Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Restore window "PC Performance & Stability analysis rep

Started by maezhou , Oct 22 2011 03:20 AM

  • This topic is locked This topic is locked

#61
maezhou
Posted 02 November 2011 - 08:58 PM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Thanks. Here's the OTL.txt log:


OTL logfile created on: 11/2/2011 7:38:39 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.13% Memory free
4.22 Gb Paging File | 2.86 Gb Available in Paging File | 67.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.40 Gb Total Space | 50.40 Gb Free Space | 28.25% Space Free | Partition Type: NTFS

Computer Name: BULLETS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/22 09:32:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/10/03 20:01:32 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/08 18:37:19 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/09/08 18:37:13 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/04/26 00:40:08 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/01 11:19:14 | 000,628,072 | ---- | M] (Nortel Networks) -- C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/02/03 06:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/06/08 05:35:43 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/06/08 05:35:43 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/06/08 05:35:39 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/04/03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/02/03 21:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007/01/01 14:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/03 20:01:31 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 14:32:20 | 000,076,800 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCoreGecko7.dll
MOD - [2011/09/08 18:37:24 | 002,557,952 | ---- | M] () -- C:\Program Files\Webroot\Security\Current\Framework\frameworkresources.dll
MOD - [2011/08/13 10:15:46 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/09/19 05:19:58 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/01 19:20:27 | 000,535,424 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\HLL.exe -- (HLL)
SRV - [2011/09/08 18:37:19 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/12/28 01:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/01 11:19:14 | 000,628,072 | ---- | M] (Nortel Networks) [Auto | Running] -- C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe -- (NvcSvcMgr)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/03 03:45:04 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Stopped] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/28 21:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/09/23 12:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/09/20 18:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/09/20 10:23:16 | 000,204,800 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/09/05 10:53:48 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/08/28 16:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 16:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 01:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 01:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/08/09 01:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/08/09 01:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/08/09 01:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/28 08:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 08:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/24 08:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/10 17:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - [2011/10/23 19:43:29 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\68522918.sys -- (68522918)
DRV - [2011/10/23 14:17:10 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\uzi1odu0.sys -- (uzi1odu0)
DRV - [2011/10/22 12:54:16 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/11 10:07:52 | 000,181,008 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2011/07/11 10:07:52 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2011/07/11 10:07:50 | 000,045,584 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2010/03/01 10:52:50 | 000,068,688 | ---- | M] (Nortel Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nvcwfpco.sys -- (nvcwfpco)
DRV - [2010/03/01 10:52:46 | 000,040,016 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ntnvca.sys -- (NT_NvcA)
DRV - [2008/01/04 21:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/10/28 05:28:02 | 000,776,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/19 13:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/19 05:24:58 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/18 20:30:44 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/28 18:58:06 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/08 05:35:43 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/05 05:17:29 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/24 17:36:21 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 00:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2005/11/02 04:23:08 | 000,014,464 | R--- | M] (©NOWCOM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\nowmemdf.sys -- (NOWMEMDF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found


IE - HKU\.DEFAULT\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found
IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = globalsources.com;www2.variety.com;*.local;<local>
IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.sg.globalsources.com:3333

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.condui...d=CT1750559&q="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/CCBPL: C:\Program Files\Canon\APU\npCCBPLFirefox.dll (Canon Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 20:01:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 23:49:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/19 15:24:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/08/26 21:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2011/10/30 23:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions
[2010/03/25 22:17:18 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/27 19:27:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/10 19:59:25 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/06/19 14:46:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/10/30 23:57:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/15 20:00:20 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/10/10 22:33:32 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/12/14 06:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/01/08 09:08:37 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/01/26 21:29:44 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011/09/28 05:29:32 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2011/05/07 00:32:05 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\[email protected]
[2010/11/15 09:37:36 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\[email protected]
[2011/03/21 15:28:02 | 000,000,921 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d7hqvm9f.default\searchplugins\conduit.xml
[2011/07/02 15:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 21:10:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 05:42:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/10 19:41:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/11 06:38:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 06:40:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/02 15:54:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
[2011/10/03 20:01:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/12/17 06:57:53 | 000,024,672 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll
[2011/09/08 21:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 20:01:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/30 21:46:41 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [NVC] C:\Program Files\Nortel\Nortel VPN Client\Nvc.exe (Nortel Networks)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O7 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: d-addicts.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: d-addicts.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: globalsources.com ([bugzero] * in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: globalsources.com ([exchange] * in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: globalsources.com ([merlion] * in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: globalsources.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: google.com ([mail] http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: variety.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: variety.com ([www2] http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: youtube.com ([www] http in Trusted sites)
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} http://www.clubbox.c.../NowStarter.cab (NowStarter Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D043B09-6D04-416F-98FD-37C14266FA88}: DhcpNameServer = 10.35.28.28 10.35.28.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F0D53FB-9794-4FCC-A3D7-BDE95685A1FF}: NameServer = 10.71.20.53,10.71.20.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBA58C74-8DE1-4E19-A4C4-10380F461B9D}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (410-3601204245-1000) - File not found
O30 - LSA: Security Packages - (Ḯ&) - File not found
O30 - LSA: Security Packages - (䥬) - File not found
O30 - LSA: Security Packages - () - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1a741a0a-e35f-11de-84ab-001a8025b278}\Shell\AutoRun\command - "" = G:\winlog.exe
O33 - MountPoints2\{1a741a0d-e35f-11de-84ab-001a8025b278}\Shell - "" = AutoRun
O33 - MountPoints2\{1a741a0d-e35f-11de-84ab-001a8025b278}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b13bca94-e2bc-11de-bb45-001a8025b278}\Shell - "" = AutoRun
O33 - MountPoints2\{b13bca94-e2bc-11de-bb45-001a8025b278}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/01 19:16:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RootkitRevealer
[2011/10/23 15:48:20 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/10/23 15:45:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/23 15:45:26 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/23 10:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/23 10:10:11 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\68522918.sys
[2011/10/22 19:50:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\system malfunction screenshots
[2011/10/22 14:43:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2011/10/22 14:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/22 14:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/22 14:43:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/22 14:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/22 14:29:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/22 14:20:12 | 004,269,652 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/10/22 14:17:24 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/22 11:19:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
[2011/10/22 09:37:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/22 02:23:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OneNote Notebooks
[2011/10/22 00:43:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/10/22 00:39:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/10/12 20:51:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Training Lessons
[2011/10/10 19:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/02 19:55:23 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job
[2011/11/02 19:45:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000UA.job
[2011/11/02 19:07:16 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/02 18:50:55 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/02 18:50:55 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/02 18:44:20 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/02 18:44:19 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/02 18:44:19 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/02 18:44:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/02 18:43:59 | 2137,427,968 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/02 05:42:46 | 000,058,880 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/02 00:45:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000Core.job
[2011/11/01 19:16:24 | 000,231,390 | ---- | M] () -- C:\Users\Owner\Desktop\RootkitRevealer.zip
[2011/11/01 05:03:36 | 214,444,320 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/30 21:46:41 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/23 19:43:29 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\68522918.sys
[2011/10/23 19:09:30 | 000,001,768 | ---- | M] () -- C:\Users\Owner\Documents\Default.rdp
[2011/10/23 15:48:06 | 004,269,652 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/10/23 14:17:10 | 000,011,264 | ---- | M] () -- C:\Windows\System32\drivers\uzi1odu0.sys
[2011/10/23 10:08:37 | 098,451,800 | ---- | M] () -- C:\Users\Owner\Desktop\setup_11.0.0.1245.x01_2011_10_23_19_43.exe
[2011/10/22 14:43:35 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/22 14:17:32 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/22 13:12:11 | 000,002,557 | ---- | M] () -- C:\Users\Owner\Desktop\RSA SecurID Software Token.lnk
[2011/10/22 12:54:16 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/22 12:50:20 | 000,006,324 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/10/22 10:47:05 | 000,684,297 | ---- | M] () -- C:\Users\Owner\Desktop\unhide.exe
[2011/10/22 10:46:14 | 000,718,336 | ---- | M] () -- C:\Users\Owner\Desktop\RogueKiller.exe
[2011/10/22 09:32:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/10/22 02:23:47 | 000,001,111 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/10/22 00:43:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/10/15 01:50:49 | 000,001,614 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/10/13 19:42:18 | 000,875,022 | ---- | M] () -- C:\Users\Owner\Desktop\Learn CSS3 From A - Z- Getting Started With Layouts_1318560125613.jpeg
[2011/10/10 20:38:32 | 000,000,804 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BitComet.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/01 19:16:16 | 000,231,390 | ---- | C] () -- C:\Users\Owner\Desktop\RootkitRevealer.zip
[2011/10/31 23:41:45 | 2137,427,968 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/23 14:17:10 | 000,011,264 | ---- | C] () -- C:\Windows\System32\drivers\uzi1odu0.sys
[2011/10/23 10:06:12 | 098,451,800 | ---- | C] () -- C:\Users\Owner\Desktop\setup_11.0.0.1245.x01_2011_10_23_19_43.exe
[2011/10/22 14:43:35 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/22 11:20:35 | 000,001,643 | ---- | C] () -- C:\Users\Public\Desktop\Nortel VPN Client.lnk
[2011/10/22 11:20:35 | 000,001,081 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoomBrowser EX.lnk
[2011/10/22 11:20:34 | 000,002,821 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero BurnLite 10.lnk
[2011/10/22 11:20:34 | 000,002,004 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/22 11:20:34 | 000,001,854 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari 4.lnk
[2011/10/22 11:20:34 | 000,001,844 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\MP Navigator EX - MP210 Solution Menu.lnk
[2011/10/22 11:20:34 | 000,001,790 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/10/22 11:20:34 | 000,001,726 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/10/22 11:20:34 | 000,001,724 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/22 11:20:34 | 000,001,664 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/10/22 11:20:34 | 000,001,643 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk
[2011/10/22 11:20:34 | 000,001,614 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/10/22 11:20:34 | 000,000,943 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/22 11:20:34 | 000,000,939 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Trend Micro AntiVirus.lnk
[2011/10/22 11:20:34 | 000,000,938 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/22 11:20:34 | 000,000,871 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\TMPGEnc.exe - Shortcut.lnk
[2011/10/22 11:20:34 | 000,000,842 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad++.lnk
[2011/10/22 11:20:34 | 000,000,823 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk
[2011/10/22 11:20:34 | 000,000,796 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\TextPad.lnk
[2011/10/22 11:20:34 | 000,000,258 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/10/22 11:20:34 | 000,000,240 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/10/22 11:20:33 | 000,002,305 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/22 11:20:33 | 000,002,221 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro Photo X2.lnk
[2011/10/22 11:20:33 | 000,001,883 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Chikka Messenger v.4.lnk
[2011/10/22 11:20:33 | 000,000,967 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop 6.0.lnk
[2011/10/22 11:20:33 | 000,000,930 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk
[2011/10/22 11:20:33 | 000,000,806 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\bsplay.exe - Shortcut.lnk
[2011/10/22 11:20:33 | 000,000,804 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BitComet.lnk
[2011/10/22 11:20:33 | 000,000,798 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ExamDiff.lnk
[2011/10/22 11:20:33 | 000,000,778 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Core FTP Lite.lnk
[2011/10/22 11:20:33 | 000,000,765 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CDex.exe - Shortcut.lnk
[2011/10/22 11:20:33 | 000,000,629 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CASETOOL.EXE - Shortcut.lnk
[2011/10/22 11:19:39 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/22 10:46:56 | 000,684,297 | ---- | C] () -- C:\Users\Owner\Desktop\unhide.exe
[2011/10/22 10:45:56 | 000,718,336 | ---- | C] () -- C:\Users\Owner\Desktop\RogueKiller.exe
[2011/10/22 02:23:47 | 000,001,111 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/10/13 19:42:15 | 000,875,022 | ---- | C] () -- C:\Users\Owner\Desktop\Learn CSS3 From A - Z- Getting Started With Layouts_1318560125613.jpeg
[2011/07/27 00:11:21 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{29526623-9FE2-4B87-8260-01B1C7EB7782}
[2010/12/24 06:37:05 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2010/12/24 06:37:05 | 000,017,472 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe
[2009/12/27 03:14:23 | 000,017,451 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\TempResizeJpeg.JPG
[2009/10/08 20:03:34 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/19 00:43:28 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/15 21:01:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/15 21:01:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/06 22:12:57 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/05/04 09:29:22 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat
[2008/04/12 11:45:29 | 000,006,324 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/02/28 20:26:19 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2008/02/28 17:33:51 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/02/21 14:38:11 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/02/21 14:38:01 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/02/21 14:38:01 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/02/21 14:38:00 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/02/21 14:37:55 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/18 20:13:38 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\287DA63AB7.sys
[2008/02/18 20:13:36 | 000,003,608 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/02/17 22:52:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/17 00:26:23 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2008/02/17 00:23:15 | 000,777,728 | ---- | C] () -- C:\Windows\System32\Sslsvc.dll
[2008/02/17 00:23:14 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008/02/17 00:23:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\cfmsg.dll
[2008/02/17 00:23:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/02/17 00:23:01 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lang_cfml.dll
[2008/02/17 00:23:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\xml_datagrove.dll
[2008/02/15 17:12:52 | 000,058,880 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/15 03:55:14 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/11/15 03:53:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2007/10/31 11:45:08 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/10/31 10:56:19 | 000,000,033 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2007/10/30 20:28:59 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/30 20:28:59 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/10/30 20:28:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 001,684,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/02 01:20:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2008/02/21 15:04:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BSplayer
[2008/02/21 14:02:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BSplayer Pro
[2009/10/11 22:14:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2010/09/19 22:40:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CoreFTP
[2010/04/10 10:31:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Facebook
[2008/03/23 21:41:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Helios
[2008/07/21 20:17:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\InterVideo
[2010/08/15 16:55:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Notepad++
[2009/02/28 19:16:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2008/10/06 22:12:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ScanSoft
[2009/10/08 20:03:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2008/02/27 16:50:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird
[2011/11/02 06:18:02 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/02 19:55:23 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\Lovers in Paris NGs.avi:TOC.WMV

< End of report >
  • 0

Advertisements

#62
Essexboy
Posted 03 November 2011 - 12:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
One quick question when you downloaded the start menu restore zip file, did you extract all the files to their own folder on your desktop prior to copying/pasting to the all users folder ?

On completion of this run could you try Combofix again, allowing it to update if needed

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2011/11/01 19:20:27 | 000,535,424 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\HLL.exe -- (HLL)
    O30 - LSA: Security Packages - (410-3601204245-1000) - File not found
    O30 - LSA: Security Packages - (Ḯ&) - File not found
    O30 - LSA: Security Packages - (䥬) - File not found
    O30 - LSA: Security Packages - () - File not found

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#63
maezhou
Posted 03 November 2011 - 02:22 PM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Hi, thanks for your patience with me. Really appreciate your help.

When you say 'start menu restore zip file', are you referring to this?
http://www.vistax64....-shortcuts.html

If that is, then STEP ONE - item 4 didn't happen. On STEP ONE - item 3, when I click on OPEN, it just prompt me to open the zip file. There's no UAC prompt that appeared. I still managed to do STEP ONE - item 5, extracted the zip file on my desktop. But when I did STEP ONE - item 6, the expected result didn't happen -- i.e., the hidden Start Menu folder didn't open in Windows Explorer. So I didn't do the next steps anymore.

So do I need to try and run that again? And after that, run ComboFix again?
What if I failed again to complete the steps on the start menu restore? Just go and continue with the ComboFix?

Edited by maezhou, 03 November 2011 - 02:29 PM.

  • 0

#64
Essexboy
Posted 03 November 2011 - 02:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Open windows explorer and type/copy the following into the address bar

C:\ProgramData\Microsoft\Windows\Start Menu

This will open the necessary folder



Then copy the relevant folders across as per the instructions on the web page

But, yes run the OTL fix and re-run combofix
  • 0

#65
maezhou
Posted 03 November 2011 - 11:34 PM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
ComboFix finally completed it's run. Took 1 hour and 15 minutes to complete.

While ComboFix was running (scanning), there were 2 instances of popup windows with this alert:
"PEV.EXE stopped running....".


Here's the log:


ComboFix 11-11-03.05 - Owner 11/03/2011 21:04:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.974 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\programdata\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-04 04:56 . 2011-11-04 05:00 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-11-04 04:56 . 2011-11-04 04:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-04 03:36 . 2011-11-04 03:36 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{662BBA3C-4B4A-4AB8-85B7-2A75E96534CD}\offreg.dll
2011-11-01 09:08 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{662BBA3C-4B4A-4AB8-85B7-2A75E96534CD}\mpengine.dll
2011-10-23 21:17 . 2011-10-23 21:17 11264 ----a-w- c:\windows\system32\drivers\uzi1odu0.sys
2011-10-23 17:13 . 2011-10-23 17:13 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-23 17:10 . 2011-10-24 02:43 133208 ----a-w- c:\windows\system32\drivers\68522918.sys
2011-10-22 21:43 . 2011-10-22 21:43 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-10-22 21:43 . 2011-10-22 21:43 -------- d-----w- c:\programdata\Malwarebytes
2011-10-22 21:43 . 2011-10-22 21:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-22 21:43 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-22 18:19 . 2011-10-22 19:54 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-22 16:37 . 2011-10-22 16:37 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-13 17:15 . 2011-05-15 16:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 03:01 . 2011-10-04 03:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-12-17 13:57 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-10-05 17:54 303104 ------w- c:\ddi\OverIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2007-09-01 4669440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2011-09-09 1382984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"NVC"="c:\program files\Nortel\Nortel VPN Client\Nvc.exe" [2010-03-01 1717600]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOL DDI.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AOL DDI.lnk
backup=c:\windows\pss\AOL DDI.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 17:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-10-30 11:52 16200 ----a-w- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-19 12:19 154136 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-19 12:20 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2007-09-19 18:09 311296 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
2007-09-20 17:23 253952 ----a-w- c:\program files\Sony\Network Utility\LANUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-19 12:20 137752 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-09-01 14:08 4669440 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-21 20:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
2007-09-06 22:38 53248 ----a-w- c:\program files\Sony\VAIO Center Access Bar\VCAB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Help and Support Demo]
2007-08-28 00:54 290816 ----a-w- c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORegistration]
2007-10-17 21:40 20480 ----a-w- c:\program files\Sony\First Experience\WelcomeLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
2007-10-12 23:29 45056 ----a-w- c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2528014064-590018410-3601204245-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 135664]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [2008-08-03 835208]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 135664]
R3 HLL;HLL;c:\users\Owner\AppData\Local\Temp\HLL.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-10-22 111872]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
R4 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2007-09-20 204800]
R4 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]
R4 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312]
R4 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 292128]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-21 79136]
S0 68522918;68522918;c:\windows\system32\DRIVERS\68522918.sys [2011-10-24 133208]
S1 uzi1odu0;AVZ-RK Kernel Driver;c:\windows\system32\Drivers\uzi1odu0.sys [2011-10-23 11264]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NvcSvcMgr;Nortel VPN Client;c:\program files\Nortel\Nortel VPN Client\NvcSvcMgr.exe [2010-03-01 628072]
S2 nvcwfpco;nvcwfpco;c:\windows\system32\DRIVERS\nvcwfpco.sys [2010-03-01 68688]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2011-07-11 45584]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-09-09 3381184]
S3 NT_NvcA;Nortel VPN Adapter;c:\windows\system32\DRIVERS\ntnvca.sys [2010-03-01 40016]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-05 812544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 05:16]
.
2011-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 05:16]
.
2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-31 08:07]
.
2011-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-31 08:07]
.
2011-11-04 c:\windows\Tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job
- c:\windows\system32\msfeedssync.exe [2011-07-28 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = proxy.sg.globalsources.com:3333
uInternet Settings,ProxyOverride = globalsources.com;www2.variety.com;*.local;<local>
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: d-addicts.com
Trusted Zone: d-addicts.net
Trusted Zone: globalsources.com\bugzero
Trusted Zone: globalsources.com\exchange
Trusted Zone: globalsources.com\merlion
Trusted Zone: globalsources.com\www
Trusted Zone: google.com\mail
Trusted Zone: variety.com\www
Trusted Zone: variety.com\www2
Trusted Zone: youtube.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8F0D53FB-9794-4FCC-A3D7-BDE95685A1FF}: NameServer = 10.71.20.53,10.71.20.54
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d7hqvm9f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
AddRemove-{A63E7492-A0BC-4BB9-89A7-352965222380} - c:\program files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-03 21:58
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-03 22:18:56
ComboFix-quarantined-files.txt 2011-11-04 05:18
.
Pre-Run: 56,338,296,832 bytes free
Post-Run: 56,877,076,480 bytes free
.
- - End Of File - - 8457FAB84727024592F3920041610DD3

Edited by maezhou, 04 November 2011 - 09:26 AM.

  • 0

#66
maezhou
Posted 04 November 2011 - 02:53 AM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
After running ComboFix, I run OTL again. Followed the instructions.

And then it asked for a reboot:
OTL_system_requires_reboot.jpg

So I clicked on OK.
Machine reboot. But when it came back, i got this screen:
OTL_reboot_handle_invalid_after_reboot.jpg

I clicked on OK, and got this screen -- but I my machine doesn't have a password.
OTL_reboot_owner_password.jpg

If I click on Reset Password, it gives me the Reset Password Wizard screen:
OTL_reboot_welcome_reset_password_wizard.jpg

I don't have a password reset disk, so I clicked on Next.
And it gives me the Insert the Password Reset Disk window, where it shows 2 drive selections on the dropdown menu:
1. Removable Disk Drive D
2. Removable Disk Drive E
OTL_reboot_reset_password_insert_password_reset_disk.jpg

I just clicked on Next, and the popup error comes up, asking to insert the password reset disk in the drive:
OTL_reboot_popup_please_insert_the_password_reset_disk_in_the_drive.jpg

So I just clicked on Cancel on the Reset Password Wizard window.
And brings me back to the screens requesting for password.
I tried to just click on the arrow beside the password field, but it just restarts the machine.

After restarting, I tried to switch user, and gives me the user selection screen:
OTL_reboot_switch_user.jpg

If I click on "Other", it gives me this screen for entering the username and password for the other user:
OTL_reboot_switch_user_other_user_password_input.jpg

If there's no response from the user for about a minute or so, the screen starts to slowly dim and automatically restarts.

I can't restart normally, open the computer or shut it down, so I'm just forced to turn it off.
I'm just taking pictures of the screen since I can't get into the system anymore. So the screenshots here were from my camera, cropped and reduced just to visually show scenarios. And i'm just using another machine to report and reply here.

Attached Thumbnails

  • OTL_reboot_insert_password_reset_disk.jpg

Edited by maezhou, 05 November 2011 - 01:20 AM.

  • 0

#67
Essexboy
Posted 04 November 2011 - 12:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you get the admin password screen just press enter, if no password is set that is all you need

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\users\Owner\AppData\Local\Temp\HLL.exe

Driver::
HLL

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#68
maezhou
Posted 04 November 2011 - 03:16 PM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
OK. Didn't know that I just have to hit Enter if no password was set. Sorry about that.
So i'm not going to do the OTL after the reboot, like first instructed?
  • 0

#69
Essexboy
Posted 04 November 2011 - 03:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No go direct to the combofix run as the driver needs a bigger hammer to kill it

Once the run has completed let me know of any remaining problems please
  • 0

#70
maezhou
Posted 05 November 2011 - 01:16 AM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Sorry, hitting enter when asked for password didn't work,

It just toggles between these 2 screens:
OTL_reboot_handle_invalid_after_reboot.jpg

OTL_reboot_owner_password.jpg

And after 3 loops (hit enter 6 times), I get the welcome screen:
OTL_reboot_welcome_windows_vista_home_premium.jpg

And then after a few seconds, monitor will dim and then machine restarts again. :)

Can't do anything, so I just turned off the laptop. :yes:
  • 0

Advertisements

#71
Essexboy
Posted 05 November 2011 - 06:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Reboot the computer and press then hold F8
At the menu that appears select Last known good
Reboot and see if that works

If not then run Combofix from safe mode
  • 0

#72
maezhou
Posted 05 November 2011 - 09:39 AM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
F8 - Last known good -- worked.
And after reboot, this report/log (filename: 11042011_000818.txt) automatically opened up:

All processes killed
========== OTL ==========
Service HLL stopped successfully!
Service HLL deleted successfully!
File C:\Users\Owner\AppData\Local\Temp\HLL.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:410-3601204245-1000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:Ḯ& deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:䥬 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 197208 bytes
->Temporary Internet Files folder emptied: 6248453 bytes
->Java cache emptied: 18491172 bytes
->FireFox cache emptied: 39989440 bytes
->Apple Safari cache emptied: 14336 bytes
->Opera cache emptied: 13434877 bytes
->Flash cache emptied: 4817 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 75.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 11042011_000818

Files\Folders moved on Reboot...
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF669.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF67B.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF772.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF80F.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFC74C.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFC780.tmp not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEBD53Z0\1@x71[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEBD53Z0\1@x96[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEBD53Z0\1@x96[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEBD53Z0\2011Generic@Bottom3[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEBD53Z0\2011Generic@Bottom3[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEBD53Z0\@x94[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEBD53Z0\cc[1].gif moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEBD53Z0\data_sync[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEBD53Z0\data_sync[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEBD53Z0\emily[1].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEBD53Z0\emily[2].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEBD53Z0\emily[3].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEBD53Z0\index[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEBD53Z0\iphone-find-my-friends[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEBD53Z0\passback.c.r[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEBD53Z0\passback.c.r[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEBD53Z0\redirect_v93_cim_11_15_6[1].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\1@x71[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\1@x96[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\1@x96[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\@x94[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\@x94[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\audio[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\cc[2].gif moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\data_sync[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\emily[1].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\fw-nonplayer-banner[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\fw-nonplayer-banner[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\fw-nonplayer-banner[3].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\iphone-find-my-friends[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\login_status[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\passback.c.r[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\programguide[1].css moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\sandbox[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\xd_receiver[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\xd_receiver[3].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFN5QLYJ\xd_receiver[4].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\11914454103@x23[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\120111104052710@x90[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\1261675981@x23[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\20111104052710[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\2011Generic@Bottom3[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\2011Generic@Bottom3[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\adme_mevio_com[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\emily[1].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\emily[2].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\emily[3].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\emily[4].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\emily[5].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\emily[6].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\emily[7].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\FeatureLoader.js[1].php moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\fw-nonplayer-banner[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\fw-nonplayer-banner[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\fw-nonplayer-banner[3].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\fw-nonplayer-banner[4].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\ie6-fixes[1].css moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\index[1].css moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\login_status[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\login_status[3].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCFUKF5V\passback.c.r[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZVV7U4U\1292041088@x23[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZVV7U4U\191650882@x23[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZVV7U4U\1@x71[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZVV7U4U\1@x71[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZVV7U4U\@x94[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZVV7U4U\cc[2].gif moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZVV7U4U\cc[3].gif moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZVV7U4U\data_sync[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZVV7U4U\data_sync[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZVV7U4U\emily[1].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZVV7U4U\emily[2].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZVV7U4U\fw-nonplayer-banner[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZVV7U4U\fw-nonplayer-banner[3].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZVV7U4U\sandbox[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZVV7U4U\sandbox[2].htm moved successfully.

Registry entries deleted on Reboot...
  • 0

#73
Essexboy
Posted 05 November 2011 - 09:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What are your current problems ?
  • 0

#74
maezhou
Posted 05 November 2011 - 10:35 AM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
ComboFix is running right now.

But I got the Microsoft WIndows alert popup saying: "pev.3XE has stopped working" while ComboFix is running. I got it when it's ComboFix is on Stage_5 completion.

ComboFix is running faster now than the other time that I successfully run it. But still longer than 10minutes (which is what it says if there's not much to fix).
  • 0

#75
Essexboy
Posted 05 November 2011 - 10:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see what Combofix has to say for itself and then once it has run can you list your remaining problems
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP