Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus [Solved]


  • This topic is locked This topic is locked

#1
applestarz

applestarz

    Member

  • Member
  • PipPip
  • 21 posts
Hello everybody.I've recently been infected with the Google Redirect Virus. How do I remove it?

I have also attached a log from Hijack This.

Thankyou for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:24 PM, on 17/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\MMaestro\Kmaestro.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [BtcMouseMaestro] "C:\Program Files\MMaestro\KMaestro.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [LiveZilla] "C:\Program Files\LiveZilla\LiveZilla.exe" -minimize
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.taobao.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe
O23 - Service: Findbasic Service - Unknown owner - C:\ProgramData\Findbasic\findbasic120.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe

--
End of file - 9747 bytes

Edited by applestarz, 17 October 2009 - 04:35 AM.

  • 0

Advertisements


#2
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello applestarz and welcome to GeeksToGo.
I'm hammerman and I'm going to help you fix your problem.

Can you please go to the Malware and Spyware Cleaning Guide and follow the steps in the guide.

These steps will remove the majority of infections. If you still need assistance, post the following logs in a reply to this topic.

1. RootRepeal log
2. Malwarebytes log
3. OTL logs

  • 0

#3
applestarz

applestarz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi hammerman! Thankyou. I will do that now and let you know.

Edited by applestarz, 18 October 2009 - 03:39 AM.

  • 0

#4
applestarz

applestarz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi, I've completed all the steps in the guide however I still have that Google redirect virus. With MalwareBytes, nothing was detected.

Attached are the logs.

Thankyou for your assistance! :)

Attached Files


  • 0

#5
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Can you please post the logs, not attach them. Thanks.
  • 0

#6
applestarz

applestarz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Ok. Here is the log for RootRepeal:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/18 20:29
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x8068C000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x82052000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8EB5D000 Size: 294912 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x80797000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x8079F000 Size: 122880 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\Windows\System32\ATMFD.DLL
Address: 0x95A50000 Size: 311296 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8E894000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x80482000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x81B6E000 Size: 102400 File Visible: - Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x95A40000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0xA9596000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8E37A000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x804CB000 Size: 917504 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x82DA0000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x8048A000 Size: 266240 File Visible: - Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8E9B2000 Size: 53248 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x82DC1000 Size: 36864 File Visible: - Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8E97A000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x82D8F000 Size: 69632 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8E85F000 Size: 151552 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8E9CA000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8E9BF000 Size: 45056 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8E9E4000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8E207000 Size: 651264 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x82D68000 Size: 159744 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x807EF000 Size: 65536 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x807BD000 Size: 204800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8E884000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x8EAF2000 Size: 110592 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Address: 0x8E392000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x8201F000 Size: 208896 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8E2B3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8E99A000 Size: 65536 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8E8B7000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8E991000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x81AE6000 Size: 438272 File Visible: - Signed: -
Status: -

Name: igdkmd32.sys
Image Path: C:\Windows\system32\DRIVERS\igdkmd32.sys
Address: 0x8DC06000 Size: 6295552 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: C:\Windows\system32\drivers\intelide.sys
Address: 0x80772000 Size: 28672 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x827E5000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\Windows\system32\DRIVERS\ipfltdrv.sys
Address: 0x81AB1000 Size: 73728 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8E4DA000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8E9EE000 Size: 36864 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80409000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8E509000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x82604000 Size: 462848 File Visible: - Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x81AC3000 Size: 65536 File Visible: - Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x8E59E000 Size: 110592 File Visible: - Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x80411000 Size: 393216 File Visible: - Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8E58F000 Size: 61440 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8E4E5000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x8E9AA000 Size: 32768 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x80787000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x81B87000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x81B9C000 Size: 131072 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x81BBC000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x8E5B9000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x81BDB000 Size: 98304 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8E8FB000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x806DB000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8E398000 Size: 188416 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x82780000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8E533000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x82D59000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x82675000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8E464000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8E46F000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8E57E000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8E91D000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8EBA5000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x827AB000 Size: 237568 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8E906000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8EA00000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x82C09000 Size: 1110016 File Visible: - Signed: -
Status: -

Name: NTIPPKernel.sys
Image Path: C:\Program Files\CyberLink\SoftDMA\Kernel\DMP\NTIPPKernel.sys
Address: 0xA945D000 Size: 122624 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x82052000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8E88D000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8EBE0000 Size: 90112 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\Windows\system32\DRIVERS\parport.sys
Address: 0x8E362000 Size: 98304 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x8070A000 Size: 61440 File Visible: - Signed: -
Status: -

Name: parvdm.sys
Image Path: C:\Windows\system32\DRIVERS\parvdm.sys
Address: 0xA9456000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x806E3000 Size: 159744 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x80779000 Size: 57344 File Visible: - Signed: -
Status: -

Name: pctfw.sys
Image Path: C:\Windows\system32\DRIVERS\pctfw.sys
Address: 0x8E4F0000 Size: 93952 File Visible: - Signed: -
Status: -

Name: pctfw2.sys
Image Path: C:\Windows\System32\drivers\pctfw2.sys
Address: 0x8EB23000 Size: 154752 File Visible: - Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xA947B000 Size: 909312 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x82052000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8E832000 Size: 184320 File Visible: - Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x80471000 Size: 69632 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8E914000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8E44D000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8E492000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8E4A1000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8E4B5000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x82052000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8E93E000 Size: 245760 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8E8EB000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8E8F3000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA95B4000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x81AD3000 Size: 77824 File Visible: - Signed: -
Status: -

Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8E60B000 Size: 2254336 File Visible: - Signed: -
Status: -

Name: Rtlh86.sys
Image Path: C:\Windows\system32\DRIVERS\Rtlh86.sys
Address: 0x8E2C5000 Size: 135168 File Visible: - Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xA9559000 Size: 40960 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\Windows\system32\DRIVERS\serenum.sys
Address: 0x8E358000 Size: 40960 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\Windows\system32\DRIVERS\serial.sys
Address: 0x8E33E000 Size: 106496 File Visible: - Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8EB49000 Size: 81920 File Visible: - Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x82D51000 Size: 32768 File Visible: - Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x81A02000 Size: 716800 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xA940A000 Size: 311296 File Visible: - Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x8E3C6000 Size: 159744 File Visible: - Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x81B51000 Size: 118784 File Visible: - Signed: -
Status: -

Name: StarOpen.SYS
Image Path: C:\Windows\System32\Drivers\StarOpen.SYS
Address: 0x8EBF6000 Size: 24576 File Visible: - Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8E401000 Size: 266240 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8E507000 Size: 4992 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8EA0B000 Size: 946176 File Visible: - Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xA9563000 Size: 49152 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8E442000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8EB0D000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8E4CA000 Size: 65536 File Visible: - Signed: -
Status: -

Name: TfFsMon.sys
Image Path: C:\Windows\system32\drivers\TfFsMon.sys
Address: 0x805AB000 Size: 69632 File Visible: - Signed: -
Status: -

Name: TfKbMon.sys
Image Path: C:\Windows\System32\Drivers\TfKbMon.sys
Address: 0x8E9F7000 Size: 32768 File Visible: - Signed: -
Status: -

Name: TfSysMon.sys
Image Path: C:\Windows\system32\drivers\TfSysMon.sys
Address: 0x805BC000 Size: 49152 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x95A20000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x82DF5000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x82DEA000 Size: 45056 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8E53D000 Size: 53248 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8E89B000 Size: 94208 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8EBFC000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8E32F000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8E54A000 Size: 212992 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8E2F1000 Size: 253952 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x8E9D2000 Size: 73728 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8E2E6000 Size: 45056 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8E8BE000 Size: 49152 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8E8CA000 Size: 135168 File Visible: - Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x80719000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x80728000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x82D18000 Size: 233472 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8E92B000 Size: 77824 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8E2A6000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80603000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x8067F000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x95800000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x95800000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x806D2000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x82052000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\Windows\system32\drivers\ws2ifsl.sys
Address: 0x8EBD7000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0xA9584000 Size: 73728 File Visible: - Signed: -
Status: -

Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0xA956F000 Size: 83328 File Visible: - Signed: -
Status: -


MalwareBytes:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6001 Service Pack 1

18/10/2009 8:25:14 PM
mbam-log-2009-10-18 (20-25-14).txt

Scan type: Quick Scan
Objects scanned: 89344
Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Log for OTL:


OTL logfile created on: 18/10/2009 8:30:33 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\Jenny\Documents
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 85.81% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.28 Gb Total Space | 79.54 Gb Free Space | 57.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNY-PC
Current User Name: Jenny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/18 20:07:36 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Documents\OTL.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/25 07:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/01 06:37:42 | 00,139,776 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe
PRC - [2009/07/28 11:19:10 | 00,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/07/09 13:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/03 15:08:32 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/05/21 12:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/01/14 13:00:00 | 00,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/01/06 19:29:14 | 06,707,744 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/29 17:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/07/23 10:40:54 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/05/02 15:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/03/18 03:06:00 | 01,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/01/21 13:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/21 13:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 13:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/21 13:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/21 13:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2008/01/21 13:23:29 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2007/10/01 22:45:22 | 00,840,704 | ---- | M] () -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2007/07/25 12:08:46 | 00,077,824 | ---- | M] () -- C:\Program Files\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe
PRC - [2007/07/23 20:00:20 | 00,385,024 | ---- | M] (Kmaestro) -- C:\Program Files\MMaestro\Kmaestro.exe
PRC - [2007/05/24 17:24:38 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2007/05/24 17:24:34 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2007/05/24 17:24:26 | 00,154,392 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2007/02/20 01:53:52 | 00,251,576 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2006/10/27 01:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006/04/15 04:07:20 | 28,933,976 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005/01/21 22:37:16 | 00,143,360 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2001/02/23 11:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Findbasic Service [Auto | Stopped])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/07/09 13:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/06/03 15:08:30 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/10/15 10:34:34 | 01,079,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Internet Security\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
SRV - [2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Internet Security\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])
SRV - [2008/06/06 12:15:08 | 00,066,880 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe -- (ThreatFire [On_Demand | Stopped])
SRV - [2008/01/21 13:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2008/01/21 13:25:21 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/01/21 13:25:20 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/01/21 13:25:20 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/01/21 13:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/21 13:25:06 | 00,371,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS [On_Demand | Running])
SRV - [2008/01/21 13:25:06 | 00,371,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC [Auto | Running])
SRV - [2008/01/21 13:25:06 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc [Auto | Running])
SRV - [2008/01/21 13:24:55 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/21 13:24:45 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/01/21 13:23:49 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/01/21 13:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2007/07/25 12:08:46 | 00,077,824 | ---- | M] () -- C:\Program Files\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe -- (CLHNService [Auto | Running])
SRV - [2006/11/02 23:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 23:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2006/10/27 13:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/27 01:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/04/15 04:07:20 | 28,933,976 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [Auto | Running])
SRV - [2006/04/15 04:05:58 | 00,240,416 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2006/04/15 04:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - [2005/10/14 21:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2005/01/21 22:37:16 | 00,143,360 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2001/02/23 11:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 99 F0 33 00 4A D7 93 46 91 8B 6B 01 AF 69 4D C5 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {8B72860F-C5F8-4286-865E-D2C2DB98A9E6}:0.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: [email protected]:5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.3
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.5.0
FF - prefs.js..extensions.enabledItems: {e36db930-f18d-4449-b45f-e286cfb9e03a}:3.1.09060400
FF - prefs.js..extensions.enabledItems: {b16728a5-d2ee-4011-ac93-9d4a6af0fd6e}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/07/23 10:41:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/17 14:39:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/18 11:16:36 | 00,000,000 | ---D | M]

[2009/06/02 17:08:24 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions
[2009/01/30 22:24:55 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/02 17:08:24 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/10/18 14:56:31 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions
[2009/07/10 19:50:27 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/08/05 17:33:18 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2009/08/04 22:39:12 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/08/13 17:48:30 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}
[2009/10/17 13:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{b16728a5-d2ee-4011-ac93-9d4a6af0fd6e}
[2009/08/13 17:48:31 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{bbc21d30-1cff-11da-8cd6-0800200c9a66}
[2009/07/24 11:41:30 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/13 17:48:42 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2009/08/04 22:39:12 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/03/04 22:11:10 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{f16d5b82-3b2a-4446-b278-a6a75bfcfe00}
[2009/08/12 16:59:37 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\[email protected]
[2009/08/13 17:48:31 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\[email protected]
[2009/09/19 16:09:27 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\[email protected]
[2009/02/01 17:26:14 | 00,000,417 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\FireFox\Profiles\s7dorkb6.default\searchplugins\kim-doan.xml
[2009/06/13 10:24:30 | 00,000,585 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\FireFox\Profiles\s7dorkb6.default\searchplugins\scour---search-socially.xml
[2009/08/13 17:47:30 | 00,000,705 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\FireFox\Profiles\s7dorkb6.default\searchplugins\webster.xml
[2009/10/16 01:39:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/17 14:39:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/01 17:45:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/02 17:06:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/07/03 16:47:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/25 07:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/25 07:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/14 08:55:22 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/01/16 19:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/02/12 06:16:16 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/05/21 12:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/14 08:54:50 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/27 13:18:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/25 07:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/27 14:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/10/17 13:33:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/17 13:33:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/17 13:33:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/05/30 12:57:06 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2009/05/14 08:55:22 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/25 05:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/25 05:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/25 05:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/25 05:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/25 05:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/25 05:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/25 05:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (789 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1.activate.adobe.com
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BtcMouseMaestro] C:\Program Files\MMaestro\KMaestro.exe (Kmaestro)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LiveZilla] C:\Program Files\LiveZilla\LiveZilla.exe (SPAUN Power GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{562d4118-57a6-11de-949b-001d92941cf3}\Shell - "" = AutoRun
O33 - MountPoints2\{562d4118-57a6-11de-949b-001d92941cf3}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{73d28eab-558b-11de-9269-001d92941cf3}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{73d28eab-558b-11de-9269-001d92941cf3}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{73d28eae-558b-11de-9269-001d92941cf3}\Shell - "" = AutoRun
O33 - MountPoints2\{73d28eae-558b-11de-9269-001d92941cf3}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\Shell\AutoRun\command - "" = J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
O33 - MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\Shell\open\command - "" = J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
O33 - MountPoints2\{f3e311b0-eeb5-11dd-abd0-001d92941cf3}\Shell\AutoRun\command - "" = D:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
O33 - MountPoints2\{f3e311b0-eeb5-11dd-abd0-001d92941cf3}\Shell\open\command - "" = D:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
O33 - MountPoints2\{fed8e59f-a412-11de-8f48-001d92941cf3}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{fed8e5a1-a412-11de-8f48-001d92941cf3}\Shell\AutoRun\command - "" = J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
O33 - MountPoints2\{fed8e5a1-a412-11de-8f48-001d92941cf3}\Shell\open\command - "" = J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/12 11:38:55 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/13 04:20:10 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2009/10/17 18:40:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/18 02:14:52 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2009/10/06 12:47:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2009/10/17 18:41:02 | 00,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Malwarebytes
[2009/10/06 16:26:45 | 00,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Ubisoft
[2009/10/13 05:06:32 | 00,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\Canon Easy-PhotoPrint EX
[1 C:\Users\Jenny\Documents\*.tmp files]
[2009/10/18 20:18:13 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/12 11:38:59 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/12 11:38:59 | 00,000,000 | ---D | C] -- C:\Program Files\iPod(11)
[2009/10/12 11:38:54 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/12 11:38:54 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes(12)
[2009/10/17 18:40:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/09 14:47:11 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/10/18 02:14:52 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2009/10/05 18:33:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/10/12 11:21:31 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/10/17 21:19:33 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/18 20:01:43 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Documents\OTL.exe
[2009/10/18 20:01:23 | 00,472,064 | ---- | C] ( ) -- C:\Users\Jenny\Documents\RootRepeal.exe
[2009/10/18 19:59:24 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Jenny\Documents\erunt_setup.exe
[2009/10/18 19:58:27 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Jenny\Documents\SysRestorePoint.exe
[2009/10/18 19:57:56 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Documents\TFC.exe
[2009/10/18 12:05:42 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\2009_10_18
[2009/10/17 22:52:16 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\ClubLive Bot
[2009/10/17 21:11:16 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jenny\Documents\HJTInstall.exe
[2009/10/17 19:48:44 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/10/17 18:40:58 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/10/17 18:40:56 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/10/17 15:40:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/10/17 15:40:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/10/17 15:40:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/10/17 15:40:50 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/10/17 15:40:30 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/17 15:40:03 | 00,634,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jenny\Documents\mbam-setup.exe
[2009/10/17 15:39:44 | 00,000,000 | ---D | C] -- C:\Qoobox

========== Files - Modified Within 14 Days ==========

[1 C:\Users\Jenny\Documents\*.tmp files]
[2009/10/18 20:26:03 | 00,000,000 | ---- | M] () -- C:\Users\Jenny\Documents\settings.dat
[2009/10/18 20:18:14 | 00,000,738 | ---- | M] () -- C:\Users\Jenny\Desktop\NTREGOPT.lnk
[2009/10/18 20:18:14 | 00,000,719 | ---- | M] () -- C:\Users\Jenny\Desktop\ERUNT.lnk
[2009/10/18 20:09:38 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/18 20:09:38 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/18 20:09:33 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/18 20:09:29 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/18 20:09:27 | 32,110,59200 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/18 20:07:36 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Documents\OTL.exe
[2009/10/18 20:04:08 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Jenny\Documents\erunt_setup.exe
[2009/10/18 20:03:33 | 00,472,064 | ---- | M] ( ) -- C:\Users\Jenny\Documents\RootRepeal.exe
[2009/10/18 20:02:11 | 00,841,216 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/18 20:02:11 | 00,708,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/18 20:02:11 | 00,143,628 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/18 20:01:35 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E94DFA29-8D31-482E-91E1-781862F24D2A}.job
[2009/10/18 19:59:50 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Jenny\Documents\SysRestorePoint.exe
[2009/10/18 19:59:05 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Documents\TFC.exe
[2009/10/18 16:33:04 | 02,402,533 | -H-- | M] () -- C:\Users\Jenny\AppData\Local\IconCache.db
[2009/10/18 15:51:28 | 00,022,016 | ---- | M] () -- C:\Users\Jenny\Documents\Copy of Tu Le Order 15-10-09.xls
[2009/10/18 12:27:45 | 00,459,659 | ---- | M] () -- C:\Users\Jenny\Documents\Loc Anh Huynh.pdf
[2009/10/18 02:14:52 | 00,000,815 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan.lnk
[2009/10/18 02:14:52 | 00,000,813 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/17 22:49:01 | 00,422,906 | ---- | M] () -- C:\Users\Jenny\Documents\ClubLive Bot.rar
[2009/10/17 21:19:33 | 00,001,879 | ---- | M] () -- C:\Users\Jenny\Desktop\HijackThis.lnk
[2009/10/17 21:19:06 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jenny\Documents\HJTInstall.exe
[2009/10/17 18:41:00 | 00,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2009/10/17 15:58:22 | 00,634,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jenny\Documents\mbam-setup.exe
[2009/10/17 15:37:24 | 03,348,750 | R--- | M] () -- C:\Users\Jenny\Desktop\Combo-Fix.exe
[2009/10/17 15:35:19 | 00,000,395 | -HS- | M] () -- C:\Users\Jenny\AppData\Roaming\02000000e54ba866689O.manifest
[2009/10/17 15:35:09 | 00,005,609 | -HS- | M] () -- C:\Users\Jenny\AppData\Roaming\02000000e54ba866689C.manifest
[2009/10/17 15:35:09 | 00,002,043 | -HS- | M] () -- C:\Users\Jenny\AppData\Roaming\02000000e54ba866689P.manifest
[2009/10/17 14:40:00 | 00,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/17 14:39:57 | 00,000,011 | -HS- | M] () -- C:\Users\Jenny\AppData\Roaming\02000000e54ba866689S.manifest
[2009/10/17 14:34:44 | 00,180,192 | ---- | M] () -- C:\Users\Jenny\Documents\Nitrogen Cycle.docx
[2009/10/17 14:14:10 | 00,027,136 | ---- | M] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/17 13:32:59 | 00,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/10/17 13:31:54 | 00,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/10/15 23:57:13 | 00,000,104 | ---- | M] () -- C:\Users\Jenny\Desktop\Outlook.lnk
[2009/10/15 10:11:39 | 00,001,372 | ---- | M] () -- C:\Windows\System32\9Bp0dfrzLHoVz.vbs
[2009/10/15 10:04:05 | 00,121,344 | ---- | M] () -- C:\Windows\System32\AzSqlExt32.dll
[2009/10/15 10:04:04 | 00,001,372 | ---- | M] () -- C:\Windows\System32\metnJx0.vbs
[2009/10/15 10:03:05 | 00,339,968 | ---- | M] () -- C:\Users\Jenny\Documents\update_for_media_player_(KB972036).exe
[2009/10/15 07:05:50 | 00,011,252 | ---- | M] () -- C:\Users\Jenny\Documents\To Do List.docx
[2009/10/15 02:37:43 | 06,818,297 | ---- | M] () -- C:\Users\Jenny\Documents\prestashop_1.2.4.0.zip
[2009/10/15 02:21:29 | 00,053,253 | ---- | M] () -- C:\Users\Jenny\Documents\PS_MinimumQTY_ps1.1.zip
[2009/10/15 01:46:42 | 00,305,910 | ---- | M] () -- C:\Users\Jenny\Documents\1255574692-125e4209.sql.gz
[2009/10/15 00:57:20 | 00,009,986 | ---- | M] () -- C:\Users\Jenny\Documents\nice quotes.docx
[2009/10/14 03:13:13 | 00,012,795 | ---- | M] () -- C:\Users\Jenny\Documents\girraween appeal.docx
[2009/10/12 11:33:31 | 00,053,760 | ---- | M] () -- C:\Users\Jenny\Documents\YG.doc
[2009/10/12 11:33:14 | 00,055,296 | ---- | M] () -- C:\Users\Jenny\Documents\audition_us_2005_yg.doc
[2009/10/12 11:22:47 | 00,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\Windows\PEV.exe
[2009/10/09 19:37:31 | 00,010,493 | ---- | M] () -- C:\Users\Jenny\Documents\4 hour email promotion 09-10-09.docx
[2009/10/09 17:44:44 | 00,093,479 | ---- | M] () -- C:\Windows\Email Marketing Pro Uninstaller.exe
[2009/10/09 17:44:44 | 00,000,855 | ---- | M] () -- C:\Users\Jenny\Desktop\Email Marketing Pro.lnk
[2009/10/08 11:05:03 | 00,007,691 | -HS- | M] () -- C:\Users\Jenny\Documents\Folder.jpg
[2009/10/08 11:05:03 | 00,007,691 | -HS- | M] () -- C:\Users\Jenny\Documents\AlbumArt_{7135D1C5-8BC0-4B7E-86B4-5904E6B98C52}_Large.jpg
[2009/10/08 11:05:03 | 00,001,756 | -HS- | M] () -- C:\Users\Jenny\Documents\AlbumArtSmall.jpg
[2009/10/08 11:05:03 | 00,001,756 | -HS- | M] () -- C:\Users\Jenny\Documents\AlbumArt_{7135D1C5-8BC0-4B7E-86B4-5904E6B98C52}_Small.jpg
[2009/10/05 18:12:33 | 00,001,673 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk

========== Files - No Company Name ==========
[2009/10/18 20:26:03 | 00,000,000 | ---- | C] () -- C:\Users\Jenny\Documents\settings.dat
[2009/10/18 20:18:14 | 00,000,738 | ---- | C] () -- C:\Users\Jenny\Desktop\NTREGOPT.lnk
[2009/10/18 20:18:14 | 00,000,719 | ---- | C] () -- C:\Users\Jenny\Desktop\ERUNT.lnk
[2009/10/18 15:22:16 | 00,022,016 | ---- | C] () -- C:\Users\Jenny\Documents\Copy of Tu Le Order 15-10-09.xls
[2009/10/18 12:25:31 | 00,459,659 | ---- | C] () -- C:\Users\Jenny\Documents\Loc Anh Huynh.pdf
[2009/10/18 02:14:52 | 00,000,815 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan.lnk
[2009/10/18 02:14:52 | 00,000,813 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/17 22:45:50 | 00,422,906 | ---- | C] () -- C:\Users\Jenny\Documents\ClubLive Bot.rar
[2009/10/17 21:19:33 | 00,001,879 | ---- | C] () -- C:\Users\Jenny\Desktop\HijackThis.lnk
[2009/10/17 18:41:00 | 00,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2009/10/17 15:40:50 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/17 15:40:50 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/17 15:40:50 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/17 15:40:50 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/17 15:28:36 | 03,348,750 | R--- | C] () -- C:\Users\Jenny\Desktop\Combo-Fix.exe
[2009/10/17 14:34:44 | 00,180,192 | ---- | C] () -- C:\Users\Jenny\Documents\Nitrogen Cycle.docx
[2009/10/16 01:39:13 | 00,001,729 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/15 23:57:13 | 00,000,104 | ---- | C] () -- C:\Users\Jenny\Desktop\Outlook.lnk
[2009/10/15 10:11:39 | 00,001,372 | ---- | C] () -- C:\Windows\System32\9Bp0dfrzLHoVz.vbs
[2009/10/15 10:04:24 | 00,005,609 | -HS- | C] () -- C:\Users\Jenny\AppData\Roaming\02000000e54ba866689C.manifest
[2009/10/15 10:04:24 | 00,002,043 | -HS- | C] () -- C:\Users\Jenny\AppData\Roaming\02000000e54ba866689P.manifest
[2009/10/15 10:04:24 | 00,000,395 | -HS- | C] () -- C:\Users\Jenny\AppData\Roaming\02000000e54ba866689O.manifest
[2009/10/15 10:04:24 | 00,000,011 | -HS- | C] () -- C:\Users\Jenny\AppData\Roaming\02000000e54ba866689S.manifest
[2009/10/15 10:04:05 | 00,121,344 | ---- | C] () -- C:\Windows\System32\AzSqlExt32.dll
[2009/10/15 10:04:04 | 00,001,372 | ---- | C] () -- C:\Windows\System32\metnJx0.vbs
[2009/10/15 09:51:21 | 00,339,968 | ---- | C] () -- C:\Users\Jenny\Documents\update_for_media_player_(KB972036).exe
[2009/10/15 02:21:01 | 00,053,253 | ---- | C] () -- C:\Users\Jenny\Documents\PS_MinimumQTY_ps1.1.zip
[2009/10/15 02:05:16 | 06,818,297 | ---- | C] () -- C:\Users\Jenny\Documents\prestashop_1.2.4.0.zip
[2009/10/15 01:44:51 | 00,305,910 | ---- | C] () -- C:\Users\Jenny\Documents\1255574692-125e4209.sql.gz
[2009/10/15 00:57:19 | 00,009,986 | ---- | C] () -- C:\Users\Jenny\Documents\nice quotes.docx
[2009/10/13 06:34:21 | 00,011,252 | ---- | C] () -- C:\Users\Jenny\Documents\To Do List.docx
[2009/10/12 11:40:46 | 00,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/10/12 11:35:16 | 00,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/10/12 11:33:30 | 00,053,760 | ---- | C] () -- C:\Users\Jenny\Documents\YG.doc
[2009/10/12 11:33:11 | 00,055,296 | ---- | C] () -- C:\Users\Jenny\Documents\audition_us_2005_yg.doc
[2009/10/12 11:22:47 | 00,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2009/10/09 19:37:27 | 00,010,493 | ---- | C] () -- C:\Users\Jenny\Documents\4 hour email promotion 09-10-09.docx
[2009/10/09 17:44:44 | 00,093,479 | ---- | C] () -- C:\Windows\Email Marketing Pro Uninstaller.exe
[2009/10/09 17:44:44 | 00,000,855 | ---- | C] () -- C:\Users\Jenny\Desktop\Email Marketing Pro.lnk
[2009/10/08 11:05:03 | 00,007,691 | -HS- | C] () -- C:\Users\Jenny\Documents\AlbumArt_{7135D1C5-8BC0-4B7E-86B4-5904E6B98C52}_Large.jpg
[2009/10/08 11:05:03 | 00,001,756 | -HS- | C] () -- C:\Users\Jenny\Documents\AlbumArt_{7135D1C5-8BC0-4B7E-86B4-5904E6B98C52}_Small.jpg
[2009/10/08 11:00:42 | 00,007,691 | -HS- | C] () -- C:\Users\Jenny\Documents\Folder.jpg
[2009/10/08 11:00:42 | 00,001,756 | -HS- | C] () -- C:\Users\Jenny\Documents\AlbumArtSmall.jpg
[2009/10/05 18:12:33 | 00,001,673 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/09/18 19:50:55 | 00,000,680 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat
[2009/07/30 09:39:35 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/07/30 09:26:18 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/07/14 01:51:38 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/02 14:12:32 | 00,000,600 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\winscp.rnd
[2009/07/01 19:54:30 | 00,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2009/05/23 14:53:24 | 00,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2009/04/07 19:55:22 | 00,099,864 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2009/04/06 23:21:11 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/25 11:24:39 | 00,027,136 | ---- | C] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/05 19:36:04 | 00,000,213 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/02/05 19:36:04 | 00,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/02/05 19:22:54 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/02/05 19:22:53 | 00,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/01/30 22:06:32 | 00,024,206 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\UserTile.png
[2009/01/30 22:00:57 | 02,402,533 | -H-- | C] () -- C:\Users\Jenny\AppData\Local\IconCache.db
[2009/01/30 21:12:38 | 00,101,528 | ---- | C] () -- C:\Users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/12/27 18:27:18 | 00,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/12/27 18:27:18 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/12/27 18:27:18 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1277.dll
[2006/11/02 23:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 23:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 21:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 21:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 18:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/09/02 02:49:17 | 03,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== LOP Check ==========

[2009/10/17 18:48:39 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming
[2009/09/21 23:04:35 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\.purple
[2009/09/07 19:05:59 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ahead
[2009/04/08 16:47:31 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\BitZipper
[2009/02/08 22:51:48 | 00,000,000 | R--D | M] -- C:\Users\Jenny\AppData\Roaming\Brother
[2009/10/13 05:08:05 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Canon
[2009/07/11 10:27:12 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Desktopicon
[2009/10/18 20:09:43 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DMCache
[2009/10/15 02:00:57 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\FileZilla
[2009/09/01 23:56:42 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\gtk-2.0
[2009/10/18 20:09:57 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\IDM
[2009/07/06 00:50:08 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\iSerial Reader
[2009/10/18 20:09:56 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\LimeWire
[2006/11/02 23:37:34 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Media Center Programs
[2009/06/07 23:47:07 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Opera
[2009/01/30 22:46:16 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PCToolsFirewallPlus
[2009/01/30 22:46:07 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PCToolsSpamMonitorPlus
[2009/08/27 16:58:06 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PlayFirst
[2009/08/05 21:03:53 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Samsung
[2009/06/02 18:16:06 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SmartFTP
[2009/10/13 05:27:42 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ubisoft
[2009/08/27 17:56:07 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\UClick
[2009/08/23 01:08:15 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\uTorrent
[2009/01/31 21:44:35 | 00,000,384 | ---- | M] () -- C:\Windows\Tasks\NSSstub.job
[2009/10/18 20:09:33 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/10/18 20:08:56 | 00,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/10/18 20:01:35 | 00,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E94DFA29-8D31-482E-91E1-781862F24D2A}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2008/01/21 13:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 20:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:2785F3BB
< End of report >

Log for OTL Extras:

OTL Extras logfile created on: 18/10/2009 8:30:33 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\Jenny\Documents
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 85.81% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.28 Gb Total Space | 79.54 Gb Free Space | 57.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNY-PC
Current User Name: Jenny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{252E444E-511F-4676-8346-A0449DF7D438}" = rport=445 | protocol=6 | dir=out | app=system |
"{321F89C5-2857-48FE-A0E1-B39695C7FDEB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{393DA00E-A457-41CC-8DF4-859C078206A3}" = lport=139 | protocol=6 | dir=in | app=system |
"{50726673-DB8B-4233-96A2-5EA9B7CE8CBE}" = lport=138 | protocol=17 | dir=in | app=system |
"{52E9D37C-A017-4333-A192-EEA0F61449E1}" = lport=137 | protocol=17 | dir=in | app=system |
"{66290614-A98B-4E72-8BF8-4E5DD2665A31}" = lport=96 | protocol=6 | dir=in | name=express invoice web server |
"{8DC58CFA-5C0D-445E-951E-65C5FAB9E07A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{964E8CD2-63C2-4B25-9B34-648C650D0752}" = lport=445 | protocol=6 | dir=in | app=system |
"{97196514-AB6A-469D-98C5-CDDABF367D01}" = rport=138 | protocol=17 | dir=out | app=system |
"{9A2816A5-EFD1-4F36-AFEC-0BB6C38F1A1F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9C7F2DC9-8483-46F8-8450-B3611BBD5FB9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B146FAD9-D601-4CA1-9E4B-1F7D79068874}" = rport=137 | protocol=17 | dir=out | app=system |
"{D5A01C15-08A6-44E4-B628-47A65D7C8C2E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F408B6CA-36F1-461C-B202-B66085A3B8F8}" = lport=97 | protocol=6 | dir=in | name=inventoria stock manager web server |
"{FFCB356E-7415-4F37-95FC-537F512E36CF}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025E8EC1-F0E7-404E-9C5A-AA8F23A35502}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{031EC03A-1381-4F93-8B23-B38CE4251D79}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{187DA6A6-8AB6-4CF1-8F59-4C51754E482D}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{1C1F45F8-469C-4359-A8CE-A755A6337107}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{299062FA-CC4C-4B18-A1D2-9F763766DB22}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2B940DB5-5C35-424D-AF07-C3BAFCA69397}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{38B514DA-B2BD-44AD-9E70-EF53E50E9CDE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3CFFA679-D594-47EB-B7B0-A18308353752}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{438F5819-AD9D-4E7D-ACF0-B0D68EADD920}" = dir=in | app=c:\program files\cyberlink\softdma\softdma.exe |
"{4A1A0A99-C5B4-4E5C-8731-E68AAF518A6F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4D7AF60B-0026-4503-BC70-5F529595AB63}" = protocol=1 | dir=in | [email protected],-28543 |
"{554E188F-3264-4F34-B04A-1202ACD70B97}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{56B14FC2-82E9-45FF-97A2-4AB9A7CE3DBE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{56CBB772-AAF7-4ADD-8E24-669E297358D9}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{586BE7FF-F814-4E76-9C97-5B038FBADF7F}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{69C60FCD-9D73-4CB1-A519-955EC69E0444}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6C713D37-6873-4FBB-A5C8-F509A27B76BC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{80CB8AB5-4A3C-4BBB-84F6-D4226ED0326C}" = protocol=58 | dir=out | [email protected],-28546 |
"{81348E7E-EC89-4FC7-A54E-F2ED98258A90}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{83D4D3B7-E565-4993-9E21-EC882C259015}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AC80F3CB-77F6-4BAA-9C46-515E339F41B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B960B348-2BFE-4031-969E-DECB94D1726B}" = protocol=1 | dir=out | [email protected],-28544 |
"{C75351E6-915B-48DF-B3AE-D266CF99A083}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{DCAF20BD-7FFB-4891-864F-0E5293A37740}" = protocol=58 | dir=in | [email protected],-28545 |
"{EC34E7C4-444E-4FC0-B968-FAE6ECFBEF86}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EE1EF914-B29A-4E84-952F-3DAF3733D53B}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{FE95CAEF-A966-4271-82F9-DFC854A76DA6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0DCB6AD3-C4D4-4357-9FA8-EB1DEF2210DF}" = Winemaker Extraordinaire
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series" = Canon MX320 series MP Drivers
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{179624B1-2683-45ED-965A-B72189EB5820}" = Opera 9.51
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B779CC7-5F25-29B3-5150-AF44A6201033}" = Nero 7 Demo
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 14
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F45E3D3-8487-459B-ADB6-CB839B50266E}" = Cake Mania 3
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{356BC59E-BAB0-4840-9A12-75AA63B4834C}" = Chocolatier
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786547F9-59BB-4FA3-B2D8-327FF1F14870}" = Adobe Flash Player 9 ActiveX
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96183B1D-E85D-4A0F-94BD-44B50A0EE319}" = Fashion Fits
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = SoftDMA
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9DD470D-F582-49A0-BDF3-D98AED37F0C0}" = Dream Chronicles
"{BFB175B5-6F03-4608-8737-82B6C393E209}" = Diner Dash 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C4C91E02-D4E2-481E-BCBA-7D90CC8D43E1}" = LiveZilla
"{C923E470-1D20-4318-908A-15DF69EAC5A2}" = Setup
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F79A208D-D929-11D9-9D77-000129760D75}" = MagicDirector
"{FB9D78DB-2233-49E1-8ADC-5FA2E4D9B8C2}" = Cooking Academy
"{FC5F312A-1760-4632-909D-563AFADCBF44}" = Granny in Paradise
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adwizard_is1" = Adwizard V2.0.1
"amg-scubainaruba" = Scuba in Aruba
"Applian FLV Player2.0.24" = Applian FLV Player
"Brain Workout" = Brain Workout
"BrainTrainAge_is1" = Brain Train Age V3.80
"BtcMouseMaestro" = NEC Nmouse Driver V1.0
"Business Contact Manager for Outlook 2007" = Business Contact Manager for Outlook 2007
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy Unit Converter_is1" = Easy Unit Converter 1.21
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Email Marketing Pro" = Email Marketing Pro
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free WMV to AVI MPEG Converter_is1" = Free WMV to AVI MPEG Converter v1.2
"GameHouse" = GameHouse
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"Internet Download Manager" = Internet Download Manager
"LimeWire" = LimeWire PRO 5.2.13
"LiveZilla" = LiveZilla
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MostFun.com Games - Cake Mania 3" = MostFun.com Games - Cake Mania 3 (remove only)
"MostFun.com Games - Chocolatier" = MostFun.com Games - Chocolatier (remove only)
"MostFun.com Games - Cooking Academy" = MostFun.com Games - Cooking Academy (remove only)
"MostFun.com Games - Diner Dash 2" = MostFun.com Games - Diner Dash 2 (remove only)
"MostFun.com Games - Dream Chronicles" = MostFun.com Games - Dream Chronicles (remove only)
"MostFun.com Games - Fashion Fits" = MostFun.com Games - Fashion Fits (remove only)
"MostFun.com Games - Granny in Paradise" = MostFun.com Games - Granny in Paradise (remove only)
"MostFun.com Games - Winemaker Extraordinaire" = MostFun.com Games - Winemaker Extraordinaire (remove only)
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"PC Tools Internet Security" = PC Tools Internet Security 2009
"Pidgin" = Pidgin
"Privacy Guardian_is1" = Privacy Guardian 4.1
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 6.0" = RealPlayer
"Record Keeping Evaluation Tool" = Record Keeping Evaluation Tool
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"The Bar for FireFox_is1" = The Bar Toolbar 1.0
"The Color Picker" = The Color Picker 1.0
"TradeManager 2008" = TradeManager 2008
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Once agian, thanks a lot for your continued assistance! :)
  • 0

#7
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

1 - Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.
Leave the flash drives connected.

-- Step 2 --

I notice you are running one or more Peer-to-Peer (P2P) programs. The files shared by P2P programs are often infected with viruses and malware, even though they may appear to be legitimate. For this reason, I would recommend you uninstall them. If you decide to keep them, I ask that you do not use them while we are fixing your problem.

An article indicating the Dangers of P2P can be found here

-- Step 3 --

I think you may be running a cracked version of Adobe. You should uninstall cracked software. They are a real source of infection.

-- Step 4 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found -- -- (Findbasic Service [Auto | Stopped])
    O33 - MountPoints2\{562d4118-57a6-11de-949b-001d92941cf3}\Shell - "" = AutoRun
    O33 - MountPoints2\{562d4118-57a6-11de-949b-001d92941cf3}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{73d28eab-558b-11de-9269-001d92941cf3}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
    O33 - MountPoints2\{73d28eab-558b-11de-9269-001d92941cf3}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
    O33 - MountPoints2\{73d28eae-558b-11de-9269-001d92941cf3}\Shell - "" = AutoRun
    O33 - MountPoints2\{73d28eae-558b-11de-9269-001d92941cf3}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\Shell\AutoRun\command - "" = J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
    O33 - MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\Shell\open\command - "" = J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
    O33 - MountPoints2\{f3e311b0-eeb5-11dd-abd0-001d92941cf3}\Shell\AutoRun\command - "" = D:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
    O33 - MountPoints2\{f3e311b0-eeb5-11dd-abd0-001d92941cf3}\Shell\open\command - "" = D:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
    O33 - MountPoints2\{fed8e59f-a412-11de-8f48-001d92941cf3}\Shell\Auto\command - "" = Start.exe
    O33 - MountPoints2\{fed8e5a1-a412-11de-8f48-001d92941cf3}\Shell\AutoRun\command - "" = J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
    O33 - MountPoints2\{fed8e5a1-a412-11de-8f48-001d92941cf3}\Shell\open\command - "" = J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.

-- Step 5 --

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#8
applestarz

applestarz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Ok. Here is the log for OTL

All processes killed
========== OTL ==========
Service\Driver Findbasic Service stopped successfully.
Service\Driver Findbasic Service deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{562d4118-57a6-11de-949b-001d92941cf3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{562d4118-57a6-11de-949b-001d92941cf3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{562d4118-57a6-11de-949b-001d92941cf3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{562d4118-57a6-11de-949b-001d92941cf3}\ not found.
File J:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73d28eab-558b-11de-9269-001d92941cf3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73d28eab-558b-11de-9269-001d92941cf3}\ not found.
File C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73d28eab-558b-11de-9269-001d92941cf3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73d28eab-558b-11de-9269-001d92941cf3}\ not found.
File C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73d28eae-558b-11de-9269-001d92941cf3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73d28eae-558b-11de-9269-001d92941cf3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73d28eae-558b-11de-9269-001d92941cf3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73d28eae-558b-11de-9269-001d92941cf3}\ not found.
File K:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afc5770a-78df-11de-954c-001d92941cf3}\ not found.
J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afc5770a-78df-11de-954c-001d92941cf3}\ not found.
File J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e311b0-eeb5-11dd-abd0-001d92941cf3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3e311b0-eeb5-11dd-abd0-001d92941cf3}\ not found.
D:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e311b0-eeb5-11dd-abd0-001d92941cf3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3e311b0-eeb5-11dd-abd0-001d92941cf3}\ not found.
File D:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fed8e59f-a412-11de-8f48-001d92941cf3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed8e59f-a412-11de-8f48-001d92941cf3}\ not found.
File Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fed8e5a1-a412-11de-8f48-001d92941cf3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed8e5a1-a412-11de-8f48-001d92941cf3}\ not found.
File J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fed8e5a1-a412-11de-8f48-001d92941cf3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed8e5a1-a412-11de-8f48-001d92941cf3}\ not found.
File J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jenny
->Temp folder emptied: 33768 bytes
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 505827 bytes
->Java cache emptied: 0 bytes
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
->FireFox cache emptied: 35092302 bytes
->Apple Safari cache emptied: 8902 bytes
->Opera cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 156 bytes

Total Files Cleaned = 33.99 mb


OTL by OldTimer - Version 3.0.21.0 log created on 10182009_225555

Files\Folders moved on Reboot...
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...

Log for ComboFix

ComboFix 09-10-17.01 - Jenny 18/10/2009 23:21.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3062.1801 [GMT 11:00]
Running from: c:\users\Jenny\Desktop\ComboFix.exe
FW: Internet Security Firewall *disabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1975834376-2489573490-1094187436-500
c:\$recycle.bin\S-1-5-21-2996193442-292644214-2631654220-1000
c:\$recycle.bin\S-1-5-21-567813713-2864583929-3900996650-500
C:\restore
c:\users\Jenny\AppData\Roaming\02000000e54ba866689C.manifest
c:\users\Jenny\AppData\Roaming\02000000e54ba866689O.manifest
c:\users\Jenny\AppData\Roaming\02000000e54ba866689P.manifest
c:\users\Jenny\AppData\Roaming\02000000e54ba866689S.manifest
c:\users\Jenny\AppData\Roaming\Desktopicon
c:\users\Jenny\AppData\Roaming\Desktopicon\config.ini
c:\users\Jenny\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\windows\Installer\19c181.msi
c:\windows\Installer\4440b7.msi
c:\windows\system32\9Bp0dfrzLHoVz.vbs
c:\windows\system32\metnJx0.vbs

.
((((((((((((((((((((((((( Files Created from 2009-09-18 to 2009-10-18 )))))))))))))))))))))))))))))))
.

2009-10-18 12:30 . 2009-10-18 12:30 -------- d-----w- c:\users\Jenny\AppData\Local\temp
2009-10-18 12:30 . 2009-10-18 12:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-18 11:55 . 2009-10-18 11:55 -------- d-----w- C:\_OTL
2009-10-18 10:05 . 2009-10-18 10:05 -------- d-----w- c:\program files\Advanced Site Submitter
2009-10-18 09:18 . 2009-10-18 09:18 -------- d-----w- c:\program files\ERUNT
2009-10-17 15:14 . 2009-10-17 15:14 -------- d-----w- c:\programdata\McAfee Security Scan
2009-10-17 15:14 . 2009-10-17 15:14 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-17 10:19 . 2009-10-17 10:19 -------- d-----w- c:\program files\Trend Micro
2009-10-17 08:48 . 2009-10-17 08:49 -------- d-----w- C:\Combo-Fix
2009-10-17 07:41 . 2009-10-17 07:41 -------- d-----w- c:\users\Jenny\AppData\Roaming\Malwarebytes
2009-10-17 07:40 . 2009-09-10 03:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 07:40 . 2009-10-17 07:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-17 07:40 . 2009-10-17 07:40 -------- d-----w- c:\programdata\Malwarebytes
2009-10-17 07:40 . 2009-09-10 03:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-16 04:11 . 2009-09-30 23:29 195440 ----a-w- c:\windows\system32\MpSigStub.exe
2009-10-14 23:04 . 2009-10-14 23:04 121344 ----a-w- c:\windows\system32\AzSqlExt32.dll
2009-10-12 18:06 . 2009-10-12 18:08 -------- d-----w- c:\users\Jenny\AppData\Local\Canon Easy-PhotoPrint EX
2009-10-12 17:20 . 2009-10-17 02:17 -------- d--h--w- c:\programdata\CanonIJEGV
2009-10-12 00:40 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-12 00:40 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-12 00:38 . 2009-10-17 02:31 -------- d-----w- c:\program files\iPod
2009-10-12 00:38 . 2009-10-16 06:19 -------- d-----w- c:\program files\iPod(11)
2009-10-12 00:38 . 2009-10-12 00:40 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-12 00:38 . 2009-10-17 02:31 -------- d-----w- c:\program files\iTunes
2009-10-12 00:38 . 2009-10-12 00:40 -------- d-----w- c:\program files\iTunes(12)
2009-10-12 00:21 . 2009-10-12 00:22 -------- d-----w- c:\program files\Safari
2009-10-09 06:44 . 2009-10-09 06:44 93479 ----a-w- c:\windows\Email Marketing Pro Uninstaller.exe
2009-10-09 03:47 . 2009-10-17 02:18 -------- d-----w- c:\program files\McAfee
2009-10-07 23:31 . 2009-10-18 11:58 28672 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\NP_IDM5.dll
2009-10-06 05:26 . 2009-10-12 18:27 -------- d-----w- c:\users\Jenny\AppData\Roaming\Ubisoft
2009-10-06 01:47 . 2009-10-06 01:47 -------- d-----w- c:\programdata\Yahoo! Companion
2009-10-05 07:33 . 2009-10-05 07:33 -------- d-----w- c:\program files\Microsoft
2009-10-01 15:51 . 2009-10-01 15:51 -------- d-----w- c:\program files\Brain Spa
2009-10-01 15:15 . 2009-10-01 15:15 -------- d-----w- c:\program files\BrainTrainAge
2009-10-01 14:28 . 2009-10-01 14:28 -------- d-----w- C:\GameHouse Games
2009-10-01 08:55 . 2009-10-01 08:55 -------- d-----w- c:\users\Jenny\AppData\Local\Adwizard
2009-10-01 08:55 . 2009-10-01 08:55 -------- d-----w- c:\program files\Adwizard
2009-09-24 09:39 . 2009-09-24 09:41 -------- d-----w- c:\programdata\Findbasic
2009-09-24 09:39 . 2009-09-24 09:41 -------- d-----w- c:\program files\Findbasic
2009-09-18 13:55 . 2009-09-18 13:55 1185 ----a-w- c:\users\Jenny\AppData\Roaming\.purple\certificates\x509\tls_peers\typists.quicktate.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 12:19 . 2009-07-10 09:08 -------- d-----w- c:\users\Jenny\AppData\Roaming\DMCache
2009-10-18 12:05 . 2009-06-02 06:08 -------- d-----w- c:\users\Jenny\AppData\Roaming\LimeWire
2009-10-18 11:58 . 2009-07-10 09:28 28672 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\NP_IDM4.dll
2009-10-18 11:58 . 2009-07-10 09:28 28672 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\NP_IDM3.dll
2009-10-18 11:58 . 2009-07-10 09:28 28672 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\NP_IDM2.dll
2009-10-18 11:58 . 2009-07-10 09:28 -------- d-----w- c:\users\Jenny\AppData\Roaming\IDM
2009-10-18 11:58 . 2009-07-10 09:28 28672 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\NP_IDM1.dll
2009-10-17 02:33 . 2009-02-02 12:26 -------- d-----w- c:\program files\QuickTime
2009-10-17 02:18 . 2009-07-25 09:03 -------- d-----w- c:\program files\LiveZilla
2009-10-17 02:17 . 2009-07-25 09:03 -------- d-----w- c:\programdata\{99132AC5-3A7A-446C-AE3C-8DF2A46D5D29}
2009-10-17 02:17 . 2009-01-30 11:37 -------- d-----w- c:\program files\PC Tools Internet Security
2009-10-17 02:17 . 2009-02-02 12:26 -------- d-----w- c:\program files\Common Files\Apple
2009-10-16 06:23 . 2009-01-30 10:09 -------- d-----w- c:\programdata\McAfee
2009-10-14 15:00 . 2009-06-03 06:00 -------- d-----w- c:\users\Jenny\AppData\Roaming\FileZilla
2009-10-12 18:08 . 2009-09-07 07:18 -------- d-----w- c:\users\Jenny\AppData\Roaming\Canon
2009-10-12 03:10 . 2009-08-22 23:17 -------- d-----w- c:\users\Jenny\AppData\Roaming\Apple Computer
2009-10-09 06:47 . 2009-09-09 13:20 -------- d-----w- c:\program files\Email Marketing Pro
2009-10-09 05:54 . 2009-07-10 10:20 -------- d-----w- c:\program files\Unlocker
2009-10-05 23:35 . 2009-02-02 12:23 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-01 15:54 . 2009-06-01 10:33 -------- d-----w- c:\program files\LimeWire
2009-10-01 14:27 . 2009-09-06 11:29 -------- d-----w- c:\program files\RealArcade
2009-09-21 12:04 . 2009-09-18 09:06 -------- d-----w- c:\users\Jenny\AppData\Roaming\.purple
2009-09-18 08:51 . 2009-09-18 08:51 -------- d-----w- c:\program files\Pidgin
2009-09-18 08:51 . 2009-09-18 08:51 -------- d-----w- c:\program files\Common Files\GTK
2009-09-18 08:50 . 2009-09-18 08:50 680 ----a-w- c:\users\Jenny\AppData\Local\d3d9caps.dat
2009-09-17 13:35 . 2009-07-01 08:53 -------- d-----w- c:\users\Jenny\AppData\Roaming\Skype
2009-09-17 13:35 . 2009-07-01 08:54 -------- d-----w- c:\users\Jenny\AppData\Roaming\skypePM
2009-09-14 08:29 . 2009-09-14 08:29 -------- d-----w- c:\users\Jenny\AppData\Roaming\DivX
2009-09-12 01:25 . 2009-08-06 08:53 -------- d-----w- c:\program files\DivX
2009-09-12 01:25 . 2009-09-12 01:24 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-09-12 01:24 . 2009-09-12 01:24 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-11 10:45 . 2009-09-11 10:45 -------- d-----w- c:\programdata\EMP
2009-09-09 12:51 . 2009-09-09 12:33 1186980 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\DwnlData\Jenny\emp_200\emp.exe
2009-09-07 08:05 . 2009-09-07 07:56 -------- d-----w- c:\users\Jenny\AppData\Roaming\Ahead
2009-09-07 07:58 . 2009-01-30 11:28 -------- d-----w- c:\program files\Yahoo!
2009-09-07 07:54 . 2009-09-07 07:54 -------- d-----w- c:\program files\Common Files\Ahead
2009-09-07 07:54 . 2009-09-07 07:54 -------- d-----w- c:\program files\Nero
2009-09-07 07:19 . 2009-09-07 07:19 -------- d--h--w- c:\programdata\CanonIJScan
2009-09-06 09:13 . 2009-09-06 09:13 -------- d-----w- c:\program files\The Color Picker
2009-09-02 06:50 . 2009-07-01 12:25 -------- d-----w- c:\program files\FileZilla FTP Client
2009-09-01 12:56 . 2009-05-05 12:33 -------- d-----w- c:\users\Jenny\AppData\Roaming\gtk-2.0
2009-08-29 11:11 . 2009-08-29 11:10 -------- d-----w- c:\program files\RKET
2009-08-27 06:56 . 2009-08-27 06:56 -------- d-----w- c:\users\Jenny\AppData\Roaming\UClick
2009-08-27 06:56 . 2009-08-27 06:56 -------- d-----w- c:\programdata\UClick
2009-08-27 05:58 . 2009-03-07 06:58 -------- d-----w- c:\users\Jenny\AppData\Roaming\PlayFirst
2009-08-27 05:58 . 2009-03-07 06:58 -------- d-----w- c:\programdata\PlayFirst
2009-08-26 21:54 . 2009-03-06 23:05 -------- d-----w- c:\programdata\NeoEdge Networks
2009-08-26 21:53 . 2009-03-06 23:02 -------- d-----w- c:\program files\MostFun
2009-08-26 11:14 . 2009-08-26 11:14 -------- d-----w- c:\program files\Convert AVI to MP4
2009-08-26 10:41 . 2009-08-26 10:41 -------- d-----w- c:\program files\Free WMV to AVI MPEG Converter
2009-08-24 08:30 . 2009-02-05 08:29 -------- d-----w- c:\program files\Brother
2009-08-24 08:30 . 2008-07-22 23:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-22 23:17 . 2009-08-22 23:16 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-22 23:16 . 2009-08-22 23:14 -------- d-----w- c:\programdata\Apple Computer
2009-08-22 23:15 . 2009-08-22 23:15 -------- d-----w- c:\program files\Bonjour
2009-08-22 23:04 . 2008-07-22 23:27 -------- d-----w- c:\programdata\Microsoft Help
2009-08-22 14:08 . 2009-03-06 08:42 -------- d-----w- c:\users\Jenny\AppData\Roaming\uTorrent
2009-08-20 14:33 . 2009-08-20 14:30 -------- d-----w- c:\programdata\Yahoo!
2009-08-04 20:32 . 2009-01-30 10:12 101528 ----a-w- c:\users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-29 22:36 . 2009-07-29 22:26 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-07-26 05:44 . 2009-07-26 05:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-08 11:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-03 39408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-10-01 840704]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-24 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-24 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-24 138008]
"BtcMouseMaestro"="c:\program files\MMaestro\KMaestro.exe" [2007-07-23 385024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-22 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6707744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"LiveZilla"="c:\program files\LiveZilla\LiveZilla.exe" [2009-07-08 2754888]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-8-1 139776]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{438F5819-AD9D-4E7D-ACF0-B0D68EADD920}"= c:\program files\CyberLink\SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{1C1F45F8-469C-4359-A8CE-A755A6337107}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{299062FA-CC4C-4B18-A1D2-9F763766DB22}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{F408B6CA-36F1-461C-B202-B66085A3B8F8}"= UDP:97:Inventoria Stock Manager Web Server
"{66290614-A98B-4E72-8BF8-4E5DD2665A31}"= UDP:96:Express Invoice Web Server
"{9C7F2DC9-8483-46F8-8450-B3611BBD5FB9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{69C60FCD-9D73-4CB1-A519-955EC69E0444}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FE95CAEF-A966-4271-82F9-DFC854A76DA6}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AC80F3CB-77F6-4BAA-9C46-515E339F41B7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{554E188F-3264-4F34-B04A-1202ACD70B97}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{56CBB772-AAF7-4ADD-8E24-669E297358D9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2B940DB5-5C35-424D-AF07-C3BAFCA69397}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{025E8EC1-F0E7-404E-9C5A-AA8F23A35502}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{187DA6A6-8AB6-4CF1-8F59-4C51754E482D}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{4A1A0A99-C5B4-4E5C-8731-E68AAF518A6F}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{031EC03A-1381-4F93-8B23-B38CE4251D79}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{38B514DA-B2BD-44AD-9E70-EF53E50E9CDE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{56B14FC2-82E9-45FF-97A2-4AB9A7CE3DBE}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{83D4D3B7-E565-4993-9E21-EC882C259015}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EC34E7C4-444E-4FC0-B968-FAE6ECFBEF86}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys [30/01/2009 10:38 PM 51520]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys [30/01/2009 10:38 PM 38208]
R1 pctfw2;pctfw2;c:\windows\System32\drivers\pctfw2.sys [30/01/2009 10:38 PM 160808]
R2 CLHNService;CLHNService;c:\program files\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe [23/07/2008 10:45 AM 77824]
R2 NTIPPKernel;NTIPPKernel;c:\program files\CyberLink\SoftDMA\Kernel\DMP\NTIPPKernel.sys [23/07/2008 10:45 AM 122624]
S3 FWAuth;FWAuth Driver;c:\windows\System32\drivers\FWAuthDriver.sys [30/01/2009 10:37 PM 58152]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Internet Security\pctsAuxs.exe [30/01/2009 10:37 PM 356920]
S3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNetMon.sys [30/01/2009 10:38 PM 33088]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{276B1964-F156-464E-4CA7-B898932C090D}]
C:\Windows:Z_PI.EXE
.
Contents of the 'Scheduled Tasks' folder

2009-10-18 c:\windows\Tasks\User_Feed_Synchronization-{E94DFA29-8D31-482E-91E1-781862F24D2A}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\s7dorkb6.default\
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - component: c:\users\Jenny\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM1.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM2.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM3.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM4.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM5.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-18 23:30
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Jenny\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
"ImagePath"="\"c:\program files\CyberLink\Shared Files\RichVideo.exe\"\00\00\00\00\00lú\12\00
[\13`w\00\00\00\00\00\00\00\00Z\00\\00\ó\12\00€ơ\12\00Ø+_\05S\00-\001\00-\005\00-\002\001\00-\001"

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-567813713-2864583929-3900996650-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{16B2D189-8F7B-F72F-47F0-89930C6014AD}*]
"nalhedpfeehamihcijmekbfodlpk"=hex:6a,61,67,62,65,69,62,62,6e,62,61,68,6a,66,
62,62,70,70,6e,65,00,00
"oafiknnlnjciiiaaamcaeafdeahaad"=hex:69,61,63,62,6b,6f,6f,62,6c,61,64,6d,68,66,
69,64,64,70,00,00

[HKEY_USERS\S-1-5-21-567813713-2864583929-3900996650-1003_Classes\CLSID\{469f79f0-f5f2-4c0d-af66-f409e5e97c22}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ff
"Therad"=dword:0000000a
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,48,8c,7f,fa,6b,27,46,05,dc,e8,2e,a7,83,a5,f6,c0,c5,6f,27,24,2e,2e,\

[HKEY_USERS\S-1-5-21-567813713-2864583929-3900996650-1003_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bc,0a,cd,75,ca,98,d4,56,cf,31,d9,25,d4,e9,14,e1,3d,75,49,7f,34,
00,20,be,c9,e0,85,18,ea,7c,70,4c,ac,ff,48,7f,19,15,6c,40,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-18 23:32
ComboFix-quarantined-files.txt 2009-10-18 12:32

Pre-Run: 82,758,733,824 bytes free
Post-Run: 82,691,952,640 bytes free

311 --- E O F --- 2009-08-22 23:05

Thanks so much! :)
  • 0

#9
applestarz

applestarz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hey hammerman. Thanks a lot for your continued assistance. Much appreciated. :)

I think the virus is gone. My searches aren't redirected anymore. But I'm not too sure. How can I make sure it's 100% gone?
  • 0

#10
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

We'll run some more scans to ensure you're clean. I'll check these logs first and get back to you.
  • 0

Advertisements


#11
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

I can't see any evidence of an antivirus program running on your system. Do you have the antivirus protection on PC Tools Internet Security enabled?

-- Step 2 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    
    :Services
    
    :Reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{276B1964-F156-464E-4CA7-B898932C090D}]
    
    :Files
    @C:\Windows:Z_PI.EXE
    c:\windows\system32\AzSqlExt32.dll
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.
-- Step 3 --

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

-- Step 4 --

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.
  • 0

#12
applestarz

applestarz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi. Somehow I am still infected. I'm a bit confused because I did follow all the steps you provided me with.

Here is the OTL Log:

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{276B1964-F156-464E-4CA7-B898932C090D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{276B1964-F156-464E-4CA7-B898932C090D}\ not found.
========== FILES ==========
Unable to delete ADS C:\Windows:Z_PI.EXE .
DllUnregisterServer procedure not found in c:\windows\system32\AzSqlExt32.dll
c:\windows\system32\AzSqlExt32.dll NOT unregistered.
c:\windows\system32\AzSqlExt32.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jenny
File delete failed. C:\Users\Jenny\AppData\Local\Temp\wz77cc\s2s.exe scheduled to be deleted on reboot.
->Temp folder emptied: 916145 bytes
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KATPCQ40\en[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KATPCQ40\openhand_8_8[1].bmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 545625 bytes
->Java cache emptied: 0 bytes
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 33146619 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 33.01 mb


OTL by OldTimer - Version 3.0.21.0 log created on 10192009_123750

Files\Folders moved on Reboot...
C:\Users\Jenny\AppData\Local\Temp\wz77cc\s2s.exe moved successfully.
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KATPCQ40\en[2].htm moved successfully.
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KATPCQ40\openhand_8_8[1].bmp moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\urlclassifier3.sqlite moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

MBAM Log

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6001 Service Pack 1

19/10/2009 2:54:14 PM
mbam-log-2009-10-19 (14-54-14).txt

Scan type: Full Scan (C:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 303059
Time elapsed: 1 hour(s), 18 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\_OTL\MovedFiles\10182009_225555\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.

OTL Log

OTL logfile created on: 19/10/2009 4:17:30 PM - Run 2
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\Jenny\Documents
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 87.60% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.28 Gb Total Space | 76.90 Gb Free Space | 55.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNY-PC
Current User Name: Jenny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe ()
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
PRC - C:\Program Files\LiveZilla\LiveZilla.exe (SPAUN Power GmbH)
PRC - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\MMaestro\Kmaestro.exe (Kmaestro)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Users\Jenny\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppHostSvc [Auto | Running]) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CLHNService [Auto | Running]) -- C:\Program Files\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (sdAuxService [On_Demand | Stopped]) -- C:\Program Files\PC Tools Internet Security\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [On_Demand | Stopped]) -- C:\Program Files\PC Tools Internet Security\pctsSvc.exe (PC Tools)
SRV - (SQLBrowser [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [On_Demand | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (ThreatFire [On_Demand | Stopped]) -- C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe (PC Tools)
SRV - (W3SVC [Auto | Running]) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (WAS [On_Demand | Running]) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 99 F0 33 00 4A D7 93 46 91 8B 6B 01 AF 69 4D C5 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {8B72860F-C5F8-4286-865E-D2C2DB98A9E6}:0.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: [email protected]:5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.3
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.5.0
FF - prefs.js..extensions.enabledItems: {e36db930-f18d-4449-b45f-e286cfb9e03a}:3.1.09060400
FF - prefs.js..extensions.enabledItems: {b16728a5-d2ee-4011-ac93-9d4a6af0fd6e}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/07/23 10:41:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/17 14:39:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/18 11:16:36 | 00,000,000 | ---D | M]

[2009/06/02 17:08:24 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions
[2009/01/30 22:24:55 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/02 17:08:24 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/10/19 14:26:45 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions
[2009/07/10 19:50:27 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/08/05 17:33:18 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2009/08/04 22:39:12 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/08/13 17:48:30 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}
[2009/10/17 13:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{b16728a5-d2ee-4011-ac93-9d4a6af0fd6e}
[2009/08/13 17:48:31 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{bbc21d30-1cff-11da-8cd6-0800200c9a66}
[2009/07/24 11:41:30 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/13 17:48:42 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2009/08/04 22:39:12 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/03/04 22:11:10 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{f16d5b82-3b2a-4446-b278-a6a75bfcfe00}
[2009/08/12 16:59:37 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\[email protected]
[2009/08/13 17:48:31 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\[email protected]
[2009/09/19 16:09:27 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\[email protected]
[2009/02/01 17:26:14 | 00,000,417 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\FireFox\Profiles\s7dorkb6.default\searchplugins\kim-doan.xml
[2009/06/13 10:24:30 | 00,000,585 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\FireFox\Profiles\s7dorkb6.default\searchplugins\scour---search-socially.xml
[2009/08/13 17:47:30 | 00,000,705 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\FireFox\Profiles\s7dorkb6.default\searchplugins\webster.xml
[2009/10/16 01:39:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/17 14:39:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/01 17:45:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/02 17:06:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/07/03 16:47:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/25 07:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/25 07:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/14 08:55:22 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/01/16 19:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/02/12 06:16:16 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/05/21 12:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/14 08:54:50 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/27 13:18:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/25 07:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/27 14:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/10/17 13:33:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/17 13:33:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/17 13:33:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/05/30 12:57:06 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2009/05/14 08:55:22 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/25 05:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/25 05:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/25 05:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/25 05:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/25 05:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/25 05:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/25 05:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (789 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1.activate.adobe.com
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BtcMouseMaestro] C:\Program Files\MMaestro\KMaestro.exe (Kmaestro)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LiveZilla] C:\Program Files\LiveZilla\LiveZilla.exe (SPAUN Power GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/18 22:49:05 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/12 11:38:55 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/13 04:20:10 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2009/10/17 18:40:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/18 02:14:52 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2009/10/06 12:47:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2009/10/17 18:41:02 | 00,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Malwarebytes
[2009/10/06 16:26:45 | 00,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Ubisoft
[2009/10/13 05:06:32 | 00,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\Canon Easy-PhotoPrint EX
[2009/10/18 23:32:29 | 00,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\temp
[1 C:\Users\Jenny\Documents\*.tmp files]
[2009/10/18 21:05:22 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced Site Submitter
[2009/10/19 12:29:42 | 00,000,000 | ---D | C] -- C:\Program Files\Article Page Machine
[2009/10/18 20:18:13 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/12 11:38:59 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/12 11:38:59 | 00,000,000 | ---D | C] -- C:\Program Files\iPod(11)
[2009/10/12 11:38:54 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/12 11:38:54 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes(12)
[2009/10/17 18:40:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/09 14:47:11 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/10/18 02:14:52 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2009/10/05 18:33:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/10/12 11:21:31 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/10/17 21:19:33 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/18 23:32:29 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/10/18 23:19:16 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/18 22:55:55 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/18 22:49:05 | 00,000,000 | R--D | C] -- C:\autorun.inf
[2009/10/18 21:18:12 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\sitemapmaker
[2009/10/18 20:01:43 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Documents\OTL.exe
[2009/10/18 20:01:23 | 00,472,064 | ---- | C] ( ) -- C:\Users\Jenny\Documents\RootRepeal.exe
[2009/10/18 19:59:24 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Jenny\Documents\erunt_setup.exe
[2009/10/18 19:58:27 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Jenny\Documents\SysRestorePoint.exe
[2009/10/18 19:57:56 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Documents\TFC.exe
[2009/10/18 12:05:42 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\2009_10_18
[2009/10/17 22:52:16 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\ClubLive Bot
[2009/10/17 21:11:16 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jenny\Documents\HJTInstall.exe
[2009/10/17 19:48:44 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/10/17 18:40:58 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/10/17 18:40:56 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/10/17 15:40:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/10/17 15:40:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/10/17 15:40:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/10/17 15:40:50 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/10/17 15:40:30 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/17 15:40:03 | 00,634,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jenny\Documents\mbam-setup.exe
[2009/10/17 15:39:44 | 00,000,000 | ---D | C] -- C:\Qoobox

========== Files - Modified Within 14 Days ==========

[1 C:\Users\Jenny\Documents\*.tmp files]
[2009/10/19 14:55:18 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/19 14:55:18 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/19 14:55:11 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/19 14:55:05 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/19 14:55:03 | 32,089,90720 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/19 14:54:31 | 03,429,500 | -H-- | M] () -- C:\Users\Jenny\AppData\Local\IconCache.db
[2009/10/19 12:32:44 | 01,173,077 | ---- | M] () -- C:\Users\Jenny\Documents\scripts_2_sell123.zip
[2009/10/19 12:32:21 | 00,697,981 | ---- | M] () -- C:\Users\Jenny\Documents\ebaymoney-p.exe
[2009/10/19 12:28:45 | 00,779,661 | ---- | M] () -- C:\Users\Jenny\Documents\apm.zip
[2009/10/19 12:27:40 | 00,007,324 | ---- | M] () -- C:\Users\Jenny\Documents\articlesyndicate-p.zip
[2009/10/18 23:30:28 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/10/18 23:18:46 | 03,367,094 | R--- | M] () -- C:\Users\Jenny\Desktop\ComboFix.exe
[2009/10/18 22:50:09 | 00,841,216 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/18 22:50:09 | 00,708,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/18 22:50:09 | 00,143,628 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/18 22:46:58 | 00,132,597 | ---- | M] () -- C:\Users\Jenny\Documents\Flash_Disinfector.exe
[2009/10/18 21:19:17 | 00,684,806 | ---- | M] () -- C:\Users\Jenny\Documents\16dassys.exe
[2009/10/18 21:05:22 | 00,000,877 | ---- | M] () -- C:\Users\Jenny\Desktop\Advanced Site Submitter.lnk
[2009/10/18 21:03:39 | 01,036,811 | ---- | M] () -- C:\Users\Jenny\Documents\AdvancedSiteSubmitter.zip
[2009/10/18 21:01:38 | 01,261,404 | ---- | M] () -- C:\Users\Jenny\Documents\sitemapmaker.zip
[2009/10/18 20:58:24 | 00,177,362 | ---- | M] () -- C:\Users\Jenny\Documents\truth.zip
[2009/10/18 20:26:03 | 00,000,000 | ---- | M] () -- C:\Users\Jenny\Documents\settings.dat
[2009/10/18 20:18:14 | 00,000,738 | ---- | M] () -- C:\Users\Jenny\Desktop\NTREGOPT.lnk
[2009/10/18 20:18:14 | 00,000,719 | ---- | M] () -- C:\Users\Jenny\Desktop\ERUNT.lnk
[2009/10/18 20:07:36 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Documents\OTL.exe
[2009/10/18 20:04:08 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Jenny\Documents\erunt_setup.exe
[2009/10/18 20:03:33 | 00,472,064 | ---- | M] ( ) -- C:\Users\Jenny\Documents\RootRepeal.exe
[2009/10/18 20:01:35 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E94DFA29-8D31-482E-91E1-781862F24D2A}.job
[2009/10/18 19:59:50 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Jenny\Documents\SysRestorePoint.exe
[2009/10/18 19:59:05 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Documents\TFC.exe
[2009/10/18 15:51:28 | 00,022,016 | ---- | M] () -- C:\Users\Jenny\Documents\Copy of Tu Le Order 15-10-09.xls
[2009/10/18 12:27:45 | 00,459,659 | ---- | M] () -- C:\Users\Jenny\Documents\Loc Anh Huynh.pdf
[2009/10/18 02:14:52 | 00,000,815 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan.lnk
[2009/10/18 02:14:52 | 00,000,813 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/17 22:49:01 | 00,422,906 | ---- | M] () -- C:\Users\Jenny\Documents\ClubLive Bot.rar
[2009/10/17 21:19:33 | 00,001,879 | ---- | M] () -- C:\Users\Jenny\Desktop\HijackThis.lnk
[2009/10/17 21:19:06 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jenny\Documents\HJTInstall.exe
[2009/10/17 18:41:00 | 00,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2009/10/17 15:58:22 | 00,634,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jenny\Documents\mbam-setup.exe
[2009/10/17 14:40:00 | 00,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/17 14:34:44 | 00,180,192 | ---- | M] () -- C:\Users\Jenny\Documents\Nitrogen Cycle.docx
[2009/10/17 14:14:10 | 00,027,136 | ---- | M] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/17 13:32:59 | 00,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/10/17 13:31:54 | 00,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/10/15 23:57:13 | 00,000,104 | ---- | M] () -- C:\Users\Jenny\Desktop\Outlook.lnk
[2009/10/15 10:03:05 | 00,339,968 | ---- | M] () -- C:\Users\Jenny\Documents\update_for_media_player_(KB972036).exe
[2009/10/15 07:05:50 | 00,011,252 | ---- | M] () -- C:\Users\Jenny\Documents\To Do List.docx
[2009/10/15 02:37:43 | 06,818,297 | ---- | M] () -- C:\Users\Jenny\Documents\prestashop_1.2.4.0.zip
[2009/10/15 02:21:29 | 00,053,253 | ---- | M] () -- C:\Users\Jenny\Documents\PS_MinimumQTY_ps1.1.zip
[2009/10/15 01:46:42 | 00,305,910 | ---- | M] () -- C:\Users\Jenny\Documents\1255574692-125e4209.sql.gz
[2009/10/15 00:57:20 | 00,009,986 | ---- | M] () -- C:\Users\Jenny\Documents\nice quotes.docx
[2009/10/14 03:13:13 | 00,012,795 | ---- | M] () -- C:\Users\Jenny\Documents\girraween appeal.docx
[2009/10/12 11:33:31 | 00,053,760 | ---- | M] () -- C:\Users\Jenny\Documents\YG.doc
[2009/10/12 11:33:14 | 00,055,296 | ---- | M] () -- C:\Users\Jenny\Documents\audition_us_2005_yg.doc
[2009/10/12 11:22:47 | 00,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\Windows\PEV.exe
[2009/10/09 19:37:31 | 00,010,493 | ---- | M] () -- C:\Users\Jenny\Documents\4 hour email promotion 09-10-09.docx
[2009/10/09 17:44:44 | 00,093,479 | ---- | M] () -- C:\Windows\Email Marketing Pro Uninstaller.exe
[2009/10/09 17:44:44 | 00,000,855 | ---- | M] () -- C:\Users\Jenny\Desktop\Email Marketing Pro.lnk
[2009/10/08 11:05:03 | 00,007,691 | -HS- | M] () -- C:\Users\Jenny\Documents\Folder.jpg
[2009/10/08 11:05:03 | 00,007,691 | -HS- | M] () -- C:\Users\Jenny\Documents\AlbumArt_{7135D1C5-8BC0-4B7E-86B4-5904E6B98C52}_Large.jpg
[2009/10/08 11:05:03 | 00,001,756 | -HS- | M] () -- C:\Users\Jenny\Documents\AlbumArtSmall.jpg
[2009/10/08 11:05:03 | 00,001,756 | -HS- | M] () -- C:\Users\Jenny\Documents\AlbumArt_{7135D1C5-8BC0-4B7E-86B4-5904E6B98C52}_Small.jpg
[2009/10/05 18:12:33 | 00,001,673 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk

========== Files - No Company Name ==========
[2009/10/19 12:27:24 | 00,007,324 | ---- | C] () -- C:\Users\Jenny\Documents\articlesyndicate-p.zip
[2009/10/19 12:27:07 | 01,173,077 | ---- | C] () -- C:\Users\Jenny\Documents\scripts_2_sell123.zip
[2009/10/19 12:26:56 | 00,697,981 | ---- | C] () -- C:\Users\Jenny\Documents\ebaymoney-p.exe
[2009/10/19 12:26:02 | 00,779,661 | ---- | C] () -- C:\Users\Jenny\Documents\apm.zip
[2009/10/18 23:07:07 | 03,367,094 | R--- | C] () -- C:\Users\Jenny\Desktop\ComboFix.exe
[2009/10/18 22:46:34 | 00,132,597 | ---- | C] () -- C:\Users\Jenny\Documents\Flash_Disinfector.exe
[2009/10/18 21:15:58 | 00,684,806 | ---- | C] () -- C:\Users\Jenny\Documents\16dassys.exe
[2009/10/18 21:05:22 | 00,000,877 | ---- | C] () -- C:\Users\Jenny\Desktop\Advanced Site Submitter.lnk
[2009/10/18 20:54:32 | 01,036,811 | ---- | C] () -- C:\Users\Jenny\Documents\AdvancedSiteSubmitter.zip
[2009/10/18 20:54:26 | 01,261,404 | ---- | C] () -- C:\Users\Jenny\Documents\sitemapmaker.zip
[2009/10/18 20:52:05 | 00,177,362 | ---- | C] () -- C:\Users\Jenny\Documents\truth.zip
[2009/10/18 20:26:03 | 00,000,000 | ---- | C] () -- C:\Users\Jenny\Documents\settings.dat
[2009/10/18 20:18:14 | 00,000,738 | ---- | C] () -- C:\Users\Jenny\Desktop\NTREGOPT.lnk
[2009/10/18 20:18:14 | 00,000,719 | ---- | C] () -- C:\Users\Jenny\Desktop\ERUNT.lnk
[2009/10/18 15:22:16 | 00,022,016 | ---- | C] () -- C:\Users\Jenny\Documents\Copy of Tu Le Order 15-10-09.xls
[2009/10/18 12:25:31 | 00,459,659 | ---- | C] () -- C:\Users\Jenny\Documents\Loc Anh Huynh.pdf
[2009/10/18 02:14:52 | 00,000,815 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan.lnk
[2009/10/18 02:14:52 | 00,000,813 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/17 22:45:50 | 00,422,906 | ---- | C] () -- C:\Users\Jenny\Documents\ClubLive Bot.rar
[2009/10/17 21:19:33 | 00,001,879 | ---- | C] () -- C:\Users\Jenny\Desktop\HijackThis.lnk
[2009/10/17 18:41:00 | 00,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2009/10/17 15:40:50 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/17 15:40:50 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/17 15:40:50 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/17 15:40:50 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/17 14:34:44 | 00,180,192 | ---- | C] () -- C:\Users\Jenny\Documents\Nitrogen Cycle.docx
[2009/10/16 01:39:13 | 00,001,729 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/15 23:57:13 | 00,000,104 | ---- | C] () -- C:\Users\Jenny\Desktop\Outlook.lnk
[2009/10/15 09:51:21 | 00,339,968 | ---- | C] () -- C:\Users\Jenny\Documents\update_for_media_player_(KB972036).exe
[2009/10/15 02:21:01 | 00,053,253 | ---- | C] () -- C:\Users\Jenny\Documents\PS_MinimumQTY_ps1.1.zip
[2009/10/15 02:05:16 | 06,818,297 | ---- | C] () -- C:\Users\Jenny\Documents\prestashop_1.2.4.0.zip
[2009/10/15 01:44:51 | 00,305,910 | ---- | C] () -- C:\Users\Jenny\Documents\1255574692-125e4209.sql.gz
[2009/10/15 00:57:19 | 00,009,986 | ---- | C] () -- C:\Users\Jenny\Documents\nice quotes.docx
[2009/10/13 06:34:21 | 00,011,252 | ---- | C] () -- C:\Users\Jenny\Documents\To Do List.docx
[2009/10/12 11:40:46 | 00,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/10/12 11:35:16 | 00,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/10/12 11:33:30 | 00,053,760 | ---- | C] () -- C:\Users\Jenny\Documents\YG.doc
[2009/10/12 11:33:11 | 00,055,296 | ---- | C] () -- C:\Users\Jenny\Documents\audition_us_2005_yg.doc
[2009/10/12 11:22:47 | 00,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2009/10/09 19:37:27 | 00,010,493 | ---- | C] () -- C:\Users\Jenny\Documents\4 hour email promotion 09-10-09.docx
[2009/10/09 17:44:44 | 00,093,479 | ---- | C] () -- C:\Windows\Email Marketing Pro Uninstaller.exe
[2009/10/09 17:44:44 | 00,000,855 | ---- | C] () -- C:\Users\Jenny\Desktop\Email Marketing Pro.lnk
[2009/10/08 11:05:03 | 00,007,691 | -HS- | C] () -- C:\Users\Jenny\Documents\AlbumArt_{7135D1C5-8BC0-4B7E-86B4-5904E6B98C52}_Large.jpg
[2009/10/08 11:05:03 | 00,001,756 | -HS- | C] () -- C:\Users\Jenny\Documents\AlbumArt_{7135D1C5-8BC0-4B7E-86B4-5904E6B98C52}_Small.jpg
[2009/10/08 11:00:42 | 00,007,691 | -HS- | C] () -- C:\Users\Jenny\Documents\Folder.jpg
[2009/10/08 11:00:42 | 00,001,756 | -HS- | C] () -- C:\Users\Jenny\Documents\AlbumArtSmall.jpg
[2009/10/05 18:12:33 | 00,001,673 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/09/18 19:50:55 | 00,000,680 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat
[2009/07/30 09:39:35 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/07/30 09:26:18 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/07/14 01:51:38 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/02 14:12:32 | 00,000,600 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\winscp.rnd
[2009/07/01 19:54:30 | 00,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2009/05/23 14:53:24 | 00,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2009/04/07 19:55:22 | 00,099,864 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2009/04/06 23:21:11 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/25 11:24:39 | 00,027,136 | ---- | C] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/05 19:36:04 | 00,000,213 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/02/05 19:36:04 | 00,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/02/05 19:22:54 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/02/05 19:22:53 | 00,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/01/30 22:06:32 | 00,024,206 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\UserTile.png
[2009/01/30 22:00:57 | 03,429,500 | -H-- | C] () -- C:\Users\Jenny\AppData\Local\IconCache.db
[2009/01/30 21:12:38 | 00,101,528 | ---- | C] () -- C:\Users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/12/27 18:27:18 | 00,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/12/27 18:27:18 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/12/27 18:27:18 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1277.dll
[2006/11/02 23:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 23:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 21:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 21:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 18:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/09/02 02:49:17 | 03,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== LOP Check ==========

[2009/10/18 23:29:45 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming
[2009/09/21 23:04:35 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\.purple
[2009/09/07 19:05:59 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ahead
[2009/04/08 16:47:31 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\BitZipper
[2009/02/08 22:51:48 | 00,000,000 | R--D | M] -- C:\Users\Jenny\AppData\Roaming\Brother
[2009/10/13 05:08:05 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Canon
[2009/10/19 14:55:20 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DMCache
[2009/10/15 02:00:57 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\FileZilla
[2009/09/01 23:56:42 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\gtk-2.0
[2009/10/19 14:55:34 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\IDM
[2009/07/06 00:50:08 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\iSerial Reader
[2009/10/19 15:15:36 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\LimeWire
[2006/11/02 23:37:34 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Media Center Programs
[2009/06/07 23:47:07 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Opera
[2009/01/30 22:46:16 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PCToolsFirewallPlus
[2009/01/30 22:46:07 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PCToolsSpamMonitorPlus
[2009/08/27 16:58:06 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PlayFirst
[2009/08/05 21:03:53 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Samsung
[2009/06/02 18:16:06 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SmartFTP
[2009/10/13 05:27:42 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ubisoft
[2009/08/27 17:56:07 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\UClick
[2009/08/23 01:08:15 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\uTorrent
[2009/10/19 14:55:11 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/10/19 14:54:34 | 00,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/10/18 20:01:35 | 00,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E94DFA29-8D31-482E-91E1-781862F24D2A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:2785F3BB
< End of report >

Thanks!
  • 0

#13
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Are you still getting redirected? Could you answer my question about your antivirus program. It's important you have an antivirus program running.

Please follow these steps.

-- Step 1 --
  • Open HijackThis
  • Click on the tab "Misc Tools"
  • Click on "Open ADS Spy.."
  • Click on "Scan"
  • Click on "Save Log..."
  • Copy and paste the List from the notepad into your next post
-- Step 2 --

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

  • 0

#14
applestarz

applestarz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi, yes I have now enabled my antivirus software which is PC Tools Internet Security and just ran a Quick scan removing 178 infections. I tried to scan in the ADS Spy but it said scan complete even though it didn't scan and there was no log available.

I also have the history for PC Tools Internet Security from the scan. It doesn't have a log. I tried pasting it in this post but there was an error because it's too long.

Thanks!
  • 0

#15
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Can you try attaching the PC Tools results if they are too long to paste.

Are you still getting redirected?

Edited by hammerman, 20 October 2009 - 01:07 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP