Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Lenovo G550 cannot run some programmes

Started by jarotex , Aug 09 2011 12:55 PM

  • Please log in to reply

#1
jarotex
Posted 09 August 2011 - 12:55 PM

jarotex

    New Member

  • Member
  • Pip
  • 1 posts
On startup, it says that a certain .exe file is missing. It cannot also run some programs, like i cannot view images. I received the following report from OTL,


OTL logfile created on: 2011/08/10 3:21:10 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\daniel\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

2.96 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 44.06% Memory free
5.92 Gb Paging File | 4.14 Gb Available in Paging File | 69.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 187.67 Gb Total Space | 2.94 Gb Free Space | 1.56% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 26.13 Gb Free Space | 86.38% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC | User Name: daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/10 03:19:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\daniel\Downloads\OTL.exe
PRC - [2011/06/26 23:35:08 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/06/02 14:55:31 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/26 14:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/12/13 18:49:40 | 000,303,104 | -HS- | M] () -- C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
PRC - [2010/12/13 18:49:40 | 000,303,104 | -HS- | M] () -- C:\Program Files\Windows Alerter\WinAlert.exe
PRC - [2010/12/13 18:49:40 | 000,303,104 | -HS- | M] () -- C:\Program Files\Windows Common Files\Commgr.exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/02/11 12:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/12/15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/11/11 11:14:06 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/11 10:19:48 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/21 16:19:14 | 000,184,320 | ---- | M] () -- C:\Users\daniel\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe
PRC - [2009/09/25 18:48:14 | 003,122,440 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\VeriFace\PManage.exe
PRC - [2009/07/15 23:29:54 | 004,081,480 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009/07/14 10:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 10:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/06/25 18:46:08 | 005,064,520 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2011/08/10 03:19:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\daniel\Downloads\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/21 14:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/10 00:32:14 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/03 15:41:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/11 12:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/01/25 09:03:04 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/11/11 11:14:06 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/11 10:19:48 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/28 23:41:06 | 000,472,328 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009/07/28 23:41:04 | 000,414,984 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009/07/14 23:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 10:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 10:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/14 10:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/11/11 11:14:44 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/11 11:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/11 11:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 11:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/11 11:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/25 18:47:32 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009/07/30 18:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/29 06:09:38 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009/07/22 06:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/16 21:37:14 | 000,011,792 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009/07/14 08:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 07:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/14 07:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2009/06/26 07:12:18 | 001,168,880 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/06/15 11:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/05/19 22:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009/04/09 23:23:02 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/11/19 17:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/19 17:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/19 17:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/08/06 21:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/07/24 12:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/03/14 22:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...026822b93159315
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\daniel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\daniel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\daniel\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\daniel\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/26 14:09:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]:

[2010/05/03 04:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daniel\AppData\Roaming\mozilla\Extensions
[2010/05/03 04:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daniel\AppData\Roaming\mozilla\Extensions\[email protected]

O1 HOSTS File: ([2009/06/11 06:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.30.0\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.30.0\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BL)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKCU..\Run: [ReadyComm5] File not found
O4 - HKCU..\Run: [SJelite3Launch] C:\Users\daniel\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe ()
O4 - HKCU..\Run: [WindowMessenger] C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe ()
O4 - HKCU..\Run: [Windows Alerter] C:\Program Files\Windows Alerter\WinAlert.exe ()
O4 - HKCU..\Run: [Windows Common Files Manager] C:\Program Files\Windows Common Files\Commgr.exe ()
O4 - HKCU..\RunOnce: [SPReview] C:\windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 06:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0a840fc4-a2eb-11e0-b1d9-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{0a840fc4-a2eb-11e0-b1d9-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0a840fc8-a2eb-11e0-b1d9-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{0a840fc8-a2eb-11e0-b1d9-002622c8b180}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{160cd148-b10e-11e0-9ae0-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{160cd148-b10e-11e0-9ae0-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{160cd14a-b10e-11e0-9ae0-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{160cd14a-b10e-11e0-9ae0-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{160cd14c-b10e-11e0-9ae0-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{160cd14c-b10e-11e0-9ae0-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1b14dfd8-6fc7-11df-9b5f-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{1b14dfd8-6fc7-11df-9b5f-002622c8b180}\Shell\AutoRun\command - "" = G:\MobileLaunch.exe
O33 - MountPoints2\{23f803e6-9148-11e0-b966-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{23f803e6-9148-11e0-b966-002622c8b180}\Shell\AutoRun\command - "" = H:\LGAutoRun.exe
O33 - MountPoints2\{2ea375f4-b160-11e0-b187-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea375f4-b160-11e0-b187-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2ea375f6-b160-11e0-b187-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea375f6-b160-11e0-b187-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4678fd18-7a74-11e0-bded-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{4678fd18-7a74-11e0-bded-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4678fd1f-7a74-11e0-bded-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{4678fd1f-7a74-11e0-bded-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4678fd55-7a74-11e0-bded-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{4678fd55-7a74-11e0-bded-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4678fd57-7a74-11e0-bded-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{4678fd57-7a74-11e0-bded-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a310cf58-a2e1-11e0-bc33-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a310cf58-a2e1-11e0-bc33-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bf58113c-9f2c-11e0-b9f9-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{bf58113c-9f2c-11e0-b9f9-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bf581142-9f2c-11e0-b9f9-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{bf581142-9f2c-11e0-b9f9-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e32ba619-a2e2-11e0-b595-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{e32ba619-a2e2-11e0-b595-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f295641a-522f-11e0-ab37-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{f295641a-522f-11e0-ab37-002622c8b180}\Shell\AutoRun\command - "" = G:\Setup.exe /Auto
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/10 02:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdlSoft Uncompressor
[2011/08/10 02:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\ADLSoft UnCompressor
[2011/08/10 02:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011/08/10 02:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BabylonUpdater
[2011/08/10 02:57:25 | 000,000,000 | ---D | C] -- C:\Users\daniel\AppData\Local\Babylon
[2011/08/10 02:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/08/10 02:57:20 | 000,000,000 | ---D | C] -- C:\Users\daniel\AppData\Roaming\Babylon
[2011/08/10 02:45:42 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2011/08/10 02:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
[2011/08/10 02:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\FastStone Image Viewer
[2011/08/10 02:40:13 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2011/08/06 22:16:03 | 000,000,000 | ---D | C] -- C:\Users\daniel\Desktop\pictures
[2011/08/02 03:59:40 | 000,000,000 | ---D | C] -- C:\Users\daniel\Desktop\sweet
[2011/07/25 06:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2011/07/25 05:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Cutter
[2011/07/25 05:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Cutter
[2011/07/25 04:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/07/24 21:00:18 | 000,000,000 | ---D | C] -- C:\Users\daniel\Desktop\chill
[2011/07/24 06:07:00 | 000,000,000 | ---D | C] -- C:\Users\daniel\Desktop\2012
[2011/07/24 03:59:05 | 000,000,000 | ---D | C] -- C:\Users\daniel\Desktop\muziki kali
[2011/07/20 15:29:25 | 000,000,000 | ---D | C] -- C:\Users\daniel\Desktop\sort file
[2011/07/20 02:26:39 | 000,000,000 | ---D | C] -- C:\Users\daniel\AppData\Local\Power2Go
[2011/07/19 05:00:45 | 000,000,000 | ---D | C] -- C:\Users\daniel\Documents\Youcam
[2011/07/19 04:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGツールバー
[2011/07/19 04:57:15 | 000,016,384 | ---- | C] (CST) -- C:\windows\System32\lgfwunis.exe
[2011/07/19 04:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\lg_fwupdate
[2011/07/19 04:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Power Tools
[2011/07/19 04:49:32 | 000,000,000 | ---D | C] -- C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LG Power Tools
[2011/07/19 04:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[10 C:\Users\daniel\Documents\*.tmp files -> C:\Users\daniel\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/10 03:14:02 | 000,000,270 | ---- | M] () -- C:\windows\tasks\Windows Live Toolbar の更新プログラムを確認します.job
[2011/08/10 02:57:28 | 000,002,456 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
[2011/08/10 02:54:25 | 011,585,998 | ---- | M] () -- C:\Users\daniel\Desktop\Lenovo G450-G550 User Guide V2.0_print.pdf
[2011/08/10 02:53:04 | 000,000,704 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3775076079-2517284209-846728986-1001UA.job
[2011/08/10 02:44:32 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
[2011/08/10 02:41:44 | 000,647,506 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/08/10 02:41:44 | 000,407,172 | ---- | M] () -- C:\windows\System32\perfh011.dat
[2011/08/10 02:41:44 | 000,118,770 | ---- | M] () -- C:\windows\System32\perfc011.dat
[2011/08/10 02:41:44 | 000,118,636 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/08/10 02:34:15 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/10 02:34:15 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/10 02:25:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/10 02:24:59 | 2384,928,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/10 02:22:06 | 000,001,427 | ---- | M] () -- C:\windows\System32\Config.MPF
[2011/08/10 00:16:09 | 000,002,403 | ---- | M] () -- C:\Users\daniel\Desktop\Google Chrome.lnk
[2011/08/09 23:53:00 | 000,000,652 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3775076079-2517284209-846728986-1001Core.job
[2011/07/25 05:42:52 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\DVD Cutter.lnk
[2011/07/25 04:43:41 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/07/20 02:26:51 | 000,001,090 | ---- | M] () -- C:\Users\daniel\Desktop\LG Power Tools.lnk
[2011/07/19 04:57:23 | 000,000,266 | ---- | M] () -- C:\windows\lgfwup.ini
[2011/07/19 04:53:09 | 000,001,996 | ---- | M] () -- C:\Users\daniel\Desktop\LG Burning Tool.lnk
[2011/07/18 16:19:03 | 000,368,728 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/07/15 02:32:23 | 000,000,332 | ---- | M] () -- C:\windows\tasks\McDefragTask.job
[2011/07/11 15:21:30 | 947,636,224 | ---- | M] () -- C:\Users\daniel\Desktop\tripple hit.VOB
[10 C:\Users\daniel\Documents\*.tmp files -> C:\Users\daniel\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/10 02:57:28 | 000,002,456 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk
[2011/08/10 02:54:36 | 011,585,998 | ---- | C] () -- C:\Users\daniel\Desktop\Lenovo G450-G550 User Guide V2.0_print.pdf
[2011/08/10 02:44:32 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
[2011/07/25 05:41:28 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\DVD Cutter.lnk
[2011/07/25 04:43:41 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/07/19 04:59:01 | 000,001,090 | ---- | C] () -- C:\Users\daniel\Desktop\LG Power Tools.lnk
[2011/07/19 04:57:22 | 000,000,266 | ---- | C] () -- C:\windows\lgfwup.ini
[2011/07/19 04:53:09 | 000,001,996 | ---- | C] () -- C:\Users\daniel\Desktop\LG Burning Tool.lnk
[2011/07/14 00:05:11 | 947,636,224 | ---- | C] () -- C:\Users\daniel\Desktop\tripple hit.VOB
[2011/07/07 05:27:35 | 000,004,096 | -H-- | C] () -- C:\Users\daniel\AppData\Local\keyfile3.drm
[2011/06/26 02:45:28 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011/04/19 17:57:48 | 000,000,120 | ---- | C] () -- C:\windows\wininit.ini
[2011/04/09 03:22:58 | 000,084,480 | ---- | C] () -- C:\windows\System32\EasyHook32.dll
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2010/03/03 14:48:41 | 000,033,019 | ---- | C] () -- C:\windows\System32\CoreAAC-uninstall.exe
[2010/02/18 22:30:34 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
[2009/09/25 18:48:18 | 002,110,728 | ---- | C] () -- C:\windows\System32\Apblend.dll
[2009/09/25 18:48:18 | 001,410,312 | ---- | C] () -- C:\windows\System32\IcnOvrly.dll
[2009/09/25 18:48:18 | 001,171,456 | ---- | C] () -- C:\windows\System32\PicNotify.dll
[2009/09/25 18:48:18 | 000,660,744 | ---- | C] () -- C:\windows\System32\EncIcons.dll
[2009/09/25 18:48:18 | 000,513,288 | ---- | C] () -- C:\windows\System32\SimpleExt.dll
[2009/09/25 18:48:04 | 001,044,480 | ---- | C] () -- C:\windows\System32\3DImageRenderer.dll
[2009/09/25 18:47:32 | 000,057,344 | ---- | C] () -- C:\windows\AsfHelper.dll
[2009/09/25 18:47:32 | 000,054,800 | ---- | C] () -- C:\windows\System32\drivers\funfrm.sys
[2009/09/25 18:47:01 | 000,015,190 | ---- | C] () -- C:\windows\M3000Twn.ini
[2009/09/25 18:45:41 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2009/09/25 18:41:41 | 000,016,648 | R--- | C] () -- C:\windows\System32\LogAPI.dll
[2009/09/25 18:39:38 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/09/22 12:27:06 | 000,407,172 | ---- | C] () -- C:\windows\System32\perfh011.dat
[2009/09/22 12:27:06 | 000,141,988 | ---- | C] () -- C:\windows\System32\perfi011.dat
[2009/09/22 12:27:06 | 000,118,770 | ---- | C] () -- C:\windows\System32\perfc011.dat
[2009/09/22 12:27:06 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd011.dat
[2009/07/14 13:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 13:33:53 | 000,368,728 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 11:05:48 | 000,647,506 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 11:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 11:05:48 | 000,118,636 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 11:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 11:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 11:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 08:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 08:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 08:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/11 06:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/08/10 02:57:20 | 000,000,000 | ---D | M] -- C:\Users\daniel\AppData\Roaming\Babylon
[2011/07/01 12:53:57 | 000,000,000 | ---D | M] -- C:\Users\daniel\AppData\Roaming\Digiarty
[2010/02/18 17:37:52 | 000,000,000 | ---D | M] -- C:\Users\daniel\AppData\Roaming\EasyCapture
[2011/05/26 19:40:47 | 000,000,000 | ---D | M] -- C:\Users\daniel\AppData\Roaming\FrostWire
[2010/06/12 16:54:42 | 000,000,000 | ---D | M] -- C:\Users\daniel\AppData\Roaming\ppstream
[2010/05/18 13:54:10 | 000,000,000 | ---D | M] -- C:\Users\daniel\AppData\Roaming\ProgSense
[2011/04/19 15:02:22 | 000,000,000 | ---D | M] -- C:\Users\daniel\AppData\Roaming\Spacejock Software
[2010/06/22 15:30:21 | 000,000,000 | ---D | M] -- C:\Users\daniel\AppData\Roaming\Transcend
[2011/08/10 03:40:42 | 000,000,000 | ---D | M] -- C:\Users\daniel\AppData\Roaming\uTorrent
[2011/06/30 15:30:17 | 000,000,000 | ---D | M] -- C:\Users\daniel\AppData\Roaming\ZTEEVDO
[2011/06/30 15:30:08 | 000,000,000 | ---D | M] -- C:\Users\daniel\AppData\Roaming\ZTEMTUI
[2011/07/15 02:32:23 | 000,000,332 | ---- | M] () -- C:\windows\Tasks\McDefragTask.job
[2011/07/01 01:12:03 | 000,000,320 | ---- | M] () -- C:\windows\Tasks\McQcTask.job
[2011/06/26 21:53:29 | 000,032,572 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:553CA6CA

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 10 August 2011 - 12:48 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Uninstall
Frostwire
utorrent

Unplug any USB drives.

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - File not found
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKCU..\Run: [ReadyComm5] File not found
O4 - HKCU..\Run: [SJelite3Launch] C:\Users\daniel\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe ()
O4 - HKCU..\Run: [WindowMessenger] C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe ()
O4 - HKCU..\Run: [Windows Alerter] C:\Program Files\Windows Alerter\WinAlert.exe ()
O4 - HKCU..\Run: [Windows Common Files Manager] C:\Program Files\Windows Common Files\Commgr.exe ()
O4 - HKCU..\RunOnce: [SPReview] C:\windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O33 - MountPoints2\{0a840fc4-a2eb-11e0-b1d9-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{0a840fc4-a2eb-11e0-b1d9-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0a840fc8-a2eb-11e0-b1d9-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{0a840fc8-a2eb-11e0-b1d9-002622c8b180}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{160cd148-b10e-11e0-9ae0-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{160cd148-b10e-11e0-9ae0-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{160cd14a-b10e-11e0-9ae0-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{160cd14a-b10e-11e0-9ae0-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{160cd14c-b10e-11e0-9ae0-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{160cd14c-b10e-11e0-9ae0-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1b14dfd8-6fc7-11df-9b5f-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{1b14dfd8-6fc7-11df-9b5f-002622c8b180}\Shell\AutoRun\command - "" = G:\MobileLaunch.exe
O33 - MountPoints2\{23f803e6-9148-11e0-b966-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{23f803e6-9148-11e0-b966-002622c8b180}\Shell\AutoRun\command - "" = H:\LGAutoRun.exe
O33 - MountPoints2\{2ea375f4-b160-11e0-b187-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea375f4-b160-11e0-b187-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2ea375f6-b160-11e0-b187-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea375f6-b160-11e0-b187-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4678fd18-7a74-11e0-bded-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{4678fd18-7a74-11e0-bded-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4678fd1f-7a74-11e0-bded-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{4678fd1f-7a74-11e0-bded-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4678fd55-7a74-11e0-bded-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{4678fd55-7a74-11e0-bded-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4678fd57-7a74-11e0-bded-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{4678fd57-7a74-11e0-bded-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a310cf58-a2e1-11e0-bc33-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a310cf58-a2e1-11e0-bc33-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bf58113c-9f2c-11e0-b9f9-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{bf58113c-9f2c-11e0-b9f9-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bf581142-9f2c-11e0-b9f9-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{bf581142-9f2c-11e0-b9f9-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e32ba619-a2e2-11e0-b595-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{e32ba619-a2e2-11e0-b595-002622c8b180}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f295641a-522f-11e0-ab37-002622c8b180}\Shell - "" = AutoRun
O33 - MountPoints2\{f295641a-522f-11e0-ab37-002622c8b180}\Shell\AutoRun\command - "" = G:\Setup.exe /Auto
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LGAutoRun.exe
[2011/08/10 03:14:02 | 000,000,270 | ---- | M] () -- C:\windows\tasks\Windows Live Toolbar の更新プログラムを確認します.job

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Program Files\Windows Alerter

:Commands
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Right-click Flash_Disinfector.exe and Run As Administrator to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.


Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Also want to install AutoRun Eater v2.5
http://download.cnet...4-10752777.html
It will stay resident and prevent USB drives from infecting your PC.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

You must first uninstall AVG before running Combofix then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Right click and Run As Administrator the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image


Open OTL again (Rightclick on OTL and select Run As Administrator to start) and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP