Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ping.EXE suddenly running after sudden shut down

Started by violinkit , Sep 06 2011 09:09 AM

  • Please log in to reply

#16
RKinner
Posted 07 September 2011 - 01:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Uninstall:
uTorrentBar Toolbar
FlashGet 3.3

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Programs and Features and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 21

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:


cd  \windows\logs\cbs

copy  cbs.log  cbs.old

del  cbs.log

sfc  /scannow

findstr  /c:"[SR]"  cbs.log  >  junk.txt


attach the file \windows\logs\cbs\junk.txt to your next reply.



Copy the text in the code box by highlighting and Ctrl + c 


/md5start
user32.dll
/md5stop
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will not reboot the PC when it is done this time. Save the log and copy and paste it to a reply.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Open OTL again (right click and Run As Administrator) and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.



Ron
  • 0

Advertisements

#17
violinkit
Posted 07 September 2011 - 05:28 PM

violinkit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Sorry for the delay! I've removed Flashget and Utorrent and updated my Java. Here's my Junk.txt

2011-09-07 15:55:52, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:55:52, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2011-09-07 15:55:54, Info CSI 0000000c [SR] Verify complete
2011-09-07 15:55:55, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:55:55, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2011-09-07 15:56:00, Info CSI 00000010 [SR] Verify complete
2011-09-07 15:56:01, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:56:01, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2011-09-07 15:56:05, Info CSI 00000014 [SR] Verify complete
2011-09-07 15:56:05, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:56:05, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2011-09-07 15:56:09, Info CSI 00000018 [SR] Verify complete
2011-09-07 15:56:09, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:56:09, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2011-09-07 15:56:13, Info CSI 0000001c [SR] Verify complete
2011-09-07 15:56:13, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:56:13, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2011-09-07 15:56:17, Info CSI 00000020 [SR] Verify complete
2011-09-07 15:56:18, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:56:18, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2011-09-07 15:56:22, Info CSI 00000024 [SR] Verify complete
2011-09-07 15:56:23, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:56:23, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2011-09-07 15:56:27, Info CSI 00000028 [SR] Verify complete
2011-09-07 15:56:27, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:56:27, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2011-09-07 15:56:30, Info CSI 0000002c [SR] Verify complete
2011-09-07 15:56:31, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:56:31, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2011-09-07 15:56:36, Info CSI 00000031 [SR] Verify complete
2011-09-07 15:56:36, Info CSI 00000032 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:56:36, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2011-09-07 15:56:43, Info CSI 00000035 [SR] Verify complete
2011-09-07 15:56:43, Info CSI 00000036 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:56:43, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2011-09-07 15:56:49, Info CSI 0000003b [SR] Verify complete
2011-09-07 15:56:50, Info CSI 0000003c [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:56:50, Info CSI 0000003d [SR] Beginning Verify and Repair transaction
2011-09-07 15:56:54, Info CSI 00000040 [SR] Verify complete
2011-09-07 15:56:55, Info CSI 00000041 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:56:55, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2011-09-07 15:57:00, Info CSI 00000046 [SR] Verify complete
2011-09-07 15:57:00, Info CSI 00000047 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:57:00, Info CSI 00000048 [SR] Beginning Verify and Repair transaction
2011-09-07 15:57:05, Info CSI 0000004a [SR] Verify complete
2011-09-07 15:57:06, Info CSI 0000004b [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:57:06, Info CSI 0000004c [SR] Beginning Verify and Repair transaction
2011-09-07 15:57:14, Info CSI 0000006e [SR] Verify complete
2011-09-07 15:57:15, Info CSI 0000006f [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:57:15, Info CSI 00000070 [SR] Beginning Verify and Repair transaction
2011-09-07 15:57:20, Info CSI 00000075 [SR] Verify complete
2011-09-07 15:57:21, Info CSI 00000076 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:57:21, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
2011-09-07 15:57:28, Info CSI 00000079 [SR] Verify complete
2011-09-07 15:57:28, Info CSI 0000007a [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:57:28, Info CSI 0000007b [SR] Beginning Verify and Repair transaction
2011-09-07 15:57:34, Info CSI 0000007d [SR] Verify complete
2011-09-07 15:57:34, Info CSI 0000007e [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:57:34, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2011-09-07 15:57:40, Info CSI 00000081 [SR] Verify complete
2011-09-07 15:57:41, Info CSI 00000082 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:57:41, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2011-09-07 15:57:46, Info CSI 00000085 [SR] Verify complete
2011-09-07 15:57:47, Info CSI 00000086 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:57:47, Info CSI 00000087 [SR] Beginning Verify and Repair transaction
2011-09-07 15:57:51, Info CSI 00000089 [SR] Verify complete
2011-09-07 15:57:51, Info CSI 0000008a [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:57:51, Info CSI 0000008b [SR] Beginning Verify and Repair transaction
2011-09-07 15:58:00, Info CSI 0000008d [SR] Verify complete
2011-09-07 15:58:00, Info CSI 0000008e [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:58:00, Info CSI 0000008f [SR] Beginning Verify and Repair transaction
2011-09-07 15:58:11, Info CSI 000000b2 [SR] Verify complete
2011-09-07 15:58:12, Info CSI 000000b3 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:58:12, Info CSI 000000b4 [SR] Beginning Verify and Repair transaction
2011-09-07 15:58:24, Info CSI 000000b6 [SR] Verify complete
2011-09-07 15:58:24, Info CSI 000000b7 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:58:24, Info CSI 000000b8 [SR] Beginning Verify and Repair transaction
2011-09-07 15:58:39, Info CSI 000000ba [SR] Verify complete
2011-09-07 15:58:40, Info CSI 000000bb [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:58:40, Info CSI 000000bc [SR] Beginning Verify and Repair transaction
2011-09-07 15:58:51, Info CSI 000000be [SR] Verify complete
2011-09-07 15:58:52, Info CSI 000000bf [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:58:52, Info CSI 000000c0 [SR] Beginning Verify and Repair transaction
2011-09-07 15:59:01, Info CSI 000000c4 [SR] Verify complete
2011-09-07 15:59:02, Info CSI 000000c5 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:59:02, Info CSI 000000c6 [SR] Beginning Verify and Repair transaction
2011-09-07 15:59:08, Info CSI 000000c8 [SR] Verify complete
2011-09-07 15:59:08, Info CSI 000000c9 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:59:08, Info CSI 000000ca [SR] Beginning Verify and Repair transaction
2011-09-07 15:59:13, Info CSI 000000cc [SR] Verify complete
2011-09-07 15:59:14, Info CSI 000000cd [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:59:14, Info CSI 000000ce [SR] Beginning Verify and Repair transaction
2011-09-07 15:59:18, Info CSI 000000d0 [SR] Verify complete
2011-09-07 15:59:18, Info CSI 000000d1 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:59:18, Info CSI 000000d2 [SR] Beginning Verify and Repair transaction
2011-09-07 15:59:23, Info CSI 000000d4 [SR] Verify complete
2011-09-07 15:59:24, Info CSI 000000d5 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:59:24, Info CSI 000000d6 [SR] Beginning Verify and Repair transaction
2011-09-07 15:59:35, Info CSI 000000e7 [SR] Verify complete
2011-09-07 15:59:35, Info CSI 000000e8 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:59:35, Info CSI 000000e9 [SR] Beginning Verify and Repair transaction
2011-09-07 15:59:41, Info CSI 000000ed [SR] Verify complete
2011-09-07 15:59:42, Info CSI 000000ee [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:59:42, Info CSI 000000ef [SR] Beginning Verify and Repair transaction
2011-09-07 15:59:44, Info CSI 000000f1 [SR] Verify complete
2011-09-07 15:59:44, Info CSI 000000f2 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:59:44, Info CSI 000000f3 [SR] Beginning Verify and Repair transaction
2011-09-07 15:59:50, Info CSI 000000f5 [SR] Verify complete
2011-09-07 15:59:51, Info CSI 000000f6 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:59:51, Info CSI 000000f7 [SR] Beginning Verify and Repair transaction
2011-09-07 15:59:53, Info CSI 000000f9 [SR] Verify complete
2011-09-07 15:59:54, Info CSI 000000fa [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 15:59:54, Info CSI 000000fb [SR] Beginning Verify and Repair transaction
2011-09-07 16:00:00, Info CSI 000000fd [SR] Verify complete
2011-09-07 16:00:01, Info CSI 000000fe [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:00:01, Info CSI 000000ff [SR] Beginning Verify and Repair transaction
2011-09-07 16:00:12, Info CSI 00000102 [SR] Verify complete
2011-09-07 16:00:13, Info CSI 00000103 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:00:13, Info CSI 00000104 [SR] Beginning Verify and Repair transaction
2011-09-07 16:00:19, Info CSI 00000108 [SR] Verify complete
2011-09-07 16:00:20, Info CSI 00000109 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:00:20, Info CSI 0000010a [SR] Beginning Verify and Repair transaction
2011-09-07 16:00:23, Info CSI 0000010c [SR] Verify complete
2011-09-07 16:00:24, Info CSI 0000010d [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:00:24, Info CSI 0000010e [SR] Beginning Verify and Repair transaction
2011-09-07 16:00:27, Info CSI 00000110 [SR] Verify complete
2011-09-07 16:00:28, Info CSI 00000111 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:00:28, Info CSI 00000112 [SR] Beginning Verify and Repair transaction
2011-09-07 16:00:33, Info CSI 00000114 [SR] Verify complete
2011-09-07 16:00:34, Info CSI 00000115 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:00:34, Info CSI 00000116 [SR] Beginning Verify and Repair transaction
2011-09-07 16:00:39, Info CSI 00000118 [SR] Verify complete
2011-09-07 16:00:39, Info CSI 00000119 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:00:39, Info CSI 0000011a [SR] Beginning Verify and Repair transaction
2011-09-07 16:00:45, Info CSI 0000011c [SR] Verify complete
2011-09-07 16:00:46, Info CSI 0000011d [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:00:46, Info CSI 0000011e [SR] Beginning Verify and Repair transaction
2011-09-07 16:00:53, Info CSI 00000120 [SR] Verify complete
2011-09-07 16:00:53, Info CSI 00000121 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:00:53, Info CSI 00000122 [SR] Beginning Verify and Repair transaction
2011-09-07 16:01:08, Info CSI 00000133 [SR] Verify complete
2011-09-07 16:01:08, Info CSI 00000134 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:01:08, Info CSI 00000135 [SR] Beginning Verify and Repair transaction
2011-09-07 16:01:15, Info CSI 0000013e [SR] Verify complete
2011-09-07 16:01:16, Info CSI 0000013f [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:01:16, Info CSI 00000140 [SR] Beginning Verify and Repair transaction
2011-09-07 16:01:24, Info CSI 00000142 [SR] Verify complete
2011-09-07 16:01:24, Info CSI 00000143 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:01:24, Info CSI 00000144 [SR] Beginning Verify and Repair transaction
2011-09-07 16:01:50, Info CSI 00000146 [SR] Verify complete
2011-09-07 16:01:51, Info CSI 00000147 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:01:51, Info CSI 00000148 [SR] Beginning Verify and Repair transaction
2011-09-07 16:01:59, Info CSI 0000014a [SR] Verify complete
2011-09-07 16:01:59, Info CSI 0000014b [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:01:59, Info CSI 0000014c [SR] Beginning Verify and Repair transaction
2011-09-07 16:02:09, Info CSI 0000014f [SR] Verify complete
2011-09-07 16:02:10, Info CSI 00000150 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:02:10, Info CSI 00000151 [SR] Beginning Verify and Repair transaction
2011-09-07 16:02:19, Info CSI 00000153 [SR] Verify complete
2011-09-07 16:02:20, Info CSI 00000154 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:02:20, Info CSI 00000155 [SR] Beginning Verify and Repair transaction
2011-09-07 16:02:28, Info CSI 00000158 [SR] Verify complete
2011-09-07 16:02:29, Info CSI 00000159 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:02:29, Info CSI 0000015a [SR] Beginning Verify and Repair transaction
2011-09-07 16:02:33, Info CSI 0000015c [SR] Verify complete
2011-09-07 16:02:34, Info CSI 0000015d [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:02:34, Info CSI 0000015e [SR] Beginning Verify and Repair transaction
2011-09-07 16:02:41, Info CSI 00000160 [SR] Verify complete
2011-09-07 16:02:41, Info CSI 00000161 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:02:41, Info CSI 00000162 [SR] Beginning Verify and Repair transaction
2011-09-07 16:02:45, Info CSI 00000164 [SR] Verify complete
2011-09-07 16:02:45, Info CSI 00000165 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:02:45, Info CSI 00000166 [SR] Beginning Verify and Repair transaction
2011-09-07 16:02:51, Info CSI 0000016a [SR] Verify complete
2011-09-07 16:02:52, Info CSI 0000016b [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:02:52, Info CSI 0000016c [SR] Beginning Verify and Repair transaction
2011-09-07 16:02:57, Info CSI 0000016e [SR] Verify complete
2011-09-07 16:02:57, Info CSI 0000016f [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:02:57, Info CSI 00000170 [SR] Beginning Verify and Repair transaction
2011-09-07 16:03:22, Info CSI 00000172 [SR] Verify complete
2011-09-07 16:03:22, Info CSI 00000173 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:03:22, Info CSI 00000174 [SR] Beginning Verify and Repair transaction
2011-09-07 16:03:34, Info CSI 00000177 [SR] Verify complete
2011-09-07 16:03:35, Info CSI 00000178 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:03:35, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2011-09-07 16:03:43, Info CSI 0000017b [SR] Verify complete
2011-09-07 16:03:44, Info CSI 0000017c [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:03:44, Info CSI 0000017d [SR] Beginning Verify and Repair transaction
2011-09-07 16:03:48, Info CSI 0000017f [SR] Verify complete
2011-09-07 16:03:49, Info CSI 00000180 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:03:49, Info CSI 00000181 [SR] Beginning Verify and Repair transaction
2011-09-07 16:03:56, Info CSI 00000184 [SR] Verify complete
2011-09-07 16:03:57, Info CSI 00000185 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:03:57, Info CSI 00000186 [SR] Beginning Verify and Repair transaction
2011-09-07 16:04:03, Info CSI 00000188 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slwga.dll" from store
2011-09-07 16:04:04, Info CSI 00000189 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs" from store
2011-09-07 16:04:05, Info CSI 0000018b [SR] Verify complete
2011-09-07 16:04:06, Info CSI 0000018c [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:04:06, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2011-09-07 16:04:17, Info CSI 00000190 [SR] Verify complete
2011-09-07 16:04:17, Info CSI 00000191 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:04:17, Info CSI 00000192 [SR] Beginning Verify and Repair transaction
2011-09-07 16:04:23, Info CSI 00000194 [SR] Verify complete
2011-09-07 16:04:24, Info CSI 00000195 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:04:24, Info CSI 00000196 [SR] Beginning Verify and Repair transaction
2011-09-07 16:04:29, Info CSI 00000198 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:26{13}]"systemcpl.dll" from store
2011-09-07 16:04:30, Info CSI 0000019a [SR] Verify complete
2011-09-07 16:04:30, Info CSI 0000019b [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:04:30, Info CSI 0000019c [SR] Beginning Verify and Repair transaction
2011-09-07 16:04:38, Info CSI 0000019e [SR] Verify complete
2011-09-07 16:04:39, Info CSI 0000019f [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:04:39, Info CSI 000001a0 [SR] Beginning Verify and Repair transaction
2011-09-07 16:04:44, Info CSI 000001a3 [SR] Verify complete
2011-09-07 16:04:45, Info CSI 000001a4 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:04:45, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2011-09-07 16:04:51, Info CSI 000001a7 [SR] Verify complete
2011-09-07 16:04:51, Info CSI 000001a8 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:04:51, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2011-09-07 16:04:57, Info CSI 000001ab [SR] Verify complete
2011-09-07 16:04:57, Info CSI 000001ac [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:04:57, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2011-09-07 16:05:01, Info CSI 000001af [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"user32.dll" from store
2011-09-07 16:05:02, Info CSI 000001b2 [SR] Verify complete
2011-09-07 16:05:03, Info CSI 000001b3 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:05:03, Info CSI 000001b4 [SR] Beginning Verify and Repair transaction
2011-09-07 16:05:10, Info CSI 000001b7 [SR] Verify complete
2011-09-07 16:05:10, Info CSI 000001b8 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:05:10, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2011-09-07 16:05:19, Info CSI 000001bc [SR] Verify complete
2011-09-07 16:05:20, Info CSI 000001bd [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:05:20, Info CSI 000001be [SR] Beginning Verify and Repair transaction
2011-09-07 16:05:25, Info CSI 000001c1 [SR] Verify complete
2011-09-07 16:05:26, Info CSI 000001c2 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:05:26, Info CSI 000001c3 [SR] Beginning Verify and Repair transaction
2011-09-07 16:05:33, Info CSI 000001c6 [SR] Verify complete
2011-09-07 16:05:34, Info CSI 000001c7 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:05:34, Info CSI 000001c8 [SR] Beginning Verify and Repair transaction
2011-09-07 16:05:42, Info CSI 000001ca [SR] Verify complete
2011-09-07 16:05:42, Info CSI 000001cb [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:05:42, Info CSI 000001cc [SR] Beginning Verify and Repair transaction
2011-09-07 16:05:52, Info CSI 000001cf [SR] Verify complete
2011-09-07 16:05:52, Info CSI 000001d0 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:05:52, Info CSI 000001d1 [SR] Beginning Verify and Repair transaction
2011-09-07 16:05:59, Info CSI 000001d3 [SR] Verify complete
2011-09-07 16:05:59, Info CSI 000001d4 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:05:59, Info CSI 000001d5 [SR] Beginning Verify and Repair transaction
2011-09-07 16:06:03, Info CSI 000001d7 [SR] Verify complete
2011-09-07 16:06:04, Info CSI 000001d8 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:06:04, Info CSI 000001d9 [SR] Beginning Verify and Repair transaction
2011-09-07 16:06:07, Info CSI 000001db [SR] Verify complete
2011-09-07 16:06:07, Info CSI 000001dc [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:06:07, Info CSI 000001dd [SR] Beginning Verify and Repair transaction
2011-09-07 16:06:17, Info CSI 000001df [SR] Verify complete
2011-09-07 16:06:18, Info CSI 000001e0 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:06:18, Info CSI 000001e1 [SR] Beginning Verify and Repair transaction
2011-09-07 16:06:25, Info CSI 000001e3 [SR] Verify complete
2011-09-07 16:06:26, Info CSI 000001e4 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:06:26, Info CSI 000001e5 [SR] Beginning Verify and Repair transaction
2011-09-07 16:06:32, Info CSI 000001e7 [SR] Verify complete
2011-09-07 16:06:32, Info CSI 000001e8 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:06:32, Info CSI 000001e9 [SR] Beginning Verify and Repair transaction
2011-09-07 16:06:38, Info CSI 000001eb [SR] Verify complete
2011-09-07 16:06:38, Info CSI 000001ec [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:06:38, Info CSI 000001ed [SR] Beginning Verify and Repair transaction
2011-09-07 16:06:42, Info CSI 000001ef [SR] Verify complete
2011-09-07 16:06:42, Info CSI 000001f0 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:06:42, Info CSI 000001f1 [SR] Beginning Verify and Repair transaction
2011-09-07 16:06:51, Info CSI 000001f3 [SR] Verify complete
2011-09-07 16:06:51, Info CSI 000001f4 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:06:51, Info CSI 000001f5 [SR] Beginning Verify and Repair transaction
2011-09-07 16:07:02, Info CSI 000001f7 [SR] Verify complete
2011-09-07 16:07:03, Info CSI 000001f8 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:07:03, Info CSI 000001f9 [SR] Beginning Verify and Repair transaction
2011-09-07 16:07:21, Info CSI 000001fb [SR] Verify complete
2011-09-07 16:07:21, Info CSI 000001fc [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:07:21, Info CSI 000001fd [SR] Beginning Verify and Repair transaction
2011-09-07 16:07:29, Info CSI 000001ff [SR] Verify complete
2011-09-07 16:07:30, Info CSI 00000200 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:07:30, Info CSI 00000201 [SR] Beginning Verify and Repair transaction
2011-09-07 16:07:34, Info CSI 00000203 [SR] Verify complete
2011-09-07 16:07:35, Info CSI 00000204 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:07:35, Info CSI 00000205 [SR] Beginning Verify and Repair transaction
2011-09-07 16:07:41, Info CSI 00000207 [SR] Verify complete
2011-09-07 16:07:41, Info CSI 00000208 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:07:41, Info CSI 00000209 [SR] Beginning Verify and Repair transaction
2011-09-07 16:07:44, Info CSI 0000020b [SR] Verify complete
2011-09-07 16:07:45, Info CSI 0000020c [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:07:45, Info CSI 0000020d [SR] Beginning Verify and Repair transaction
2011-09-07 16:07:48, Info CSI 0000020f [SR] Verify complete
2011-09-07 16:07:48, Info CSI 00000210 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:07:48, Info CSI 00000211 [SR] Beginning Verify and Repair transaction
2011-09-07 16:07:54, Info CSI 00000213 [SR] Verify complete
2011-09-07 16:07:55, Info CSI 00000214 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:07:55, Info CSI 00000215 [SR] Beginning Verify and Repair transaction
2011-09-07 16:07:58, Info CSI 00000217 [SR] Verify complete
2011-09-07 16:07:59, Info CSI 00000218 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:07:59, Info CSI 00000219 [SR] Beginning Verify and Repair transaction
2011-09-07 16:08:04, Info CSI 0000021b [SR] Verify complete
2011-09-07 16:08:05, Info CSI 0000021c [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:08:05, Info CSI 0000021d [SR] Beginning Verify and Repair transaction
2011-09-07 16:08:14, Info CSI 00000225 [SR] Verify complete
2011-09-07 16:08:15, Info CSI 00000226 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:08:15, Info CSI 00000227 [SR] Beginning Verify and Repair transaction
2011-09-07 16:08:19, Info CSI 00000229 [SR] Verify complete
2011-09-07 16:08:20, Info CSI 0000022a [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:08:20, Info CSI 0000022b [SR] Beginning Verify and Repair transaction
2011-09-07 16:08:24, Info CSI 0000022d [SR] Verify complete
2011-09-07 16:08:24, Info CSI 0000022e [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:08:24, Info CSI 0000022f [SR] Beginning Verify and Repair transaction
2011-09-07 16:08:28, Info CSI 00000231 [SR] Verify complete
2011-09-07 16:08:29, Info CSI 00000232 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:08:29, Info CSI 00000233 [SR] Beginning Verify and Repair transaction
2011-09-07 16:08:33, Info CSI 00000235 [SR] Verify complete
2011-09-07 16:08:33, Info CSI 00000236 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:08:33, Info CSI 00000237 [SR] Beginning Verify and Repair transaction
2011-09-07 16:08:37, Info CSI 00000239 [SR] Verify complete
2011-09-07 16:08:38, Info CSI 0000023a [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:08:38, Info CSI 0000023b [SR] Beginning Verify and Repair transaction
2011-09-07 16:08:44, Info CSI 0000023d [SR] Verify complete
2011-09-07 16:08:45, Info CSI 0000023e [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:08:45, Info CSI 0000023f [SR] Beginning Verify and Repair transaction
2011-09-07 16:08:54, Info CSI 00000242 [SR] Verify complete
2011-09-07 16:08:54, Info CSI 00000243 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:08:54, Info CSI 00000244 [SR] Beginning Verify and Repair transaction
2011-09-07 16:08:58, Info CSI 00000246 [SR] Verify complete
2011-09-07 16:08:58, Info CSI 00000247 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:08:58, Info CSI 00000248 [SR] Beginning Verify and Repair transaction
2011-09-07 16:09:00, Info CSI 0000024a [SR] Verify complete
2011-09-07 16:09:01, Info CSI 0000024b [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:09:01, Info CSI 0000024c [SR] Beginning Verify and Repair transaction
2011-09-07 16:09:10, Info CSI 0000024f [SR] Verify complete
2011-09-07 16:09:11, Info CSI 00000250 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:09:11, Info CSI 00000251 [SR] Beginning Verify and Repair transaction
2011-09-07 16:09:27, Info CSI 00000256 [SR] Verify complete
2011-09-07 16:09:28, Info CSI 00000257 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:09:28, Info CSI 00000258 [SR] Beginning Verify and Repair transaction
2011-09-07 16:09:38, Info CSI 0000025b [SR] Verify complete
2011-09-07 16:09:38, Info CSI 0000025c [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:09:38, Info CSI 0000025d [SR] Beginning Verify and Repair transaction
2011-09-07 16:09:44, Info CSI 00000261 [SR] Verify complete
2011-09-07 16:09:45, Info CSI 00000262 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:09:45, Info CSI 00000263 [SR] Beginning Verify and Repair transaction
2011-09-07 16:09:54, Info CSI 0000026b [SR] Verify complete
2011-09-07 16:09:54, Info CSI 0000026c [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:09:54, Info CSI 0000026d [SR] Beginning Verify and Repair transaction
2011-09-07 16:10:03, Info CSI 00000273 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"user32.dll" from store
2011-09-07 16:10:03, Info CSI 00000276 [SR] Verify complete
2011-09-07 16:10:04, Info CSI 00000277 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:10:04, Info CSI 00000278 [SR] Beginning Verify and Repair transaction
2011-09-07 16:10:12, Info CSI 00000280 [SR] Verify complete
2011-09-07 16:10:12, Info CSI 00000281 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:10:12, Info CSI 00000282 [SR] Beginning Verify and Repair transaction
2011-09-07 16:10:18, Info CSI 00000284 [SR] Verify complete
2011-09-07 16:10:18, Info CSI 00000285 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:10:18, Info CSI 00000286 [SR] Beginning Verify and Repair transaction
2011-09-07 16:10:23, Info CSI 0000028a [SR] Verify complete
2011-09-07 16:10:23, Info CSI 0000028b [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:10:23, Info CSI 0000028c [SR] Beginning Verify and Repair transaction
2011-09-07 16:10:27, Info CSI 0000028e [SR] Verify complete
2011-09-07 16:10:28, Info CSI 0000028f [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:10:28, Info CSI 00000290 [SR] Beginning Verify and Repair transaction
2011-09-07 16:10:35, Info CSI 000002a5 [SR] Verify complete
2011-09-07 16:10:35, Info CSI 000002a6 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:10:35, Info CSI 000002a7 [SR] Beginning Verify and Repair transaction
2011-09-07 16:10:41, Info CSI 000002b9 [SR] Verify complete
2011-09-07 16:10:42, Info CSI 000002ba [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:10:42, Info CSI 000002bb [SR] Beginning Verify and Repair transaction
2011-09-07 16:10:48, Info CSI 000002bd [SR] Verify complete
2011-09-07 16:10:48, Info CSI 000002be [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:10:48, Info CSI 000002bf [SR] Beginning Verify and Repair transaction
2011-09-07 16:10:53, Info CSI 000002c1 [SR] Verify complete
2011-09-07 16:10:53, Info CSI 000002c2 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:10:53, Info CSI 000002c3 [SR] Beginning Verify and Repair transaction
2011-09-07 16:10:58, Info CSI 000002c5 [SR] Verify complete
2011-09-07 16:10:58, Info CSI 000002c6 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:10:58, Info CSI 000002c7 [SR] Beginning Verify and Repair transaction
2011-09-07 16:11:04, Info CSI 000002d5 [SR] Verify complete
2011-09-07 16:11:04, Info CSI 000002d6 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:11:04, Info CSI 000002d7 [SR] Beginning Verify and Repair transaction
2011-09-07 16:11:09, Info CSI 000002d9 [SR] Verify complete
2011-09-07 16:11:10, Info CSI 000002da [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:11:10, Info CSI 000002db [SR] Beginning Verify and Repair transaction
2011-09-07 16:11:18, Info CSI 000002dd [SR] Verify complete
2011-09-07 16:11:19, Info CSI 000002de [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:11:19, Info CSI 000002df [SR] Beginning Verify and Repair transaction
2011-09-07 16:11:27, Info CSI 000002ed [SR] Verify complete
2011-09-07 16:11:28, Info CSI 000002ee [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:11:28, Info CSI 000002ef [SR] Beginning Verify and Repair transaction
2011-09-07 16:11:31, Info CSI 000002f1 [SR] Verify complete
2011-09-07 16:11:31, Info CSI 000002f2 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:11:31, Info CSI 000002f3 [SR] Beginning Verify and Repair transaction
2011-09-07 16:11:35, Info CSI 000002f5 [SR] Verify complete
2011-09-07 16:11:36, Info CSI 000002f6 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:11:36, Info CSI 000002f7 [SR] Beginning Verify and Repair transaction
2011-09-07 16:11:42, Info CSI 000002f9 [SR] Verify complete
2011-09-07 16:11:43, Info CSI 000002fa [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:11:43, Info CSI 000002fb [SR] Beginning Verify and Repair transaction
2011-09-07 16:11:45, Info CSI 000002fd [SR] Verify complete
2011-09-07 16:11:46, Info CSI 000002fe [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:11:46, Info CSI 000002ff [SR] Beginning Verify and Repair transaction
2011-09-07 16:11:48, Info CSI 00000301 [SR] Verify complete
2011-09-07 16:11:49, Info CSI 00000302 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:11:49, Info CSI 00000303 [SR] Beginning Verify and Repair transaction
2011-09-07 16:11:54, Info CSI 00000305 [SR] Verify complete
2011-09-07 16:11:55, Info CSI 00000306 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:11:55, Info CSI 00000307 [SR] Beginning Verify and Repair transaction
2011-09-07 16:12:00, Info CSI 00000309 [SR] Verify complete
2011-09-07 16:12:01, Info CSI 0000030a [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:12:01, Info CSI 0000030b [SR] Beginning Verify and Repair transaction
2011-09-07 16:12:06, Info CSI 0000030d [SR] Verify complete
2011-09-07 16:12:06, Info CSI 0000030e [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:12:06, Info CSI 0000030f [SR] Beginning Verify and Repair transaction
2011-09-07 16:12:17, Info CSI 00000329 [SR] Verify complete
2011-09-07 16:12:18, Info CSI 0000032a [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:12:18, Info CSI 0000032b [SR] Beginning Verify and Repair transaction
2011-09-07 16:12:23, Info CSI 0000032d [SR] Verify complete
2011-09-07 16:12:23, Info CSI 0000032e [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:12:23, Info CSI 0000032f [SR] Beginning Verify and Repair transaction
2011-09-07 16:12:47, Info CSI 00000331 [SR] Verify complete
2011-09-07 16:12:47, Info CSI 00000332 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:12:47, Info CSI 00000333 [SR] Beginning Verify and Repair transaction
2011-09-07 16:12:52, Info CSI 00000335 [SR] Verify complete
2011-09-07 16:12:53, Info CSI 00000336 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:12:53, Info CSI 00000337 [SR] Beginning Verify and Repair transaction
2011-09-07 16:12:57, Info CSI 00000339 [SR] Verify complete
2011-09-07 16:12:57, Info CSI 0000033a [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:12:57, Info CSI 0000033b [SR] Beginning Verify and Repair transaction
2011-09-07 16:13:01, Info CSI 0000033f [SR] Verify complete
2011-09-07 16:13:02, Info CSI 00000340 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:13:02, Info CSI 00000341 [SR] Beginning Verify and Repair transaction
2011-09-07 16:13:09, Info CSI 00000343 [SR] Verify complete
2011-09-07 16:13:10, Info CSI 00000344 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:13:10, Info CSI 00000345 [SR] Beginning Verify and Repair transaction
2011-09-07 16:13:14, Info CSI 00000347 [SR] Verify complete
2011-09-07 16:13:15, Info CSI 00000348 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:13:15, Info CSI 00000349 [SR] Beginning Verify and Repair transaction
2011-09-07 16:13:20, Info CSI 0000034b [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slwga.dll" from store
2011-09-07 16:13:20, Info CSI 0000034c [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slmgr.vbs" from store
2011-09-07 16:13:20, Info CSI 0000034e [SR] Verify complete
2011-09-07 16:13:21, Info CSI 0000034f [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:13:21, Info CSI 00000350 [SR] Beginning Verify and Repair transaction
2011-09-07 16:13:25, Info CSI 00000352 [SR] Verify complete
2011-09-07 16:13:25, Info CSI 00000353 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:13:25, Info CSI 00000354 [SR] Beginning Verify and Repair transaction
2011-09-07 16:13:30, Info CSI 00000356 [SR] Verify complete
2011-09-07 16:13:30, Info CSI 00000357 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:13:30, Info CSI 00000358 [SR] Beginning Verify and Repair transaction
2011-09-07 16:13:34, Info CSI 0000035b [SR] Verify complete
2011-09-07 16:13:35, Info CSI 0000035c [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:13:35, Info CSI 0000035d [SR] Beginning Verify and Repair transaction
2011-09-07 16:13:39, Info CSI 0000035f [SR] Verify complete
2011-09-07 16:13:39, Info CSI 00000360 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:13:39, Info CSI 00000361 [SR] Beginning Verify and Repair transaction
2011-09-07 16:13:45, Info CSI 00000364 [SR] Verify complete
2011-09-07 16:13:45, Info CSI 00000365 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:13:45, Info CSI 00000366 [SR] Beginning Verify and Repair transaction
2011-09-07 16:13:51, Info CSI 00000368 [SR] Verify complete
2011-09-07 16:13:51, Info CSI 00000369 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:13:51, Info CSI 0000036a [SR] Beginning Verify and Repair transaction
2011-09-07 16:13:57, Info CSI 0000036c [SR] Verify complete
2011-09-07 16:13:58, Info CSI 0000036d [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:13:58, Info CSI 0000036e [SR] Beginning Verify and Repair transaction
2011-09-07 16:14:04, Info CSI 00000371 [SR] Verify complete
2011-09-07 16:14:05, Info CSI 00000372 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:14:05, Info CSI 00000373 [SR] Beginning Verify and Repair transaction
2011-09-07 16:14:10, Info CSI 00000375 [SR] Verify complete
2011-09-07 16:14:10, Info CSI 00000376 [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:14:10, Info CSI 00000377 [SR] Beginning Verify and Repair transaction
2011-09-07 16:14:15, Info CSI 00000379 [SR] Verify complete
2011-09-07 16:14:16, Info CSI 0000037a [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:14:16, Info CSI 0000037b [SR] Beginning Verify and Repair transaction
2011-09-07 16:14:21, Info CSI 0000037d [SR] Verify complete
2011-09-07 16:14:21, Info CSI 0000037e [SR] Verifying 100 (0x0000000000000064) components
2011-09-07 16:14:21, Info CSI 0000037f [SR] Beginning Verify and Repair transaction
2011-09-07 16:14:26, Info CSI 00000381 [SR] Verify complete
2011-09-07 16:14:26, Info CSI 00000382 [SR] Verifying 11 (0x000000000000000b) components
2011-09-07 16:14:26, Info CSI 00000383 [SR] Beginning Verify and Repair transaction
2011-09-07 16:14:27, Info CSI 00000385 [SR] Verify complete
2011-09-07 16:14:27, Info CSI 00000386 [SR] Repairing 7 components
2011-09-07 16:14:27, Info CSI 00000387 [SR] Beginning Verify and Repair transaction
2011-09-07 16:14:27, Info CSI 00000389 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"user32.dll" from store
2011-09-07 16:14:27, Info CSI 0000038a [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slmgr.vbs" from store
2011-09-07 16:14:27, Info CSI 0000038b [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs" from store
2011-09-07 16:14:28, Info CSI 0000038d [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"user32.dll" from store
2011-09-07 16:14:28, Info CSI 0000038f [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slwga.dll" from store
2011-09-07 16:14:28, Info CSI 00000391 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slwga.dll" from store
2011-09-07 16:14:28, Info CSI 00000393 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:26{13}]"systemcpl.dll" from store
2011-09-07 16:14:28, Info CSI 00000395 [SR] Repair complete
2011-09-07 16:14:28, Info CSI 00000396 [SR] Committing transaction
2011-09-07 16:14:28, Info CSI 0000039a [SR] Unable to complete Verify and Repair transaction because some of the files that need to be repaired are in use. A reboot is required to complete this operation.
2011-09-07 16:14:28, Info CSI 0000039b [SR] Repairing 7 components
2011-09-07 16:14:28, Info CSI 0000039c [SR] Beginning Verify and Repair transaction
2011-09-07 16:14:29, Info CSI 0000039e [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"user32.dll" from store
2011-09-07 16:14:29, Info CSI 0000039f [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slmgr.vbs" from store
2011-09-07 16:14:29, Info CSI 000003a0 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs" from store
2011-09-07 16:14:29, Info CSI 000003a2 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"user32.dll" from store
2011-09-07 16:14:29, Info CSI 000003a4 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slwga.dll" from store
2011-09-07 16:14:29, Info CSI 000003a6 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slwga.dll" from store
2011-09-07 16:14:30, Info CSI 000003a8 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:26{13}]"systemcpl.dll" from store
2011-09-07 16:14:30, Info CSI 000003aa [SR] Repair complete
  • 0

#18
violinkit
Posted 07 September 2011 - 05:29 PM

violinkit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
And here's the first OTL Log.

OTL logfile created on: 9/7/2011 4:18:24 PM - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\mj\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 51.70% Memory free
7.86 Gb Paging File | 6.00 Gb Available in Paging File | 76.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70.12 Gb Total Space | 15.65 Gb Free Space | 22.31% Space Free | Partition Type: NTFS
Drive D: | 65.43 Gb Total Space | 2.53 Gb Free Space | 3.87% Space Free | Partition Type: NTFS
Drive E: | 79.73 Gb Total Space | 18.73 Gb Free Space | 23.49% Space Free | Partition Type: NTFS
Drive F: | 73.04 Gb Total Space | 4.38 Gb Free Space | 5.99% Space Free | Partition Type: NTFS

Computer Name: KIT-ASPIRE | User Name: mj | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/06 07:51:37 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\mj\Desktop\OTL.exe
PRC - [2011/07/08 00:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/05/05 07:11:16 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010/02/23 20:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- D:\PPS.tv\PPStream\PPSAP.exe
PRC - [2009/08/18 02:42:34 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2008/07/29 04:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/08 00:16:28 | 001,850,328 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/06/03 00:13:51 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/09 18:40:56 | 000,958,976 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-53.dll
MOD - [2011/05/09 18:40:56 | 000,239,616 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-0.dll
MOD - [2011/05/09 18:40:54 | 007,006,208 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-53.dll
MOD - [2011/05/09 18:40:54 | 000,132,096 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
MOD - [2010/01/28 02:41:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Virtual Camara\VirtualCam.ax
MOD - [2008/07/29 04:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/15 12:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2010/05/05 07:13:42 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/05/05 07:11:16 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/09/04 00:44:14 | 000,158,240 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV:64bit: - [2009/09/03 23:52:06 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/04 21:53:36 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/17 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/14 09:43:20 | 000,515,560 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 18:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/01/01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/11/02 17:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/25 11:59:32 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/10/25 11:59:28 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/05/05 07:12:16 | 000,050,600 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/05/05 07:12:12 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/05/05 07:12:10 | 000,169,592 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/05/05 07:11:02 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/05/05 07:08:36 | 000,163,888 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/04/19 21:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/15 14:41:32 | 000,346,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SRS_SSCFilter_amd64.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV:64bit: - [2009/09/15 04:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/09/04 00:24:30 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/09/04 00:24:30 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/09/03 22:59:38 | 000,140,800 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/09/03 22:46:02 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2009/09/03 22:46:02 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 05:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/04/23 13:54:40 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/04/23 13:54:40 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115obex.sys -- (s115obex)
DRV:64bit: - [2007/04/23 13:54:38 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdm.sys -- (s115mdm)
DRV:64bit: - [2007/04/23 13:54:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdfl.sys -- (s115mdfl)
DRV:64bit: - [2007/04/23 13:54:32 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2786678
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 FC 61 4C A9 15 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.http: "204.152.198.26"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 204.152.198.26"

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mj\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mj\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mj\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mj\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2010/07/18 21:20:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/29 20:00:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/28 18:20:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/07/18 21:20:37 | 000,000,000 | ---D | M]

[2010/07/01 21:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mj\AppData\Roaming\mozilla\Extensions
[2011/08/18 19:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mj\AppData\Roaming\mozilla\Firefox\Profiles\aue0this.default\extensions
[2011/08/18 19:06:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\mj\AppData\Roaming\mozilla\Firefox\Profiles\aue0this.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/29 06:41:12 | 000,000,863 | ---- | M] () -- C:\Users\mj\AppData\Roaming\Mozilla\Firefox\Profiles\aue0this.default\searchplugins\conduit.xml
[2011/09/07 15:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/14 07:39:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/09/07 15:52:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/07/08 00:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/07 15:52:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/07 10:03:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSAP.exe (PPStream Inc)
O4 - Startup: C:\Users\mj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk = D:\PPS.tv\PPStream\PPStream.exe (PPStream Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\mj\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\mj\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\mj\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\mj\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} https://download.ali...401/aliedit.cab (EditCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF5FE39D-9695-4254-90A2-89452B97D3C4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F82C1CB5-F883-4EF5-A3D9-811EB1A409B9}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/07 16:17:06 | 000,061,440 | ---- | C] ( ) -- C:\Users\mj\Desktop\VEW.exe
[2011/09/07 15:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/09/07 15:52:45 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/07 15:52:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/09/07 15:52:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/09/07 15:50:22 | 000,908,576 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\mj\Desktop\jxpiinstall.exe
[2011/09/07 10:10:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/07 10:04:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/07 07:05:09 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\mj\Desktop\aswMBR.exe
[2011/09/07 06:18:45 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mj\Desktop\TDSSKiller.exe
[2011/09/06 07:51:28 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\mj\Desktop\OTL.exe
[2011/09/06 07:30:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/06 07:30:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/06 07:30:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/06 07:30:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/06 07:27:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/06 07:27:04 | 004,198,514 | R--- | C] (Swearware) -- C:\Users\mj\Desktop\ComboFix.exe
[2011/09/06 07:18:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/08/13 15:23:35 | 000,000,000 | ---D | C] -- C:\Users\mj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ciel
[2011/08/12 08:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2011/08/12 08:29:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2011/08/10 04:06:16 | 000,000,000 | ---D | C] -- C:\Down
[2011/08/10 04:05:26 | 000,000,000 | ---D | C] -- C:\Windyzone
[2011/08/10 03:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perfectworld Entertainment
[2011/08/10 03:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[2011/08/09 09:12:07 | 000,000,000 | ---D | C] -- C:\Nestopia140bin
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/07 16:21:15 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 16:21:15 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 16:17:07 | 000,061,440 | ---- | M] ( ) -- C:\Users\mj\Desktop\VEW.exe
[2011/09/07 16:13:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-428341497-189840876-2479362816-1000UA.job
[2011/09/07 15:52:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/09/07 15:52:35 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/07 15:52:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/09/07 15:52:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/09/07 15:50:40 | 000,908,576 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\mj\Desktop\jxpiinstall.exe
[2011/09/07 12:13:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-428341497-189840876-2479362816-1000Core.job
[2011/09/07 10:21:53 | 000,703,340 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/07 10:21:53 | 000,449,834 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2011/09/07 10:21:53 | 000,137,488 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/07 10:21:53 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2011/09/07 10:21:52 | 001,428,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/07 10:17:50 | 000,000,433 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/09/07 10:17:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/07 10:17:08 | 3167,580,160 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/07 10:13:40 | 000,000,512 | ---- | M] () -- C:\Users\mj\Desktop\MBR.dat
[2011/09/07 10:03:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/07 09:36:25 | 004,198,514 | R--- | M] (Swearware) -- C:\Users\mj\Desktop\ComboFix.exe
[2011/09/07 07:05:19 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\mj\Desktop\aswMBR.exe
[2011/09/07 06:18:34 | 001,386,462 | ---- | M] () -- C:\Users\mj\Desktop\tdsskiller.zip
[2011/09/06 19:25:42 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mj\Desktop\TDSSKiller.exe
[2011/09/06 07:51:37 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\mj\Desktop\OTL.exe
[2011/09/06 07:24:50 | 000,011,752 | ---- | M] () -- C:\Users\mj\Documents\cc_20110906_072443.reg
[2011/09/05 23:17:27 | 000,001,973 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2011/09/05 22:53:36 | 002,708,256 | ---- | M] () -- C:\Users\mj\Desktop\Tonight was the night.lrf
[2011/08/30 23:40:23 | 000,000,822 | ---- | M] () -- C:\Users\mj\Documents\ax_files.xml
[2011/08/28 17:20:14 | 005,933,737 | ---- | M] () -- C:\Users\mj\Desktop\JESUS [bleep] HOW.lrf
[2011/08/23 21:51:20 | 000,073,025 | ---- | M] () -- C:\Users\mj\Documents\new.MUS
[2011/08/13 15:23:36 | 000,000,634 | ---- | M] () -- C:\Users\mj\Desktop\フォルト!!A.lnk
[2011/08/13 15:14:50 | 004,849,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/10 04:07:25 | 000,000,193 | ---- | M] () -- C:\Users\mj\Desktop\RustyHearts.url
[2011/08/10 03:57:26 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\RustyHearts.lnk
[2011/08/10 02:58:50 | 002,122,280 | ---- | M] () -- C:\Users\mj\Documents\RustyHearts_PWE_Downloader.exe
[2011/08/09 09:10:46 | 001,249,640 | ---- | M] () -- C:\Nestopia140bin.zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/07 08:06:24 | 000,000,512 | ---- | C] () -- C:\Users\mj\Desktop\MBR.dat
[2011/09/07 06:18:08 | 001,386,462 | ---- | C] () -- C:\Users\mj\Desktop\tdsskiller.zip
[2011/09/06 07:30:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/06 07:30:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/06 07:30:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/06 07:30:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/06 07:30:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/06 07:24:46 | 000,011,752 | ---- | C] () -- C:\Users\mj\Documents\cc_20110906_072443.reg
[2011/09/05 23:17:27 | 000,001,973 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2011/09/05 22:52:40 | 002,708,256 | ---- | C] () -- C:\Users\mj\Desktop\Tonight was the night.lrf
[2011/08/28 17:18:15 | 005,933,737 | ---- | C] () -- C:\Users\mj\Desktop\JESUS [bleep] HOW.lrf
[2011/08/23 21:51:20 | 000,073,025 | ---- | C] () -- C:\Users\mj\Documents\new.MUS
[2011/08/13 15:23:36 | 000,000,634 | ---- | C] () -- C:\Users\mj\Desktop\フォルト!!A.lnk
[2011/08/10 04:07:25 | 000,000,193 | ---- | C] () -- C:\Users\mj\Desktop\RustyHearts.url
[2011/08/10 03:57:26 | 000,002,042 | ---- | C] () -- C:\Users\Public\Desktop\RustyHearts.lnk
[2011/08/10 02:58:31 | 002,122,280 | ---- | C] () -- C:\Users\mj\Documents\RustyHearts_PWE_Downloader.exe
[2011/08/09 09:11:58 | 001,249,640 | ---- | C] () -- C:\Nestopia140bin.zip
[2011/07/11 13:14:17 | 000,119,000 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/07/02 19:26:40 | 000,026,089 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2011/04/21 09:15:12 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2011/03/17 13:00:47 | 001,318,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/04 18:34:18 | 000,000,728 | ---- | C] () -- C:\Windows\kaillera.ini
[2010/07/04 22:18:32 | 000,001,456 | ---- | C] () -- C:\Users\mj\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/07/03 05:17:28 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/07/03 04:34:46 | 000,007,618 | ---- | C] () -- C:\Users\mj\AppData\Local\Resmon.ResmonCfg
[2010/07/01 21:58:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/01 19:58:29 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/07/01 07:04:01 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/06/27 04:52:23 | 000,004,120 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2010/06/27 04:51:46 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/06/26 20:29:42 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010/06/26 20:29:42 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/06/26 20:29:42 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010/06/26 20:29:42 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2010/06/26 20:29:15 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010/06/26 20:28:08 | 000,001,005 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010/06/26 20:27:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/26 20:26:10 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/06/26 20:26:10 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/06/26 20:26:10 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010/06/26 20:26:10 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/06/26 20:26:10 | 000,001,005 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 18:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========



< MD5 for: USER32.DLL >
[2010/06/27 05:03:04 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=2C353B6CE0C8D03225CAA2AF33B68D79 -- C:\Windows\SysNative\user32.dll
[2009/07/13 18:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2010/06/27 05:03:04 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=861C4346F9281DC0380DE72C8D55D6BE -- C:\Windows\SysWOW64\user32.dll
[2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

========== Files - Unicode (All) ==========
[2010/12/31 12:03:55 | 000,017,585 | ---- | M] ()(C:\Users\mj\Documents\(C79)(a??aooa?2a??a??)[07th_Expansion]a?†a??a?-a?“a?Ra?a.torrent) -- C:\Users\mj\Documents\(C79)(åŒäººă‚²ăƒ¼ăƒ )[07th_Expansion]ă†ă¿ă­ă“ă®ăª.torrent
[2010/12/31 12:03:54 | 000,017,585 | ---- | C] ()(C:\Users\mj\Documents\(C79)(a??aooa?2a??a??)[07th_Expansion]a?†a??a?-a?“a?Ra?a.torrent) -- C:\Users\mj\Documents\(C79)(åŒäººă‚²ăƒ¼ăƒ )[07th_Expansion]ă†ă¿ă­ă“ă®ăª.torrent
[2010/09/19 23:13:43 | 000,000,000 | ---D | M](C:\Users\mj\Documents\?? ???) -- C:\Users\mj\Documents\넥슨 플러그
[2010/09/19 23:13:43 | 000,000,000 | ---D | C](C:\Users\mj\Documents\?? ???) -- C:\Users\mj\Documents\넥슨 플러그
[2010/07/18 21:11:17 | 000,002,449 | ---- | C] ()(C:\Users\mj\Documents\?明_Readme.html) -- C:\Users\mj\Documents\说明_Readme.html
[2010/07/18 21:11:17 | 000,000,429 | ---- | C] ()(C:\Users\mj\Documents\最新Nod32更新用?名和密?.html) -- C:\Users\mj\Documents\最新Nod32更新用户名和密码.html
[2010/07/01 04:55:14 | 000,000,000 | ---D | M](C:\Users\mj\Documents\我已接收的?案) -- C:\Users\mj\Documents\我已接收的檔案
[2010/07/01 04:53:12 | 000,000,000 | ---D | C](C:\Users\mj\Documents\我已接收的?案) -- C:\Users\mj\Documents\我已接收的檔案
[2010/06/30 03:29:42 | 000,000,429 | ---- | M] ()(C:\Users\mj\Documents\最新Nod32更新用?名和密?.html) -- C:\Users\mj\Documents\最新Nod32更新用户名和密码.html
[2010/06/27 04:38:58 | 000,000,703 | ---- | C] ()(C:\Users\mj\Desktop\清除系統??.bat) -- C:\Users\mj\Desktop\清除系統垃圾.bat
[2010/06/27 04:38:45 | 000,000,000 | ---D | M](C:\Users\mj\Documents\?飾) -- C:\Users\mj\Documents\傢飾
[2010/06/27 04:38:44 | 000,000,000 | ---D | C](C:\Users\mj\Documents\?飾) -- C:\Users\mj\Documents\傢飾
[2010/06/05 14:30:28 | 000,002,449 | ---- | M] ()(C:\Users\mj\Documents\?明_Readme.html) -- C:\Users\mj\Documents\说明_Readme.html
[2009/04/14 00:29:16 | 000,435,576 | ---- | M] (www.pps.tv)(C:\Windows\SysWow64\pps???悵.scr) -- C:\Windows\SysWow64\pps荌捅悵.scr
[2009/04/14 00:29:16 | 000,435,576 | ---- | C] (www.pps.tv)(C:\Windows\SysWow64\pps???悵.scr) -- C:\Windows\SysWow64\pps荌捅悵.scr
[2006/09/22 06:42:11 | 000,000,703 | ---- | M] ()(C:\Users\mj\Desktop\清除系統??.bat) -- C:\Users\mj\Desktop\清除系統垃圾.bat

< End of report >
  • 0

#19
violinkit
Posted 07 September 2011 - 05:38 PM

violinkit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 2011/09/07 4:36:57 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 2011/07/09 11:36:09 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 2011/07/09 11:36:09 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 2011/07/09 11:36:09 PM
Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Log: 'System' Date/Time: 2011/07/09 11:34:37 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 2011/07/09 11:34:37 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 2011/07/09 11:34:37 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Log: 'System' Date/Time: 2011/07/09 11:34:37 PM
Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Log: 'System' Date/Time: 2011/07/09 11:34:34 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 2011/07/09 11:34:33 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Log: 'System' Date/Time: 2011/07/09 11:34:33 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 2011/07/09 11:32:30 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
  • 0

#20
violinkit
Posted 07 September 2011 - 05:44 PM

violinkit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 2011/09/07 4:42:42 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 2011/07/09 11:33:44 PM
Type: Error Category: 0
Event: 4103 Source: Microsoft-Windows-Winlogon
Windows license activation failed. Error 0x80070005.

Log: 'Application' Date/Time: 2011/07/09 11:06:16 PM
Type: Error Category: 0
Event: 8193 Source: Microsoft-Windows-Security-SPP
License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 2011/07/09 11:34:28 PM
Type: Warning Category: 3
Event: 3086 Source: Microsoft-Windows-Search
The system locale has changed. Existing data will be deleted and the index must be recreated.

Context: Application, SystemIndex Catalog


Log: 'Application' Date/Time: 2011/07/09 11:33:44 PM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.
  • 0

#21
violinkit
Posted 07 September 2011 - 05:52 PM

violinkit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
And finally, the OTL logs.

OTL logfile created on: 2011/09/07 4:44:47 PM - Run 4
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\mj\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/MM/dd

3.93 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 59.87% Memory free
7.86 Gb Paging File | 6.03 Gb Available in Paging File | 76.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70.12 Gb Total Space | 15.87 Gb Free Space | 22.63% Space Free | Partition Type: NTFS
Drive D: | 65.43 Gb Total Space | 2.53 Gb Free Space | 3.87% Space Free | Partition Type: NTFS
Drive E: | 79.73 Gb Total Space | 18.73 Gb Free Space | 23.49% Space Free | Partition Type: NTFS
Drive F: | 73.04 Gb Total Space | 4.38 Gb Free Space | 5.99% Space Free | Partition Type: NTFS

Computer Name: KIT-ASPIRE | User Name: mj | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/06 07:51:37 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\mj\Desktop\OTL.exe
PRC - [2011/07/08 00:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/05/05 07:11:16 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010/02/23 20:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- D:\PPS.tv\PPStream\PPSAP.exe
PRC - [2009/08/18 02:42:34 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2008/07/29 04:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/08 00:16:28 | 001,850,328 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/06/03 00:13:51 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/09 18:40:56 | 000,958,976 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-53.dll
MOD - [2011/05/09 18:40:56 | 000,239,616 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-0.dll
MOD - [2011/05/09 18:40:54 | 007,006,208 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-53.dll
MOD - [2011/05/09 18:40:54 | 000,132,096 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
MOD - [2010/01/28 02:41:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Virtual Camara\VirtualCam.ax
MOD - [2008/07/29 04:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/15 12:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2010/05/05 07:13:42 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/05/05 07:11:16 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/09/04 00:44:14 | 000,158,240 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV:64bit: - [2009/09/03 23:52:06 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/04 21:53:36 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/17 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/14 09:43:20 | 000,515,560 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 18:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/01/01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/11/02 17:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/25 11:59:32 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/10/25 11:59:28 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/05/05 07:12:16 | 000,050,600 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/05/05 07:12:12 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/05/05 07:12:10 | 000,169,592 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/05/05 07:11:02 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/05/05 07:08:36 | 000,163,888 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/04/19 21:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/15 14:41:32 | 000,346,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SRS_SSCFilter_amd64.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV:64bit: - [2009/09/15 04:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/09/04 00:24:30 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/09/04 00:24:30 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/09/03 22:59:38 | 000,140,800 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/09/03 22:46:02 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2009/09/03 22:46:02 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 05:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/04/23 13:54:40 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/04/23 13:54:40 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115obex.sys -- (s115obex)
DRV:64bit: - [2007/04/23 13:54:38 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdm.sys -- (s115mdm)
DRV:64bit: - [2007/04/23 13:54:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdfl.sys -- (s115mdfl)
DRV:64bit: - [2007/04/23 13:54:32 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2786678
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 FC 61 4C A9 15 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.http: "204.152.198.26"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 204.152.198.26"

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mj\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mj\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mj\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mj\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2010/07/18 21:20:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/29 20:00:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/28 18:20:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/07/18 21:20:37 | 000,000,000 | ---D | M]

[2010/07/01 21:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mj\AppData\Roaming\mozilla\Extensions
[2011/08/18 19:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mj\AppData\Roaming\mozilla\Firefox\Profiles\aue0this.default\extensions
[2011/08/18 19:06:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\mj\AppData\Roaming\mozilla\Firefox\Profiles\aue0this.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/29 06:41:12 | 000,000,863 | ---- | M] () -- C:\Users\mj\AppData\Roaming\Mozilla\Firefox\Profiles\aue0this.default\searchplugins\conduit.xml
[2011/09/07 15:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/14 07:39:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/09/07 15:52:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/07/08 00:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/07 15:52:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/07 10:03:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSAP.exe (PPStream Inc)
O4 - Startup: C:\Users\mj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk = D:\PPS.tv\PPStream\PPStream.exe (PPStream Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\mj\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\mj\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\mj\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\mj\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} https://download.ali...401/aliedit.cab (EditCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF5FE39D-9695-4254-90A2-89452B97D3C4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F82C1CB5-F883-4EF5-A3D9-811EB1A409B9}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/07 16:43:39 | 006,663,680 | ---- | C] (Hazar & Co.) -- C:\Users\mj\Desktop\RemoveWAT.exe
[2011/09/07 16:17:06 | 000,061,440 | ---- | C] ( ) -- C:\Users\mj\Desktop\VEW.exe
[2011/09/07 15:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/09/07 15:52:45 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/07 15:52:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/09/07 15:52:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/09/07 15:50:22 | 000,908,576 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\mj\Desktop\jxpiinstall.exe
[2011/09/07 10:10:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/07 10:04:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/07 07:05:09 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\mj\Desktop\aswMBR.exe
[2011/09/07 06:18:45 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mj\Desktop\TDSSKiller.exe
[2011/09/06 07:51:28 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\mj\Desktop\OTL.exe
[2011/09/06 07:30:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/06 07:30:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/06 07:30:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/06 07:30:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/06 07:27:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/06 07:27:04 | 004,198,514 | R--- | C] (Swearware) -- C:\Users\mj\Desktop\ComboFix.exe
[2011/09/06 07:18:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/08/13 15:23:35 | 000,000,000 | ---D | C] -- C:\Users\mj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ciel
[2011/08/12 08:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2011/08/12 08:29:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2011/08/10 04:06:16 | 000,000,000 | ---D | C] -- C:\Down
[2011/08/10 04:05:26 | 000,000,000 | ---D | C] -- C:\Windyzone
[2011/08/10 03:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perfectworld Entertainment
[2011/08/10 03:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[2011/08/09 09:12:07 | 000,000,000 | ---D | C] -- C:\Nestopia140bin
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/07 16:43:48 | 006,663,680 | ---- | M] (Hazar & Co.) -- C:\Users\mj\Desktop\RemoveWAT.exe
[2011/09/07 16:39:49 | 000,715,792 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/07 16:39:49 | 000,462,286 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2011/09/07 16:39:49 | 000,141,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/07 16:39:49 | 000,134,658 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2011/09/07 16:39:48 | 001,428,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/07 16:34:14 | 000,000,433 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/09/07 16:33:31 | 004,848,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/07 16:33:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/07 16:33:05 | 3167,580,160 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/07 16:21:15 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 16:21:15 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 16:17:07 | 000,061,440 | ---- | M] ( ) -- C:\Users\mj\Desktop\VEW.exe
[2011/09/07 16:13:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-428341497-189840876-2479362816-1000UA.job
[2011/09/07 15:52:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/09/07 15:52:35 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/07 15:52:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/09/07 15:52:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/09/07 15:50:40 | 000,908,576 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\mj\Desktop\jxpiinstall.exe
[2011/09/07 12:13:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-428341497-189840876-2479362816-1000Core.job
[2011/09/07 10:13:40 | 000,000,512 | ---- | M] () -- C:\Users\mj\Desktop\MBR.dat
[2011/09/07 10:03:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/07 09:36:25 | 004,198,514 | R--- | M] (Swearware) -- C:\Users\mj\Desktop\ComboFix.exe
[2011/09/07 07:05:19 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\mj\Desktop\aswMBR.exe
[2011/09/07 06:18:34 | 001,386,462 | ---- | M] () -- C:\Users\mj\Desktop\tdsskiller.zip
[2011/09/06 19:25:42 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mj\Desktop\TDSSKiller.exe
[2011/09/06 07:51:37 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\mj\Desktop\OTL.exe
[2011/09/06 07:24:50 | 000,011,752 | ---- | M] () -- C:\Users\mj\Documents\cc_20110906_072443.reg
[2011/09/05 23:17:27 | 000,001,973 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2011/09/05 22:53:36 | 002,708,256 | ---- | M] () -- C:\Users\mj\Desktop\Tonight was the night.lrf
[2011/08/30 23:40:23 | 000,000,822 | ---- | M] () -- C:\Users\mj\Documents\ax_files.xml
[2011/08/28 17:20:14 | 005,933,737 | ---- | M] () -- C:\Users\mj\Desktop\JESUS [bleep] HOW.lrf
[2011/08/23 21:51:20 | 000,073,025 | ---- | M] () -- C:\Users\mj\Documents\new.MUS
[2011/08/10 04:07:25 | 000,000,193 | ---- | M] () -- C:\Users\mj\Desktop\RustyHearts.url
[2011/08/10 03:57:26 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\RustyHearts.lnk
[2011/08/10 02:58:50 | 002,122,280 | ---- | M] () -- C:\Users\mj\Documents\RustyHearts_PWE_Downloader.exe
[2011/08/09 09:10:46 | 001,249,640 | ---- | M] () -- C:\Nestopia140bin.zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/07 08:06:24 | 000,000,512 | ---- | C] () -- C:\Users\mj\Desktop\MBR.dat
[2011/09/07 06:18:08 | 001,386,462 | ---- | C] () -- C:\Users\mj\Desktop\tdsskiller.zip
[2011/09/06 07:30:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/06 07:30:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/06 07:30:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/06 07:30:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/06 07:30:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/06 07:24:46 | 000,011,752 | ---- | C] () -- C:\Users\mj\Documents\cc_20110906_072443.reg
[2011/09/05 23:17:27 | 000,001,973 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2011/09/05 22:52:40 | 002,708,256 | ---- | C] () -- C:\Users\mj\Desktop\Tonight was the night.lrf
[2011/08/28 17:18:15 | 005,933,737 | ---- | C] () -- C:\Users\mj\Desktop\JESUS [bleep] HOW.lrf
[2011/08/23 21:51:20 | 000,073,025 | ---- | C] () -- C:\Users\mj\Documents\new.MUS
[2011/08/10 04:07:25 | 000,000,193 | ---- | C] () -- C:\Users\mj\Desktop\RustyHearts.url
[2011/08/10 03:57:26 | 000,002,042 | ---- | C] () -- C:\Users\Public\Desktop\RustyHearts.lnk
[2011/08/10 02:58:31 | 002,122,280 | ---- | C] () -- C:\Users\mj\Documents\RustyHearts_PWE_Downloader.exe
[2011/08/09 09:11:58 | 001,249,640 | ---- | C] () -- C:\Nestopia140bin.zip
[2011/07/11 13:14:17 | 000,119,000 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/07/02 19:26:40 | 000,026,089 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2011/04/21 09:15:12 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2011/03/17 13:00:47 | 001,318,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/04 18:34:18 | 000,000,728 | ---- | C] () -- C:\Windows\kaillera.ini
[2010/07/04 22:18:32 | 000,001,456 | ---- | C] () -- C:\Users\mj\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/07/03 05:17:28 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/07/03 04:34:46 | 000,007,618 | ---- | C] () -- C:\Users\mj\AppData\Local\Resmon.ResmonCfg
[2010/07/01 21:58:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/01 19:58:29 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/07/01 07:04:01 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/06/27 04:52:23 | 000,004,120 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2010/06/27 04:51:46 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/06/26 20:29:42 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010/06/26 20:29:42 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/06/26 20:29:42 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010/06/26 20:29:42 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2010/06/26 20:29:15 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010/06/26 20:28:08 | 000,001,005 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010/06/26 20:27:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/26 20:26:10 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/06/26 20:26:10 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/06/26 20:26:10 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010/06/26 20:26:10 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/06/26 20:26:10 | 000,001,005 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 18:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Files - Unicode (All) ==========
[2011/08/13 15:23:36 | 000,000,634 | ---- | M] ()(C:\Users\mj\Desktop\????!!A.lnk) -- C:\Users\mj\Desktop\フォルト!!A.lnk
[2011/08/13 15:23:36 | 000,000,634 | ---- | C] ()(C:\Users\mj\Desktop\????!!A.lnk) -- C:\Users\mj\Desktop\フォルト!!A.lnk
[2011/01/01 10:12:34 | 000,002,729 | ---- | M] ()(C:\Users\Public\Desktop\?????.lnk) -- C:\Users\Public\Desktop\黄金夢想曲.lnk
[2011/01/01 10:12:34 | 000,002,729 | ---- | C] ()(C:\Users\Public\Desktop\?????.lnk) -- C:\Users\Public\Desktop\黄金夢想曲.lnk
[2010/12/14 16:23:58 | 001,452,581 | ---- | M] ()(C:\Users\mj\Documents\_?????????.pdf) -- C:\Users\mj\Documents\_明年需要知道的事情.pdf
[2010/12/14 16:23:57 | 001,452,581 | ---- | C] ()(C:\Users\mj\Documents\_?????????.pdf) -- C:\Users\mj\Documents\_明年需要知道的事情.pdf
[2010/09/19 23:13:43 | 000,000,000 | ---D | M](C:\Users\mj\Documents\?? ???) -- C:\Users\mj\Documents\넥슨 플러그
[2010/09/19 23:13:43 | 000,000,000 | ---D | C](C:\Users\mj\Documents\?? ???) -- C:\Users\mj\Documents\넥슨 플러그
[2010/07/18 21:11:17 | 000,002,449 | ---- | C] ()(C:\Users\mj\Documents\??_Readme.html) -- C:\Users\mj\Documents\说明_Readme.html
[2010/07/18 21:11:17 | 000,000,429 | ---- | C] ()(C:\Users\mj\Documents\??Nod32????????.html) -- C:\Users\mj\Documents\最新Nod32更新用户名和密码.html
[2010/07/01 04:55:14 | 000,000,000 | ---D | M](C:\Users\mj\Documents\???????) -- C:\Users\mj\Documents\我已接收的檔案
[2010/07/01 04:53:12 | 000,000,000 | ---D | C](C:\Users\mj\Documents\???????) -- C:\Users\mj\Documents\我已接收的檔案
[2010/06/30 03:29:42 | 000,000,429 | ---- | M] ()(C:\Users\mj\Documents\??Nod32????????.html) -- C:\Users\mj\Documents\最新Nod32更新用户名和密码.html
[2010/06/27 05:22:19 | 000,001,126 | ---- | M] ()(C:\Users\mj\Desktop\POWERPNT - ??.lnk) -- C:\Users\mj\Desktop\POWERPNT - 捷徑.lnk
[2010/06/27 05:22:19 | 000,001,126 | ---- | C] ()(C:\Users\mj\Desktop\POWERPNT - ??.lnk) -- C:\Users\mj\Desktop\POWERPNT - 捷徑.lnk
[2010/06/27 05:22:13 | 000,001,115 | ---- | M] ()(C:\Users\mj\Desktop\WINWORD - ??.lnk) -- C:\Users\mj\Desktop\WINWORD - 捷徑.lnk
[2010/06/27 05:22:13 | 000,001,115 | ---- | C] ()(C:\Users\mj\Desktop\WINWORD - ??.lnk) -- C:\Users\mj\Desktop\WINWORD - 捷徑.lnk
[2010/06/27 05:22:04 | 000,001,115 | ---- | M] ()(C:\Users\mj\Desktop\msexcel - ??.lnk) -- C:\Users\mj\Desktop\msexcel - 捷徑.lnk
[2010/06/27 05:22:04 | 000,001,115 | ---- | C] ()(C:\Users\mj\Desktop\msexcel - ??.lnk) -- C:\Users\mj\Desktop\msexcel - 捷徑.lnk
[2010/06/27 04:38:58 | 000,000,703 | ---- | C] ()(C:\Users\mj\Desktop\??????.bat) -- C:\Users\mj\Desktop\清除系統垃圾.bat
[2010/06/27 04:38:45 | 000,000,000 | ---D | M](C:\Users\mj\Documents\??) -- C:\Users\mj\Documents\傢飾
[2010/06/27 04:38:44 | 000,000,000 | ---D | C](C:\Users\mj\Documents\??) -- C:\Users\mj\Documents\傢飾
[2010/06/27 04:38:37 | 000,000,000 | ---D | M](C:\Users\mj\Documents\??) -- C:\Users\mj\Documents\飾品
[2010/06/27 04:38:36 | 000,000,000 | ---D | C](C:\Users\mj\Documents\??) -- C:\Users\mj\Documents\飾品
[2010/06/27 04:38:33 | 000,000,000 | ---D | M](C:\Users\mj\Documents\?????) -- C:\Users\mj\Documents\新增資料夾
[2010/06/27 04:38:33 | 000,000,000 | ---D | C](C:\Users\mj\Documents\?????) -- C:\Users\mj\Documents\新增資料夾
[2010/06/05 14:30:28 | 000,002,449 | ---- | M] ()(C:\Users\mj\Documents\??_Readme.html) -- C:\Users\mj\Documents\说明_Readme.html
[2009/04/14 00:29:16 | 000,435,576 | ---- | M] (www.pps.tv)(C:\Windows\SysWow64\pps????.scr) -- C:\Windows\SysWow64\pps荌捅悵.scr
[2009/04/14 00:29:16 | 000,435,576 | ---- | C] (www.pps.tv)(C:\Windows\SysWow64\pps????.scr) -- C:\Windows\SysWow64\pps荌捅悵.scr
[2006/09/22 06:42:11 | 000,000,703 | ---- | M] ()(C:\Users\mj\Desktop\??????.bat) -- C:\Users\mj\Desktop\清除系統垃圾.bat
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom ???) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom 數位板

< End of report >
  • 0

#22
violinkit
Posted 07 September 2011 - 05:53 PM

violinkit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL Extras logfile created on: 2011/09/07 4:44:47 PM - Run 4
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\mj\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/MM/dd

3.93 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 59.87% Memory free
7.86 Gb Paging File | 6.03 Gb Available in Paging File | 76.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70.12 Gb Total Space | 15.87 Gb Free Space | 22.63% Space Free | Partition Type: NTFS
Drive D: | 65.43 Gb Total Space | 2.53 Gb Free Space | 3.87% Space Free | Partition Type: NTFS
Drive E: | 79.73 Gb Total Space | 18.73 Gb Free Space | 23.49% Space Free | Partition Type: NTFS
Drive F: | 73.04 Gb Total Space | 4.38 Gb Free Space | 5.99% Space Free | Partition Type: NTFS

Computer Name: KIT-ASPIRE | User Name: mj | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"SXC" = C:\Windows\Sxc\svchost.exe:*:Enabled:ArmageddoN
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"SXC" = C:\Windows\Sxc\svchost.exe:*:Enabled:ArmageddoN


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{056B9C5B-2E8D-4EBC-941C-06C78A30ABB3}" = Microsoft_VC80_ATL_x86_x64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0A107E17-B5C5-DFE3-6EAA-E6A68A4B82FD}" = ATI Catalyst Install Manager
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{138D2BE4-7981-4F34-BA23-81B6B99D0DE6}" = Microsoft_VC80_MFCLOC_x86_x64
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{3A255A4E-63D7-461D-8D39-79A0FC78BFCE}" = ESET Smart Security
"{3D46855F-7B71-4CF7-A270-62E0E4F05037}" = Microsoft_VC80_CRT_x86_x64
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{47A70BC0-BB3E-468B-9E01-56CCD6F2A911}" = Microsoft_VC80_MFC_x86_x64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D1BA5DC5-1E32-56E0-41DB-FFBB846FD9CE}" = ccc-utility64
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBF43D47-B1CD-C2D5-B19D-B89497AC80B3}" = ATI AVIVO64 Codecs
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wacom Tablet Driver" = Wacom Tablet

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0279A9AB-01C3-CD2C-837C-29861A0C863F}" = CCC Help Swedish
"{0283EDE1-D8A9-4F64-A035-5E35B4DD199A}_is1" = CLANNAD Full Voice 1.5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09C8CB2A-C6E8-EEF7-6388-B533685F6D7A}" = CCC Help Czech
"{0E64E4CC-F3F5-E222-E59F-6A5B014C8F25}" = Catalyst Control Center Localization All
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live 上載工具
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{2AE1A3BF-EE97-8F00-4BB1-B7F6B85C09BC}" = CCC Help French
"{2BA0A20B-B1D9-29C2-74B3-9BC7F2B0A11C}" = Catalyst Control Center Graphics Full Existing
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3424165E-3CC9-A6E0-12A6-5BE273FD2636}" = CCC Help Dutch
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends
"{3B42F282-B492-7489-201D-6BC9BB1D43D5}" = Catalyst Control Center InstallProxy
"{417E8AF0-DAED-4807-82CD-0E4232EFA559}" = RustyHearts PWE
"{449F491E-FCC8-4C48-BACC-53FDBA90BFF1}" = XSplit
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45E08245-F4FD-092A-D5CD-7CF541F80293}" = Catalyst Control Center Graphics Light
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50606891-5582-1C25-ACDC-E7DEDAD4DD19}" = CCC Help Chinese Traditional
"{549AAD20-ED05-CE3A-B199-BC3D1ACE90B6}" = CCC Help Turkish
"{581C4F63-1B66-AAB2-F33D-05262CE58B25}" = CCC Help Danish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{703D2082-C8A8-06AE-76E5-1A03FF975621}" = CCC Help German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738F8C78-BAAD-8FF4-F6E2-E825FB9C98E5}" = CCC Help Portuguese
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7FF0ACFE-4346-4D9D-B822-C69B99AAE1FC}" = Microsoft_VC80_MFCLOC_x86
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8996E652-FCF2-840B-C7DF-9A2EA5DC6053}" = CCC Help Norwegian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A855257-A669-5D67-936E-07314EB19472}" = CCC Help Polish
"{8AE28FB8-B8AE-4B58-A5FE-77F45E462BAE}" = Microsoft_VC80_MFC_x86
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92AB49B0-7CC6-5262-CB85-15D1201AA941}" = PX Profile Update
"{952D88D2-3E6F-4E40-8553-8070FEFCE5CD}" = Adobe Creative Suite 5 Master Collection
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97660DB2-EF86-7489-52EC-87C15D64D812}" = CCC Help Spanish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{9F8A956D-99F8-0DC1-5FD9-01AD022BC673}" = Catalyst Control Center Graphics Previews Vista
"{A34E6764-8BF0-A215-9C29-51CCD48FD891}" = CCC Help Chinese Standard
"{A4AA2BCD-6924-41C2-CA8B-C8D617602921}" = Catalyst Control Center Graphics Full New
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A89DEBCA-F743-3412-97F6-B2E489194551}" = Google Talk Plugin
"{ACF250BF-1FD9-023C-088B-F178C48BC0E2}" = CCC Help Thai
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{AF890091-2603-C1C6-DCD6-B8799D4FB464}" = Adobe Community Help
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C1B36C7D-331F-BB66-5A0C-8C97FD956786}" = CCC Help English
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB07E706-5DD7-4093-83A1-1430D5B6FA75}" = Microsoft_VC80_ATL_x86
"{CBA38C8A-1F5A-7177-BF84-F12F54236027}" = ccc-core-static
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.92.624
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE5F0D0C-4398-2B93-BA14-DEAE92D57DEB}" = CCC Help Hungarian
"{E23D82D4-12E4-0966-9777-79A0A176C6E0}" = CCC Help Russian
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E632763D-0D23-8560-2373-E8DE6443D7F9}" = CCC Help Finnish
"{E6F5ADD7-8B77-7650-F4C5-5DF847788229}" = CCC Help Greek
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F139C955-376C-45CA-9C34-C77000AB73BC}" = 黄金夢想曲
"{F68386EB-DDD6-0BAA-699B-65EAB94E42E4}" = Catalyst Control Center Core Implementation
"{F7633A58-230B-BCE1-5CDB-4D1FC5C98B44}" = CCC Help Japanese
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FC0B6AA4-C606-2AE5-4111-A9C3288FBF15}" = CCC Help Italian
"{FD7BC32A-1824-343F-B213-14A5626ABA23}" = CCC Help Korean
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX Setup
"DragonNest" = DragonNest
"Finale 2006" = Finale 2006
"foobar2000" = foobar2000 v1.1.1
"Fraps" = Fraps (remove only)
"JTablet" = JTablet
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Standard)
"LManager" = Launch Manager
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"Open Codecs" = Xiph.Org Open Codecs 0.84.17315
"PPStream" = PPStream V2.7.0.1282 Final
"Sengoku Rance English_is1" = Sengoku Rance English v1.01
"Steam App 70400" = Recettear: An Item Shop's Tale
"Umineko no Naku Koro ni EP7 English" = Umineko no Naku Koro ni EP7 English v3.3
"uTorrent" = µTorrent
"Vindictus" = Vindictus
"VLC media player" = VLC media player 1.1.0
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"zbattle.net_is1" = zbattle.net 1.09 SR-1 beta
"雙星物語2加強版 繁體中文版_is1" = 雙星物語2加強版 v1.0 豬豬整合版

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Microsoft Office 2007 SP2 CE_702e342b" = Microsoft Office 2007 SP2 CE (VMware ThinApp)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011/09/07 7:06:16 PM | Computer Name = Kit-ASPIRE | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 2011/09/07 7:33:44 PM | Computer Name = Kit-ASPIRE | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

[ Media Center Events ]
Error - 2010/08/03 10:00:22 AM | Computer Name = Kit-ASPIRE | Source = MCUpdate | ID = 0
Description = 7:00:15 AM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)

[ System Events ]
Error - 2011/09/07 7:34:33 PM | Computer Name = Kit-ASPIRE | Source = Service Control Manager | ID = 7001
Description = The UPnP Device Host service depends on the SSDP Discovery service
which failed to start because of the following error: %%1058

Error - 2011/09/07 7:34:33 PM | Computer Name = Kit-ASPIRE | Source = DCOM | ID = 10005
Description =

Error - 2011/09/07 7:34:34 PM | Computer Name = Kit-ASPIRE | Source = Service Control Manager | ID = 7001
Description = The UPnP Device Host service depends on the SSDP Discovery service
which failed to start because of the following error: %%1058

Error - 2011/09/07 7:34:37 PM | Computer Name = Kit-ASPIRE | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 2011/09/07 7:34:37 PM | Computer Name = Kit-ASPIRE | Source = DCOM | ID = 10005
Description =

Error - 2011/09/07 7:34:37 PM | Computer Name = Kit-ASPIRE | Source = Service Control Manager | ID = 7001
Description = The UPnP Device Host service depends on the SSDP Discovery service
which failed to start because of the following error: %%1058

Error - 2011/09/07 7:34:37 PM | Computer Name = Kit-ASPIRE | Source = Service Control Manager | ID = 7001
Description = The UPnP Device Host service depends on the SSDP Discovery service
which failed to start because of the following error: %%1058

Error - 2011/09/07 7:36:09 PM | Computer Name = Kit-ASPIRE | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 2011/09/07 7:36:09 PM | Computer Name = Kit-ASPIRE | Source = Service Control Manager | ID = 7001
Description = The UPnP Device Host service depends on the SSDP Discovery service
which failed to start because of the following error: %%1058

Error - 2011/09/07 7:36:09 PM | Computer Name = Kit-ASPIRE | Source = Service Control Manager | ID = 7001
Description = The UPnP Device Host service depends on the SSDP Discovery service
which failed to start because of the following error: %%1058


< End of report >
  • 0

#23
RKinner
Posted 07 September 2011 - 06:06 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
[2011/08/18 19:06:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\mj\AppData\Roaming\mozilla\Firefox\Profiles\aue0this.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/29 06:41:12 | 000,000,863 | ---- | M] () -- C:\Users\mj\AppData\Roaming\Mozilla\Firefox\Profiles\aue0this.default\searchplugins\conduit.xml
[2010/07/14 07:39:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/09/07 15:52:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\mj\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\mj\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\mj\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\mj\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()


:files
C:\Windows\SysNative\user32.dll|C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll /replace
C:\Windows\SysWOW64\user32.dll|C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll /replace

:Commands
[RESETHOSTS]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

The Extras log says something has triggered the stupid Microsoft Activation requirement:

Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as.
Click The following user, and then select Administrator in the User name list.
Click OK.
At a command prompt, type the following command, and then press ENTER:
slmgr.vbs

Ron
  • 0

#24
violinkit
Posted 07 September 2011 - 06:21 PM

violinkit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Okay I have done this, but it keeps telling me "invalid parameters" and then a long slew of how the progam is supposed to work after it. What do I do?
  • 0

#25
RKinner
Posted 07 September 2011 - 06:47 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Did you do the OTL part first? Something is changing the user32.dll - it was on the list of things that sfc tried to fix.


I was just going by:
http://answers.micro...72-0be2ecbdb320
  • 0

Advertisements

#26
violinkit
Posted 07 September 2011 - 07:11 PM

violinkit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Oh yup, the message is gone. Great! Thanks so much! Is my computer clean now?

And yeah I followed your post through and through in order.

Edited by violinkit, 07 September 2011 - 08:24 PM.

  • 0

#27
RKinner
Posted 07 September 2011 - 10:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Let's run combofix one more time and see if it likes the new user32.dlls.

Ron
  • 0

#28
violinkit
Posted 09 September 2011 - 02:02 AM

violinkit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Do I just run it normally and then post the log?
  • 0

#29
RKinner
Posted 09 September 2011 - 08:28 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
yes
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP