3:50 PM 24645]
R2 FlashDrv;FlashDrv;c:\progra~1\Fujitsu\FlashAid\FlashDrv.sys [4/13/2009 6:30 AM 7196]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/2/2010 5:35 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/2/2010 5:35 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/2/2010 5:35 PM 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/2/2010 5:35 PM 148520]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/2/2010 5:35 PM 57432]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [4/13/2009 6:39 AM 4864]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/2/2010 5:35 PM 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/2/2010 5:35 PM 83688]
S2 Tomcat5;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe [9/12/2006 11:11 PM 53248]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 5:20 PM 3872]
S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [8/3/2006 11:10 AM 6000]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/2/2010 5:35 PM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/2/2010 5:35 PM 85984]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2/4/2010 3:27 AM 133632]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2/4/2010 3:27 AM 79360]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/11/2008 8:28 AM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/11/2008 8:28 AM 369688]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
¡®¼Æ»®ÈÎÎñ¡¯ Îļþ¼Ð ÀïµÄÄÚÈÝ
.
2009-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990911110-2150341681-62948162-1006Core.job
- c:\documents and settings\Lin Yue\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-23 04:24]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990911110-2150341681-62948162-1006UA.job
- c:\documents and settings\Lin Yue\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-23 04:24]
.
2011-05-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1990911110-2150341681-62948162-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 14:09]
.
2011-05-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1990911110-2150341681-62948162-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 14:09]
.
.
------- ¶øÍâµÄɨÃè -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Connection Wizard,ShellNext = hxxp://www.pc-ap.fujitsu.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Lin Yue\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
Trusted Zone: hotmail.com
Trusted Zone: live.com
Trusted Zone: msn.com
Trusted Zone: passport.com
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\McAfee\MSC\McSnIePl.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Lin Yue\Application Data\Mozilla\Firefox\Profiles\169fjpom.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=9cc292330000000000000019d29b12c4&tlver=1.4.19.19&instlRef=sst&affID=17159&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Wappalyzer: wappalyzer@crunchlabz.com - %profile%\extensions\wappalyzer@crunchlabz.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{6E17F9751-F056-4335-B718-8AF1B1092AFB} - c:\program files\EA GAMES\The Sims 2 IKEA? Home Stuff\EAUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-09 12:50
Windows 5.1.2600 Service Pack 3 NTFS
.
ɨÃè±»Òþ²ØµÄ½ø³Ì ¡£¡£¡£
.
ɨÃè±»Òþ²ØµÄÆô¶¯×é ¡£¡£¡£
.
ɨÃè±»Òþ²ØµÄÎļþ ¡£¡£¡£
.
ɨÃèÍê³É
±»Òþ²ØµÄµµ°¸: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\?*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
Íê³Éʱ¼ä: 2011-05-09 12:55:54
ComboFix-quarantined-files.txt 2011-05-09 04:55
.
Pre-Run: 25,245,163,520 bytes free
Post-Run: 25,414,549,504 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-CHS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6D8E2A7140B37C57BD1FFF3D65D3EFD6
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=-

DDS::
Trusted Zone: hotmail.com
Trusted Zone: live.com
Trusted Zone: msn.com
Trusted Zone: passport.com

Firefox::
FF - ProfilePath - c:\documents and settings\Lin Yue\Application Data\Mozilla\Firefox\Profiles\169fjpom.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=9cc292330000000000000019d29b12c4&tlver=1.4.19.19&instl Ref=sst&affID=17159&q=


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 11-05-08.02 - Lin Yue 9/2011 Mon 14:07:56.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.1014.501 [GMT 8:00]
执行位置: c:\documents and settings\Lin Yue\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lin Yue\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( 2011-04-09 至 2011-05-09 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-04-25 11:41 . 2011-03-13 03:42 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-04-17 17:27 . 2011-04-17 17:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-04-14 17:29 . 2010-12-20 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-14 17:29 . 2010-12-20 10:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 17:29 . 2011-04-14 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-14 16:25 . 2011-04-14 16:25 -------- d-----w- c:\program files\Yuna Software
2011-04-13 19:39 . 2011-04-13 19:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-13 19:39 . 2011-04-13 19:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-04-10 16:52 . 2011-05-09 06:02 -------- d-----w- c:\documents and settings\Lin Yue\Application Data\Dropbox
2011-04-10 13:26 . 2011-05-07 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-04-10 13:24 . 2011-05-07 17:44 -------- d-----w- c:\documents and settings\Lin Yue\Application Data\Skype
2011-04-10 13:22 . 2011-04-10 13:22 -------- d-----w- c:\program files\Common Files\Skype
2011-04-10 13:22 . 2011-04-10 13:22 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-13 03:20 . 2010-08-02 09:35 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-13 03:20 . 2010-08-02 09:35 89368 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-03-13 03:20 . 2010-08-02 09:35 85984 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-03-13 03:20 . 2010-08-02 09:35 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-03-13 03:20 . 2010-08-02 09:35 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-03-13 03:20 . 2010-08-02 09:35 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-03-13 03:20 . 2010-08-02 09:35 459728 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-03-13 03:20 . 2010-08-02 09:35 337912 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-03-13 03:20 . 2010-08-02 09:35 179248 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-13 03:20 . 2010-08-02 09:35 118784 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-03-07 05:33 . 2006-08-04 04:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-06 16:24 . 2011-03-06 16:24 286720 ----a-w- c:\windows\iun506.exe
2011-03-04 06:37 . 2006-08-03 03:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2006-08-03 03:09 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2006-08-03 03:09 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2006-08-03 03:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2006-08-03 03:09 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2006-08-03 03:09 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-08-03 03:09 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-08-03 03:09 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 09:29 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-08-03 03:09 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2006-08-03 03:09 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-08-03 03:09 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-08-03 03:09 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 11:03 . 2006-08-03 03:09 974848 ----a-w- c:\windows\system32\mfc42u.dll
2009-04-29 15:27 . 2009-04-29 16:07 3100672 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2009-04-29 15:27 . 2009-04-29 16:07 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2009-04-29 15:27 . 2009-04-29 16:07 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2009-04-29 15:27 . 2009-04-29 16:07 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
2009-09-12 15:05 . 2009-09-12 15:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-12 15:06 . 2009-09-12 15:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-12 15:06 . 2009-09-12 15:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-12 15:06 . 2009-09-12 15:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-12 15:06 . 2009-09-12 15:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-12 15:07 . 2009-09-12 15:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-12 15:06 . 2009-09-12 15:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-12 15:06 . 2009-09-12 15:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 05:33 . 2009-08-14 05:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-12 15:06 . 2009-09-12 15:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2010-10-13 14:28 . 2010-08-02 09:35 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-09_04.51.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-04 05:00 . 2011-05-09 05:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-08-04 05:00 . 2011-05-07 16:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-04 05:00 . 2011-05-09 05:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-08-04 05:00 . 2011-05-07 16:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-05-09 05:17 . 2011-05-09 05:23 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-08-04 05:00 . 2011-05-07 16:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Lin Yue\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Lin Yue\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Lin Yue\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Lin Yue\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-17 89541]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\updnavi\updnavi.exe" [2005-11-18 331776]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-01-27 73728]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-03-09 90112]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-11-04 61440]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-07-22 233472]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-18 202256]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-03-12 1306216]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\Lin Yue\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\documents and settings\Lin Yue\Application Data\Dropbox\bin\Dropbox.exe [2011-5-4 24172208]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2009-8-6 41051]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Lin Yue\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL
.
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [4/13/2009 6:31 AM 7168]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [4/28/2006 6:16 PM 36768]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [4/27/2006 1:30 PM 28544]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/8/2009 11:28 PM 691696]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 6:13 PM 65584]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/2/2010 5:35 PM 89368]
R2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [8/6/2009 3:50 PM 24645]
R2 FlashDrv;FlashDrv;c:\progra~1\Fujitsu\FlashAid\FlashDrv.sys [4/13/2009 6:30 AM 7196]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/2/2010 5:35 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/2/2010 5:35 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/2/2010 5:35 PM 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/2/2010 5:35 PM 148520]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/2/2010 5:35 PM 57432]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [4/13/2009 6:39 AM 4864]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/2/2010 5:35 PM 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/2/2010 5:35 PM 83688]
S2 Tomcat5;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe [9/12/2006 11:11 PM 53248]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 5:20 PM 3872]
S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [8/3/2006 11:10 AM 6000]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/2/2010 5:35 PM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/2/2010 5:35 PM 85984]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2/4/2010 3:27 AM 133632]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2/4/2010 3:27 AM 79360]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/11/2008 8:28 AM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/11/2008 8:28 AM 369688]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
‘计划任务’ 文件夹 里的内容
.
2009-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990911110-2150341681-62948162-1006Core.job
- c:\documents and settings\Lin Yue\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-23 04:24]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990911110-2150341681-62948162-1006UA.job
- c:\documents and settings\Lin Yue\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-23 04:24]
.
2011-05-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1990911110-2150341681-62948162-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 14:09]
.
2011-05-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1990911110-2150341681-62948162-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 14:09]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Connection Wizard,ShellNext = hxxp://www.pc-ap.fujitsu.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Lin Yue\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\McAfee\MSC\McSnIePl.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Lin Yue\Application Data\Mozilla\Firefox\Profiles\169fjpom.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Wappalyzer: wappalyzer@crunchlabz.com - %profile%\extensions\wappalyzer@crunchlabz.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-09 14:17
Windows 5.1.2600 Service Pack 3 NTFS
.
扫描被隐藏的进程 。。。
.
扫描被隐藏的启动组 。。。
.
扫描被隐藏的文件 。。。
.
扫描完成
被隐藏的档案: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\?*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- 运行进程下的动态链接库 ---------------------
.
- - - - - - - > 'winlogon.exe'(1092)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(5240)
c:\windows\system32\WININET.dll
c:\documents and settings\Lin Yue\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
.
完成时间: 2011-05-09 14:20:13
ComboFix-quarantined-files.txt 2011-05-09 06:20
ComboFix2.txt 2011-05-09 04:55
.
Pre-Run: 25,436,508,160 bytes free
Post-Run: 25,420,111,872 bytes free
.
- - End Of File - - 6A752043387FF4D3B5ACEEE6AE58E5E7
 
How is redirection?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL Part I

OTL logfile created on: 5/11/2011 7:26:03 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Lin Yue\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 612.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.76 Gb Total Space | 23.72 Gb Free Space | 30.89% Space Free | Partition Type: NTFS
Drive D: | 22.96 Gb Total Space | 9.31 Gb Free Space | 40.57% Space Free | Partition Type: NTFS

Computer Name: LINYUE-FPC | User Name: Lin Yue | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/11 19:25:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lin Yue\Desktop\OTL.exe
PRC - [2011/05/04 07:42:12 | 024,172,208 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Lin Yue\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/03/12 19:07:00 | 001,306,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/05/18 18:05:27 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/04/01 17:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/25 10:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/05 21:58:16 | 004,554,752 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2006/08/02 00:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/08/02 00:32:44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/08/02 00:27:54 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/07/22 10:10:08 | 000,233,472 | R--- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
PRC - [2006/03/09 11:11:54 | 000,090,112 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2006/01/27 21:17:44 | 000,073,728 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2005/11/18 20:19:14 | 000,331,776 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\updnavi\updnavi.exe
PRC - [2005/11/04 15:48:22 | 000,061,440 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
PRC - [2005/11/04 02:35:18 | 001,052,672 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
PRC - [2005/07/21 14:21:28 | 000,242,688 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2005/06/16 11:11:42 | 000,049,152 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
PRC - [1999/02/28 02:32:52 | 000,124,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mdm.exe


========== Modules (SafeList) ==========

MOD - [2011/05/11 19:25:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lin Yue\Desktop\OTL.exe
MOD - [2010/08/24 00:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/18 18:06:41 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2006/02/02 13:57:16 | 000,028,672 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\VFuj02b1.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2007/03/05 21:58:16 | 004,554,752 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
SRV - [2006/09/12 23:11:44 | 000,053,248 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe -- (Tomcat5)
SRV - [2005/09/13 15:30:14 | 000,057,344 | ---- | M] (O2Micro International) [On_Demand | Stopped] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash)


========== Driver Services (SafeList) ==========

DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,089,368 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2009/12/27 22:11:49 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/13 17:50:00 | 000,133,632 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/07/13 17:37:00 | 000,079,360 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2009/04/13 06:31:32 | 000,007,168 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\FJGSDisk.sys -- (FJGSDisk)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2006/09/19 22:14:10 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/09/19 22:14:10 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/08/02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/06 08:56:00 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/06/14 10:04:00 | 004,299,264 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/28 18:16:28 | 000,036,768 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2006/04/27 13:30:30 | 000,028,544 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2006/03/17 14:36:42 | 001,155,584 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/04 15:48:22 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd)
DRV - [2005/07/21 14:56:22 | 000,007,196 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu\FlashAid\FlashDrv.sys -- (FlashDrv)
DRV - [2004/08/04 20:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/01/18 12:15:20 | 000,004,864 | R--- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2001/09/07 00:01:00 | 000,006,000 | ---- | M] (Fujitsu Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FUJ02E1.sys -- (FUJ02E1)
DRV - [2001/08/17 20:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/01 05:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [1999/11/18 17:20:00 | 000,003,872 | ---- | M] (FUJITSU LIMITED.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ADVNTDRV.SYS -- (ADVNTDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: wappalyzer@crunchlabz.com:1.13.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/18 18:06:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 02:44:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/04 00:06:59 | 000,000,000 | ---D | M]

[2009/04/12 18:44:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lin Yue\Application Data\Mozilla\Extensions
[2011/05/11 19:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lin Yue\Application Data\Mozilla\Firefox\Profiles\169fjpom.default\extensions
[2010/04/28 10:25:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lin Yue\Application Data\Mozilla\Firefox\Profiles\169fjpom.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/29 00:56:39 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Lin Yue\Application Data\Mozilla\Firefox\Profiles\169fjpom.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/15 16:52:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Lin Yue\Application Data\Mozilla\Firefox\Profiles\169fjpom.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/02/06 17:43:02 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Lin Yue\Application Data\Mozilla\Firefox\Profiles\169fjpom.default\extensions\firebug@software.joehewitt.com
[2010/09/02 15:55:50 | 000,000,000 | ---D | M] (SQLite Manager) -- C:\Documents and Settings\Lin Yue\Application Data\Mozilla\Firefox\Profiles\169fjpom.default\extensions\SQLiteManager@mrinalkant.blogspot(2).com
[2011/04/30 19:04:52 | 000,000,000 | ---D | M] (Wappalyzer) -- C:\Documents and Settings\Lin Yue\Application Data\Mozilla\Firefox\Profiles\169fjpom.default\extensions\wappalyzer@crunchlabz.com
[2009/07/04 14:27:50 | 000,001,587 | ---- | M] () -- C:\Documents and Settings\Lin Yue\Application Data\Mozilla\Firefox\Profiles\169fjpom.default\searchplugins\dictionary---referencecom.xml
[2009/07/04 14:26:51 | 000,002,042 | ---- | M] () -- C:\Documents and Settings\Lin Yue\Application Data\Mozilla\Firefox\Profiles\169fjpom.default\searchplugins\facebook.xml
[2011/05/07 22:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/14 02:08:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/13 17:37:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/29 00:33:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/14 23:52:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/21 00:57:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/05/18 18:06:42 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/05/14 02:08:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2011/04/15 00:26:53 | 000,002,423 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2011/05/09 12:50:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110425194121.dll (McAfee, Inc.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Documents and Settings\Lin Yue\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Lin Yue\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Lin Yue\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Lin Yue\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239576703515 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239526907578 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab (ChessControl Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Lin Yue\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lin Yue\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/04 12:59:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - lvcodec2.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56590081070202880)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 19:24:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lin Yue\Desktop\OTL.exe
[2011/05/11 18:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/05/09 14:36:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/09 12:38:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/09 12:30:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/09 12:30:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/09 12:30:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/09 12:30:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/09 12:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/09 12:29:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/09 12:18:20 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Lin Yue\Desktop\remover.exe
[2011/05/07 00:33:25 | 000,000,000 | ---D | C] -- D:\My Documents\Downloads
[2011/04/25 00:29:53 | 000,455,168 | ---- | C] (Mysoft) -- C:\Documents and Settings\Lin Yue\Desktop\GiFFY.exe
[2011/04/15 01:29:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/15 01:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/15 01:29:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/15 01:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/15 00:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\Yuna Software
[2009/04/30 00:07:21 | 003,100,672 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll
[2009/04/30 00:07:20 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll
[2009/04/30 00:07:18 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll
[2009/04/30 00:07:16 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/11 19:25:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lin Yue\Desktop\OTL.exe
[2011/05/11 19:14:18 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1990911110-2150341681-62948162-1006.job
[2011/05/11 19:14:16 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1990911110-2150341681-62948162-1006.job
[2011/05/11 19:01:10 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1990911110-2150341681-62948162-1006UA.job
[2011/05/11 18:56:34 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/05/11 18:56:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/11 18:56:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/11 18:56:17 | 1063,178,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/09 12:50:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/09 12:39:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/09 12:22:24 | 004,343,905 | R--- | M] () -- C:\Documents and Settings\Lin Yue\Desktop\ComboFix.exe
[2011/05/09 12:17:54 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\Lin Yue\Desktop\bootkit_remover.rar
[2011/05/08 03:07:03 | 000,002,280 | ---- | M] () -- C:\Documents and Settings\Lin Yue\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/08 03:07:02 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Lin Yue\Desktop\Google Chrome.lnk
[2011/05/06 21:11:12 | 000,001,022 | ---- | M] () -- C:\Documents and Settings\Lin Yue\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/06 21:11:10 | 000,001,022 | ---- | M] () -- C:\Documents and Settings\Lin Yue\Desktop\Dropbox.lnk
[2011/04/30 18:01:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1990911110-2150341681-62948162-1006Core.job
[2011/04/24 23:13:34 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/17 01:08:27 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/17 00:30:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/17 00:26:05 | 000,598,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/17 00:26:05 | 000,120,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/15 01:53:23 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/15 01:29:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/09 12:39:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/09 12:38:59 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/09 12:30:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/09 12:30:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/09 12:30:25 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/09 12:30:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/09 12:30:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/09 12:21:29 | 004,343,905 | R--- | C] () -- C:\Documents and Settings\Lin Yue\Desktop\ComboFix.exe
[2011/05/09 12:17:59 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\Lin Yue\Desktop\bootkit_remover.rar
[2011/04/15 01:29:12 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/12 23:24:47 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2010/09/03 20:51:31 | 000,070,640 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/26 12:04:10 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/02/14 22:07:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/25 17:18:15 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/25 17:18:15 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/07 21:03:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/08 17:21:57 | 000,059,936 | ---- | C] () -- C:\WINDOWS\System32\plm.exe
[2009/12/08 17:21:57 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\PjsHotKeySvr.exe
[2009/12/08 17:21:56 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PjsDlg32.dll
[2009/12/08 17:21:55 | 002,822,659 | ---- | C] () -- C:\WINDOWS\System32\eng2chn32.dll
[2009/12/08 16:43:55 | 000,000,028 | ---- | C] () -- C:\WINDOWS\hsvision.ini
[2009/11/23 16:41:11 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2009/11/04 07:53:17 | 002,076,672 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2009/08/05 17:34:15 | 000,000,153 | ---- | C] () -- C:\WINDOWS\sapgrph.ini
[2009/06/10 17:08:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/05/01 12:45:33 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/30 00:14:33 | 000,029,474 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2009/04/30 00:14:33 | 000,000,155 | ---- | C] () -- C:\WINDOWS\sapmsg.ini
[2009/04/30 00:14:33 | 000,000,102 | ---- | C] () -- C:\WINDOWS\saproute.ini
[2009/04/30 00:07:18 | 001,124,864 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
[2009/04/30 00:07:17 | 001,129,984 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt
[2009/04/30 00:01:40 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2009/04/30 00:01:40 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2009/04/30 00:01:39 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2009/04/30 00:01:39 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2009/04/30 00:01:39 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2009/04/30 00:01:27 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2009/04/29 10:52:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/19 15:47:29 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\Lin Yue\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/13 06:29:26 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/04/13 06:29:26 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/04/13 06:15:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/12 18:44:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/04 13:01:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/04 12:57:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/04 08:52:13 | 000,003,111 | ---- | C] () -- C:\WINDOWS\System32\FJSaver.ini
[2006/08/04 05:55:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/04 05:55:00 | 000,299,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/03 11:10:03 | 000,000,720 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/08/03 11:09:34 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/08/03 11:09:32 | 000,598,646 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/08/03 11:09:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/08/03 11:09:32 | 000,120,292 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/08/03 11:09:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/08/03 11:09:31 | 000,004,555 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/08/03 11:09:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/08/03 11:09:29 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/08/03 11:09:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/08/03 11:09:25 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/08/03 11:09:18 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/08/03 11:09:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/04/13 00:38:23 | 000,000,013 | -H-- | C] () -- C:\Program Files\IMAGE1.DAT
[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/06/11 11:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2005/01/21 13:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== LOP Check ==========

[2010/08/02 13:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/09/02 15:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BSD
[2009/04/13 23:40:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/26 23:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2011/01/26 23:08:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2011/01/26 23:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/10/09 23:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/12/27 22:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/11/20 00:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/08/18 12:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2010/01/21 17:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/04/22 15:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/10/30 20:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/08/02 13:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/27 14:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/08/19 00:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/30 20:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/09/02 14:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\4Media
[2009/11/23 19:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\BITS
[2010/09/02 15:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\BSD
[2011/01/26 23:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\Canon
[2009/08/01 16:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/09 00:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\DAEMON Tools Lite
[2011/05/11 19:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\Dropbox
[2010/10/29 00:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\DVDVideoSoftIEHelpers
[2010/04/19 20:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\FileZilla
[2009/11/23 16:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\FlashGetBHO
[2010/09/02 15:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\GetRightToGo
[2010/10/09 23:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\ICAClient
[2009/08/31 14:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\iMirus
[2010/01/10 11:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\MySQL
[2009/04/22 15:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\PlayFirst
[2009/06/10 16:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\SystemRequirementsLab
[2010/12/13 01:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\WeGame
[2010/09/02 15:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lin Yue\Application Data\WindSolutions

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/08/04 12:59:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/04/14 09:19:25 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/05/09 12:39:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:02 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/05/09 14:20:13 | 000,022,778 | ---- | M] () -- C:\ComboFix.txt
[2006/08/04 12:59:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/05/11 18:56:17 | 1063,178,240 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2006/08/04 12:59:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/08/04 12:59:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/12 17:33:07 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/05/11 18:56:15 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/08/18 02:02:17 | 000,003,072 | -H-- | M] () -- C:\photothumb.db
[2009/04/13 06:29:31 | 000,000,499 | ---- | M] () -- C:\RHDSetup.log
[2009/05/12 08:31:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/05/12 13:53:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/05/19 01:02:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/06/11 14:30:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/06/27 01:27:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/06/27 13:45:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/06/27 14:12:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/06/27 14:34:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/07/27 11:49:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/08/12 02:19:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/08/28 01:40:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/09/12 02:02:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/09/13 01:59:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/09/14 02:12:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/09/29 17:26:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/10/29 10:34:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/05/12 08:31:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/05/12 13:53:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/05/19 01:02:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/06/11 14:30:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/06/27 01:27:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/06/27 13:45:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/06/27 14:12:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/06/27 14:34:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/07/27 11:49:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/08/12 02:19:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/08/28 01:40:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/09/12 02:02:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/09/13 01:59:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/09/14 02:12:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/09/29 17:26:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/10/29 10:34:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
 
OTL Part II

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/08/04 12:58:50 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/19 13:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8R.DLL
[2010/04/07 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPDAA.DLL
[2007/03/19 13:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP8R.DLL
[2010/04/07 05:00:00 | 000,073,216 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPPAA.DLL
[2008/07/06 20:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 18:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/04/13 06:29:31 | 000,000,206 | ---- | M] () -- C:\Program Files\Audio.log
[2009/04/13 06:30:59 | 000,000,294 | ---- | M] () -- C:\Program Files\DisplayManager.log
[2009/04/13 06:30:56 | 000,000,324 | ---- | M] () -- C:\Program Files\FlashAid.log
[2009/04/13 06:30:49 | 000,000,351 | ---- | M] () -- C:\Program Files\HotkeyUtility.log
[2006/01/08 02:09:14 | 000,000,013 | -H-- | M] () -- C:\Program Files\IMAGE1.DAT
[2009/04/13 06:28:36 | 000,000,191 | ---- | M] () -- C:\Program Files\Mouse.log
[2009/04/13 06:30:37 | 000,000,157 | ---- | M] () -- C:\Program Files\NaviSetup.log
[2009/04/13 06:30:01 | 000,000,161 | ---- | M] () -- C:\Program Files\Omnipass.log
[2009/04/13 06:31:03 | 000,000,345 | ---- | M] () -- C:\Program Files\RadioControl.log
[2009/04/13 06:30:57 | 000,000,160 | ---- | M] () -- C:\Program Files\SetupAP.log
[2009/04/13 06:30:56 | 000,000,165 | ---- | M] () -- C:\Program Files\SetupFA.log
[2009/04/13 06:31:05 | 000,000,032 | ---- | M] () -- C:\Program Files\SetupFDM4.0.log
[2009/04/13 06:30:49 | 000,000,179 | ---- | M] () -- C:\Program Files\SetupHK.log
[2009/04/13 06:31:04 | 000,000,187 | ---- | M] () -- C:\Program Files\SetupRC.log
[2009/04/13 06:30:46 | 000,000,164 | ---- | M] () -- C:\Program Files\SetupSEU.log
[2009/04/13 06:31:11 | 000,000,183 | ---- | M] () -- C:\Program Files\SetupSPS.log
[2009/04/13 06:31:28 | 000,000,183 | ---- | M] () -- C:\Program Files\SetupSPU.log
[2009/04/13 06:30:46 | 000,000,376 | ---- | M] () -- C:\Program Files\SEU.log
[2009/04/13 06:31:10 | 000,000,387 | ---- | M] () -- C:\Program Files\SPS.log
[2009/04/13 06:31:28 | 000,000,366 | ---- | M] () -- C:\Program Files\SPU.log
[2009/04/13 06:30:52 | 000,000,342 | ---- | M] () -- C:\Program Files\TouchButton.log
[2009/04/13 06:30:27 | 000,000,210 | ---- | M] () -- C:\Program Files\Video.log

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/08/04 05:54:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/08/04 05:54:42 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/08/04 05:54:42 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/04/12 17:39:03 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %PROGRAMFILES%\Common Files\*.* >
[2009/04/29 23:27:48 | 000,040,960 | ---- | M] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx
[2009/04/29 23:27:49 | 001,129,984 | ---- | M] () -- C:\Program Files\Common Files\SAPActiveXL.xlt
[2009/04/29 23:27:49 | 001,124,864 | ---- | M] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
[2009/04/29 23:27:50 | 000,626,688 | ---- | M] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll
[2009/04/29 23:27:50 | 000,192,512 | ---- | M] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll
[2009/04/29 23:27:50 | 003,100,672 | ---- | M] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/03/30 15:31:41 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Lin Yue\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/02/03 16:02:04 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Lin Yue\Cookies\desktop.ini
[2011/05/09 15:33:28 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Lin Yue\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/11 16:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2006/08/25 17:16:05 | 000,577,536 | R--- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 08:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 16:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 16:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 22:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 01:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 08:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 16:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 16:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 16:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 16:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 16:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2009/10/09 01:17:33 | 000,001,925 | ---- | M] ()(C:\Documents and Settings\All Users\Desktop\The Sims? 2.lnk) -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2.lnk
[2009/10/09 01:17:33 | 000,001,925 | ---- | C] ()(C:\Documents and Settings\All Users\Desktop\The Sims? 2.lnk) -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0

< End of report >
 
Extras

OTL Extras logfile created on: 5/11/2011 7:26:03 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Lin Yue\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 612.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.76 Gb Total Space | 23.72 Gb Free Space | 30.89% Space Free | Partition Type: NTFS
Drive D: | 22.96 Gb Total Space | 9.31 Gb Free Space | 40.57% Space Free | Partition Type: NTFS

Computer Name: LINYUE-FPC | User Name: Lin Yue | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3306:TCP" = 3306:TCP:*:Enabled:MySQL
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"$INSTDIR\FlvDetector.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector
"C:\Documents and Settings\Lin Yue\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Lin Yue\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1E262F09-4E48-4911-9024-ACCEFE945900}" = Fujitsu System Extension Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2C6B6EE6-D906-4383-9646-41F28902A99A}" = LifeBook Application Panel
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160000}" = Java(TM) SE Development Kit 6
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3758FA-C2DF-4E10-9D29-0CC28DA9214A}" = FlashAid
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4B9535BF-CC90-4158-AF32-CAF57A8820CA}" = Macromedia Contribute 3.11
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{70B6A483-F815-4879-9AA4-3DCE9BCC61A0}" = Shock Sensor Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.13
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D26775F-A7A3-4689-B825-69DD3E022DED}" = Fujitsu Display Manager
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims 3 Ambitions
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{984FFBAD-C445-442F-BC71-E2034F9A395B}" = MySQL Server 5.0
"{98FA9751-E7E0-4509-BE22-0E66BE8592B4}" = MySQL Tools for 5.0
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9C0B2373-1645-4DC9-A2C5-1AE16BBF9587}" = HansWare 2002
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AC76A3-C8A4-487A-B658-3B506F3D65D2}" = O2Micro Flash Memory Card Windows Driver
"{AB4B4322-C82E-43A7-B31D-010FE2932657}" = Security Panel Application
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B41D74C6-886C-4406-AE27-241590A6C433}" = Fujitsu Radio Control
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims?3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0DB380B-97B5-4BB8-AC8D-1835E61439B6}" = Microsoft redistributable runtime DLLs VS2005(x86)
"{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E0FAA0BA-874E-47C8-9ECA-BB333006CF16}" = Update Navi
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F61223B4-1FD7-47F8-B304-DCA32AE18FBB}" = Fujitsu Hotkey Utility
"{F64394E6-46D6-48F3-9701-3629D6CDD092}" = Fingerprint Sensor Minimum Install
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FDFB066D-DFDE-4F2D-A84B-648BEC96C027}" = Security Panel Application for Supervisor
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"274c5407c4fa26908310cb5c1c5500002118518190" = NetBeans IDE 5.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Apache Tomcat 5.5" = Apache Tomcat 5.5 (remove only)
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Diner Dash Flo on the Go" = Diner Dash Flo on the Go (remove only)
"EADM" = EA Download Manager
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Farm Frenzy 2" = Farm Frenzy 2
"FileZilla Client" = FileZilla Client 3.3.2.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"Hospital" = Theme Hospital
"Icy Tower v1.4_is1" = Icy Tower v1.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE4Dev" = Microsoft Script Debugger
"ie8" = Windows Internet Explorer 8
"InstallShield_{70B6A483-F815-4879-9AA4-3DCE9BCC61A0}" = Shock Sensor Utility
"InstallShield_{8D26775F-A7A3-4689-B825-69DD3E022DED}" = Fujitsu Display Manager
"InstallShield_{A5AC76A3-C8A4-487A-B658-3B506F3D65D2}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver
"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
"JCreator LE_is1" = JCreator LE 3.50
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Management_Scientist_6.0" = The Management Scientist 6.0
"Messenger Plus!" = Messenger Plus! 5
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSC" = McAfee AntiVirus Plus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoScape" = PhotoScape
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI 7.10
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/9/2011 1:20:27 AM | Computer Name = LINYUE-FPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15484

Error - 5/9/2011 1:20:27 AM | Computer Name = LINYUE-FPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15484

Error - 5/9/2011 1:39:18 AM | Computer Name = LINYUE-FPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/9/2011 1:39:18 AM | Computer Name = LINYUE-FPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 44484

Error - 5/9/2011 1:39:18 AM | Computer Name = LINYUE-FPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 44484

Error - 5/9/2011 1:39:34 AM | Computer Name = LINYUE-FPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/9/2011 1:39:34 AM | Computer Name = LINYUE-FPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 60109

Error - 5/9/2011 1:39:34 AM | Computer Name = LINYUE-FPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 60109

Error - 5/9/2011 1:53:13 PM | Computer Name = LINYUE-FPC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 127.0.0.1
for ServerName .

Error - 5/11/2011 6:56:23 AM | Computer Name = LINYUE-FPC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 127.0.0.1
for ServerName .

[ OSession Events ]
Error - 8/10/2009 7:17:32 PM | Computer Name = LINYUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 47077
seconds with 19920 seconds of active time. This session ended with a crash.

Error - 8/21/2010 1:07:16 AM | Computer Name = LINYUE-FPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 30
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/8/2011 11:55:30 AM | Computer Name = LINYUE-FPC | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 5/8/2011 1:09:35 PM | Computer Name = LINYUE-FPC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0019D29B12C4. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 5/9/2011 12:11:48 AM | Computer Name = LINYUE-FPC | Source = Service Control Manager | ID = 7022
Description = The Apache Tomcat service hung on starting.

Error - 5/9/2011 12:11:48 AM | Computer Name = LINYUE-FPC | Source = Service Control Manager | ID = 7034
Description = The Apache Tomcat service terminated unexpectedly. It has done this
1 time(s).

Error - 5/9/2011 12:41:47 AM | Computer Name = LINYUE-FPC | Source = Service Control Manager | ID = 7034
Description = The Smart Card service terminated unexpectedly. It has done this
1 time(s).

Error - 5/9/2011 12:41:47 AM | Computer Name = LINYUE-FPC | Source = Service Control Manager | ID = 7034
Description = The MySQL service terminated unexpectedly. It has done this 1 time(s).

Error - 5/9/2011 1:54:58 PM | Computer Name = LINYUE-FPC | Source = Service Control Manager | ID = 7022
Description = The Apache Tomcat service hung on starting.

Error - 5/9/2011 1:54:58 PM | Computer Name = LINYUE-FPC | Source = Service Control Manager | ID = 7034
Description = The Apache Tomcat service terminated unexpectedly. It has done this
1 time(s).

Error - 5/11/2011 6:58:06 AM | Computer Name = LINYUE-FPC | Source = Service Control Manager | ID = 7022
Description = The Apache Tomcat service hung on starting.

Error - 5/11/2011 6:58:06 AM | Computer Name = LINYUE-FPC | Source = Service Control Manager | ID = 7034
Description = The Apache Tomcat service terminated unexpectedly. It has done this
1 time(s).


< End of report >
 
We're not done yet, but I'm not sure about what you just said.
You're complaining about redirection.
Is it no more?
 
Very well :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
[2011/04/15 00:26:53 | 000,002,423 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2010/08/02 13:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
All processes killed
========== OTL ==========
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Starting removal of ActiveX control {00000055-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\fhg.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000055-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\WINDOWS\System32\dllcache\cscui.dll.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\dsound.dll.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\themeui.dll.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\002692_.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Lin Yue
->Temp folder emptied: 3517434 bytes
->Temporary Internet Files folder emptied: 2541741 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 176916195 bytes
->Google Chrome cache emptied: 278322316 bytes
->Apple Safari cache emptied: 6063104 bytes
->Flash cache emptied: 50083 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 7736 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 65988 bytes
RecycleBin emptied: 45556 bytes

Total Files Cleaned = 446.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Lin Yue
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05172011_003906

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Good:)

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee AntiVirus Plus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6
Java(TM) SE Development Kit 6
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.17)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````





Eset online scan no threats found.
 
Uninstall:
Java(TM) SE Runtime Environment 6
Java(TM) SE Development Kit 6

=================================================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

=====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lin Yue
->Temp folder emptied: 32772 bytes
->Temporary Internet Files folder emptied: 311675 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 79396416 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3456 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18816 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 76.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Lin Yue
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 05202011_005203

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Babylon redirects seem to be resolved.

Scans by antivirus/malware programs return no threats.

Computer also seems to be running faster than before.

:)
 
Status
Not open for further replies.

Similar threads

D
Google paid over $26 billion in 2021 to be the default search engine across devices
Replies
7
Views
340
Theinsanegamer
T
Daniel Sims
AI-powered Google search can now generate images and text drafts
Replies
1
Views
237
WhoCaresAnymore
WhoCaresAnymore
midian182
Chromium-based browsers drop option to delete default search engines
Replies
7
Views
1K
captaincranky
captaincranky

Latest posts

Back