Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

System Restore window "PC Performance & Stability analysis rep

Started by maezhou , Oct 22 2011 03:20 AM

Page 6 of 17
4
5
6
7
8

This topic is locked

#76
maezhou

Posted 05 November 2011 - 11:24 AM

Member

Topic Starter
Member
152 posts

Whew! I thought ComboFix will be faster this time, I spoke too soon. The whole thing run for 1 hr 20 minutes.

And I got the popup on the taskbar saying "Windows Explorer stopped working"
And also I still has small window thing on my desktop saying "LAME MP3 codec: About". It's been there since I got this virus.
Reported that on my first few posts here.

And the desktop.ini shows up on notepad upon restart. Here's the notepad content:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

And here's the ComboFix log:

ComboFix 11-11-05.02 - Owner 11/05/2011 9:00.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.808 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Owner\AppData\Local\Temp\HLL.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HLL
.
.
((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))))
.
.
2011-11-05 16:51 . 2011-11-05 16:51 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F0B3E9D-7FBB-46A1-B845-9EC0E5C314DC}\offreg.dll
2011-11-05 16:48 . 2011-11-05 16:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-11-05 16:48 . 2011-11-05 16:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-05 15:49 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F0B3E9D-7FBB-46A1-B845-9EC0E5C314DC}\mpengine.dll
2011-11-04 05:19 . 2011-11-05 16:57 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-10-23 21:17 . 2011-10-23 21:17 11264 ----a-w- c:\windows\system32\drivers\uzi1odu0.sys
2011-10-23 17:13 . 2011-10-23 17:13 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-23 17:10 . 2011-10-24 02:43 133208 ----a-w- c:\windows\system32\drivers\68522918.sys
2011-10-22 21:43 . 2011-10-22 21:43 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-10-22 21:43 . 2011-10-22 21:43 -------- d-----w- c:\programdata\Malwarebytes
2011-10-22 21:43 . 2011-10-22 21:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-22 21:43 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-22 18:19 . 2011-10-22 19:54 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-22 16:37 . 2011-10-22 16:37 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-13 17:15 . 2011-05-15 16:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 03:01 . 2011-10-04 03:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-12-17 13:57 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-10-05 17:54 303104 ------w- c:\ddi\OverIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2007-09-01 4669440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2011-09-09 1382984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"NVC"="c:\program files\Nortel\Nortel VPN Client\Nvc.exe" [2010-03-01 1717600]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOL DDI.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AOL DDI.lnk
backup=c:\windows\pss\AOL DDI.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 17:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-10-30 11:52 16200 ----a-w- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-19 12:19 154136 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-19 12:20 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2007-09-19 18:09 311296 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
2007-09-20 17:23 253952 ----a-w- c:\program files\Sony\Network Utility\LANUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-19 12:20 137752 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-09-01 14:08 4669440 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-21 20:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
2007-09-06 22:38 53248 ----a-w- c:\program files\Sony\VAIO Center Access Bar\VCAB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Help and Support Demo]
2007-08-28 00:54 290816 ----a-w- c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORegistration]
2007-10-17 21:40 20480 ----a-w- c:\program files\Sony\First Experience\WelcomeLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
2007-10-12 23:29 45056 ----a-w- c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2528014064-590018410-3601204245-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 135664]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [2008-08-03 835208]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 135664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-10-22 111872]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
R4 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2007-09-20 204800]
R4 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]
R4 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312]
R4 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 292128]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-21 79136]
S0 68522918;68522918;c:\windows\system32\DRIVERS\68522918.sys [2011-10-24 133208]
S1 uzi1odu0;AVZ-RK Kernel Driver;c:\windows\system32\Drivers\uzi1odu0.sys [2011-10-23 11264]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NvcSvcMgr;Nortel VPN Client;c:\program files\Nortel\Nortel VPN Client\NvcSvcMgr.exe [2010-03-01 628072]
S2 nvcwfpco;nvcwfpco;c:\windows\system32\DRIVERS\nvcwfpco.sys [2010-03-01 68688]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2011-07-11 45584]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-09-09 3381184]
S3 NT_NvcA;Nortel VPN Adapter;c:\windows\system32\DRIVERS\ntnvca.sys [2010-03-01 40016]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-05 812544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 05:16]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 05:16]
.
2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-31 08:07]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-31 08:07]
.
2011-11-05 c:\windows\Tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job
- c:\windows\system32\msfeedssync.exe [2011-07-28 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = proxy.sg.globalsources.com:3333
uInternet Settings,ProxyOverride = globalsources.com;www2.variety.com;*.local;<local>
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: d-addicts.com
Trusted Zone: d-addicts.net
Trusted Zone: globalsources.com\bugzero
Trusted Zone: globalsources.com\exchange
Trusted Zone: globalsources.com\merlion
Trusted Zone: globalsources.com\www
Trusted Zone: google.com\mail
Trusted Zone: variety.com\www
Trusted Zone: variety.com\www2
Trusted Zone: youtube.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8F0D53FB-9794-4FCC-A3D7-BDE95685A1FF}: NameServer = 10.71.20.53,10.71.20.54
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d7hqvm9f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-05 09:56
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5200)
c:\ddi\overicon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Webroot\Security\current\plugins\antimalware\AEI.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\NOTEPAD.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-11-05 10:18:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-05 17:18
ComboFix2.txt 2011-11-04 05:19
.
Pre-Run: 61,947,977,728 bytes free
Post-Run: 57,965,629,440 bytes free
.
- - End Of File - - 7FFD2356B55DC001AE16C974E4CD49F0

#77
Essexboy

Posted 05 November 2011 - 11:32 AM

GeekU Moderator

Retired Staff
69,964 posts

For the notepad file use the fixit button on this page

Can you manualy delete the image from th desktop ?

#78
maezhou

Posted 05 November 2011 - 08:16 PM

Member

Topic Starter
Member
152 posts

I got this error when I tried to run MicrosoftFixit50641: "This Microsoft Fix it does not apply to your operating system or application version"

I'll just try the steps for Let me fix it myself.

I tried to close the Lame MP3 codec window from the desktop, but clicking on the [x] at the top right won't close it.
Clicking on the OK button will play a radio station on the background, and won't turn off unless the computer is turned off, which is really irritating.

#79
maezhou

Posted 05 November 2011 - 09:45 PM

Member

Topic Starter
Member
152 posts

I did the Let me fix it myself for FixIt and I think it worked. I didn't get the desktop.ini on notepad again when I restarted the machine.
But the Lame MP3 codec is still on the desktop.

And the Start button now has the screenshot below -- where the programs that I have before I got the virus are not in the list.
Will they be automatically included once I start to use those programs again? But i've been using photoshop, and it's not showing in the list (left side of start window)

#80
Essexboy

Posted 06 November 2011 - 04:17 AM

GeekU Moderator

Retired Staff
69,964 posts

The only way to restore those elements in vista is to do the following :

Go start > All Programs
Open the folder of the programe and right click the executable
Select Pin to Start Menu

Could you then uninstall these two programmes and let me know if the popup disappears

BS_Player Toolbar
BS.Player FREE

#81
maezhou

Posted 06 November 2011 - 01:15 PM

Member

Topic Starter
Member
152 posts

Hi, I was able to remove the LAME MP3 window. Thanks!

I'm now getting this on startup:

And i'm still getting this on the taskbar:

I followed the instruction from the Change Data Execution Prevention settings.
I tried selecting the first radio button, then restart the machine, and it didn't work, I still get the error.
Then I tried to do the second radio button, still didn't work.
Initially, neither of the radio buttons is selected.

#82
Essexboy

Posted 06 November 2011 - 04:34 PM

GeekU Moderator

Retired Staff
69,964 posts

For the IE DEP error could you follow the instructions on this page start at option one with the elevated command prompt

For the DLL error could you run OTL for me please and ensure all users is selected

#83
maezhou

Posted 06 November 2011 - 10:11 PM

Member

Topic Starter
Member
152 posts

Here's the OTL log:

OTL logfile created on: 11/6/2011 7:45:12 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.76% Memory free
4.21 Gb Paging File | 3.07 Gb Available in Paging File | 72.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.40 Gb Total Space | 44.70 Gb Free Space | 25.06% Space Free | Partition Type: NTFS

Computer Name: BULLETS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/22 08:32:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/09/08 17:37:19 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/09/08 17:37:13 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/08/24 17:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/08/24 17:28:48 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/01 10:19:14 | 000,628,072 | ---- | M] (Nortel Networks) -- C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/02/03 05:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/08 04:35:43 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/06/08 04:35:43 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/06/08 04:35:39 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/04/03 17:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/02/03 20:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007/01/01 13:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/08 17:37:24 | 002,557,952 | ---- | M] () -- C:\Program Files\Webroot\Security\Current\Framework\frameworkresources.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/09/20 02:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/09/19 04:19:58 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/09/08 17:37:19 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/24 17:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/12/28 00:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/01 10:19:14 | 000,628,072 | ---- | M] (Nortel Networks) [Auto | Running] -- C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe -- (NvcSvcMgr)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/03 02:45:04 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Stopped] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/28 20:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/09/23 11:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/09/20 17:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/09/20 09:23:16 | 000,204,800 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/09/05 09:53:48 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/08/28 15:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 15:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/14 19:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 00:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 00:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/08/09 00:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/08/09 00:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/08/09 00:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/28 07:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 07:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

========== Driver Services (SafeList) ==========

DRV - [2011/10/23 18:43:29 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\68522918.sys -- (68522918)
DRV - [2011/10/23 13:17:10 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\uzi1odu0.sys -- (uzi1odu0)
DRV - [2011/10/22 11:54:16 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/11 09:07:52 | 000,181,008 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2011/07/11 09:07:52 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2011/07/11 09:07:50 | 000,045,584 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2010/03/01 09:52:50 | 000,068,688 | ---- | M] (Nortel Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nvcwfpco.sys -- (nvcwfpco)
DRV - [2010/03/01 09:52:46 | 000,040,016 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ntnvca.sys -- (NT_NvcA)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/10/28 04:28:02 | 000,776,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/19 12:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/19 04:24:58 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/18 19:30:44 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/28 17:58:06 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/08 04:35:43 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/05 04:17:29 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/24 16:36:21 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/01 23:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2005/11/02 03:23:08 | 000,014,464 | R--- | M] (©NOWCOM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\nowmemdf.sys -- (NOWMEMDF)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found

IE - HKU\.DEFAULT\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = globalsources.com;www2.variety.com;*.local;<local>
IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.sg.globalsources.com:3333

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/CCBPL: C:\Program Files\Canon\APU\npCCBPLFirefox.dll (Canon Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 19:01:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 22:49:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/19 14:24:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/08/26 20:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2011/11/06 18:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions
[2010/03/25 21:17:18 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/27 18:27:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/10 18:59:25 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/06/19 13:46:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/10/30 22:57:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/15 19:00:20 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/10/10 21:33:32 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/12/14 05:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/01/08 08:08:37 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/01/26 20:29:44 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011/09/28 04:29:32 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2010/11/15 08:37:36 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\[email protected]
[2011/03/21 14:28:02 | 000,000,921 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d7hqvm9f.default\searchplugins\conduit.xml
[2011/07/02 14:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 20:10:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 04:42:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/10 18:41:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/11 05:38:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 05:40:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/02 14:54:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
[2011/10/03 19:01:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/12/17 05:57:53 | 000,024,672 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll
[2011/09/08 20:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 19:01:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/06 19:38:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [NVC] C:\Program Files\Nortel\Nortel VPN Client\Nvc.exe (Nortel Networks)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000..\Run: [Mrrnh] C:\Users\Owner\AppData\Roaming\mspbde40M.dll ()
O4 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: d-addicts.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: d-addicts.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: globalsources.com ([bugzero] * in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: globalsources.com ([exchange] * in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: globalsources.com ([merlion] * in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: globalsources.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: google.com ([mail] http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: variety.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: variety.com ([www2] http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: youtube.com ([www] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D043B09-6D04-416F-98FD-37C14266FA88}: DhcpNameServer = 10.35.28.28 10.35.28.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F0D53FB-9794-4FCC-A3D7-BDE95685A1FF}: NameServer = 10.71.20.53,10.71.20.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBA58C74-8DE1-4E19-A4C4-10380F461B9D}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O30 - LSA: Security Packages - (410-3601204245-1000) - File not found
O30 - LSA: Security Packages - (Ḯ&) - File not found
O30 - LSA: Security Packages - (䥬) - File not found
O30 - LSA: Security Packages - () - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/06 10:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
[2011/11/05 09:19:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/05 09:14:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/05 07:48:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/03 21:19:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2011/11/03 19:53:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/03 19:53:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/03 19:53:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/23 14:45:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/23 09:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/23 09:10:11 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\68522918.sys
[2011/10/22 18:50:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\system malfunction screenshots
[2011/10/22 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2011/10/22 13:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/22 13:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/22 13:43:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/22 13:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/22 13:29:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/22 13:20:12 | 004,283,735 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/10/22 13:17:24 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/22 08:37:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/22 01:23:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OneNote Notebooks
[2011/10/21 23:43:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/10/21 23:39:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/10/12 19:51:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Training Lessons
[2011/10/10 18:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet

========== Files - Modified Within 30 Days ==========

[2011/11/06 20:00:44 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job
[2011/11/06 19:45:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000UA.job
[2011/11/06 19:42:20 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/06 19:42:20 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/06 19:38:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/06 19:36:19 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/06 19:36:19 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/06 19:36:12 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/06 19:35:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/06 19:35:55 | 2137,427,968 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/06 19:07:18 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/06 18:10:30 | 000,201,159 | ---- | M] () -- C:\Users\Owner\Desktop\test_lightshot.jpg
[2011/11/06 10:40:50 | 000,000,939 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk
[2011/11/06 09:56:00 | 000,069,120 | RHS- | M] () -- C:\Users\Owner\AppData\Roaming\mspbde40M.dll
[2011/11/06 09:56:00 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\Syajtz.job
[2011/11/05 23:08:29 | 000,064,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/05 22:45:01 | 000,001,768 | ---- | M] () -- C:\Users\Owner\Documents\Default.rdp
[2011/11/05 07:46:39 | 004,283,735 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/11/01 23:45:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000Core.job
[2011/11/01 04:03:36 | 214,444,320 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/23 18:43:29 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\68522918.sys
[2011/10/23 13:17:10 | 000,011,264 | ---- | M] () -- C:\Windows\System32\drivers\uzi1odu0.sys
[2011/10/22 13:17:32 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/22 12:12:11 | 000,002,557 | ---- | M] () -- C:\Users\Owner\Desktop\RSA SecurID Software Token.lnk
[2011/10/22 11:54:16 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/22 11:50:20 | 000,006,324 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/10/22 09:47:05 | 000,684,297 | ---- | M] () -- C:\Users\Owner\Desktop\unhide.exe
[2011/10/22 08:32:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/10/22 01:23:47 | 000,001,111 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/10/21 23:43:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/10/15 00:50:49 | 000,001,614 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/10/13 18:42:18 | 000,875,022 | ---- | M] () -- C:\Users\Owner\Desktop\Learn CSS3 From A - Z- Getting Started With Layouts_1318560125613.jpeg
[2011/10/10 19:38:32 | 000,000,804 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BitComet.lnk

========== Files Created - No Company Name ==========

[2011/11/06 18:10:30 | 000,201,159 | ---- | C] () -- C:\Users\Owner\Desktop\test_lightshot.jpg
[2011/11/06 10:40:50 | 000,000,939 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk
[2011/11/06 09:56:00 | 000,069,120 | RHS- | C] () -- C:\Users\Owner\AppData\Roaming\mspbde40M.dll
[2011/11/06 09:56:00 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\Syajtz.job
[2011/11/03 19:53:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/03 19:53:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/03 19:53:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/03 19:53:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/03 19:53:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/03 19:30:23 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2011/11/03 19:21:44 | 000,000,944 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/10/31 22:41:45 | 2137,427,968 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/23 13:17:10 | 000,011,264 | ---- | C] () -- C:\Windows\System32\drivers\uzi1odu0.sys
[2011/10/22 10:20:35 | 000,001,643 | ---- | C] () -- C:\Users\Public\Desktop\Nortel VPN Client.lnk
[2011/10/22 10:20:35 | 000,001,081 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoomBrowser EX.lnk
[2011/10/22 10:20:34 | 000,002,821 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero BurnLite 10.lnk
[2011/10/22 10:20:34 | 000,002,004 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/22 10:20:34 | 000,001,854 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari 4.lnk
[2011/10/22 10:20:34 | 000,001,844 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\MP Navigator EX - MP210 Solution Menu.lnk
[2011/10/22 10:20:34 | 000,001,790 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/10/22 10:20:34 | 000,001,726 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/10/22 10:20:34 | 000,001,724 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/22 10:20:34 | 000,001,664 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/10/22 10:20:34 | 000,001,643 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk
[2011/10/22 10:20:34 | 000,001,614 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/10/22 10:20:34 | 000,000,943 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/22 10:20:34 | 000,000,939 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Trend Micro AntiVirus.lnk
[2011/10/22 10:20:34 | 000,000,938 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/22 10:20:34 | 000,000,871 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\TMPGEnc.exe - Shortcut.lnk
[2011/10/22 10:20:34 | 000,000,842 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad++.lnk
[2011/10/22 10:20:34 | 000,000,823 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk
[2011/10/22 10:20:34 | 000,000,796 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\TextPad.lnk
[2011/10/22 10:20:34 | 000,000,258 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/10/22 10:20:34 | 000,000,240 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/10/22 10:20:33 | 000,002,305 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/22 10:20:33 | 000,002,221 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro Photo X2.lnk
[2011/10/22 10:20:33 | 000,001,883 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Chikka Messenger v.4.lnk
[2011/10/22 10:20:33 | 000,000,967 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop 6.0.lnk
[2011/10/22 10:20:33 | 000,000,806 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\bsplay.exe - Shortcut.lnk
[2011/10/22 10:20:33 | 000,000,804 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BitComet.lnk
[2011/10/22 10:20:33 | 000,000,798 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ExamDiff.lnk
[2011/10/22 10:20:33 | 000,000,778 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Core FTP Lite.lnk
[2011/10/22 10:20:33 | 000,000,765 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CDex.exe - Shortcut.lnk
[2011/10/22 10:20:33 | 000,000,629 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CASETOOL.EXE - Shortcut.lnk
[2011/10/22 10:19:39 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/22 09:46:56 | 000,684,297 | ---- | C] () -- C:\Users\Owner\Desktop\unhide.exe
[2011/10/22 01:23:47 | 000,001,111 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/10/13 18:42:15 | 000,875,022 | ---- | C] () -- C:\Users\Owner\Desktop\Learn CSS3 From A - Z- Getting Started With Layouts_1318560125613.jpeg
[2011/07/26 23:11:21 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{29526623-9FE2-4B87-8260-01B1C7EB7782}
[2010/12/24 05:37:05 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2010/12/24 05:37:05 | 000,017,472 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe
[2009/12/27 02:14:23 | 000,017,451 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\TempResizeJpeg.JPG
[2009/10/08 19:03:34 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/18 23:43:28 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/15 20:01:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/15 20:01:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/06 21:12:57 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/05/04 08:29:22 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat
[2008/04/12 10:45:29 | 000,006,324 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/02/28 19:26:19 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2008/02/28 16:33:51 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/02/21 13:38:11 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/02/21 13:38:01 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/02/21 13:38:01 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/02/21 13:38:00 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/02/21 13:37:55 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/18 19:13:38 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\287DA63AB7.sys
[2008/02/18 19:13:36 | 000,003,608 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/02/17 21:52:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/16 23:26:23 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2008/02/16 23:23:15 | 000,777,728 | ---- | C] () -- C:\Windows\System32\Sslsvc.dll
[2008/02/16 23:23:14 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008/02/16 23:23:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\cfmsg.dll
[2008/02/16 23:23:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/02/16 23:23:01 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lang_cfml.dll
[2008/02/16 23:23:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\xml_datagrove.dll
[2008/02/15 16:12:52 | 000,064,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/15 02:55:14 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/11/15 02:53:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2007/10/31 10:45:08 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/10/31 09:56:19 | 000,000,033 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2007/10/30 19:28:59 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/30 19:28:59 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/10/30 19:28:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2007/06/05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 001,684,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/02 00:20:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2011/11/06 10:46:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BSplayer
[2008/02/21 13:02:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BSplayer Pro
[2009/10/11 21:14:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2010/09/19 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CoreFTP
[2010/04/10 09:31:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Facebook
[2008/03/23 20:41:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Helios
[2008/07/21 19:17:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\InterVideo
[2010/08/15 15:55:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Notepad++
[2009/02/28 18:16:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2008/10/06 21:12:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ScanSoft
[2009/10/08 19:03:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2008/02/27 15:50:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird
[2011/11/06 19:35:06 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/06 09:56:00 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\Syajtz.job
[2011/11/06 20:00:44 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\Lovers in Paris NGs.avi:TOC.WMV

< End of report >

#84
Essexboy

Posted 07 November 2011 - 12:23 PM

GeekU Moderator

Retired Staff
69,964 posts

OK got it - I should have asked for an all user scan before

Again once done let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000..\Run: [Mrrnh] C:\Users\Owner\AppData\Roaming\mspbde40M.dll ()
[2011/11/06 09:56:00 | 000,069,120 | RHS- | C] () -- C:\Users\Owner\AppData\Roaming\mspbde40M.dll
[2011/11/06 09:56:00 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\Syajtz.job

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#85
maezhou

Posted 07 November 2011 - 08:07 PM

Member

Topic Starter
Member
152 posts

After reboot, this file automatically opened:
C:\_OTL\MovedFiles\11072011_175155.txt

Here's the content of that file:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Mrrnh deleted successfully.
C:\Users\Owner\AppData\Roaming\mspbde40M.dll moved successfully.
File C:\Users\Owner\AppData\Roaming\mspbde40M.dll not found.
C:\Windows\Tasks\Syajtz.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 20345549 bytes
->Temporary Internet Files folder emptied: 77348810 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51806818 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1905 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1392 bytes
RecycleBin emptied: 734931061 bytes

Total Files Cleaned = 843.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 11072011_175155

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\8c690835.$$$ not found!

Registry entries deleted on Reboot...

#86
maezhou

Posted 07 November 2011 - 08:30 PM

Member

Topic Starter
Member
152 posts

I did the Scan All User, is that okay?

here's the OTL log:

OTL logfile created on: 11/7/2011 6:09:21 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.63% Memory free
4.21 Gb Paging File | 3.07 Gb Available in Paging File | 72.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.40 Gb Total Space | 44.71 Gb Free Space | 25.06% Space Free | Partition Type: NTFS

Computer Name: BULLETS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/22 08:32:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/09/08 17:37:19 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/09/08 17:37:13 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/08/24 17:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/08/24 17:28:48 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/01 10:19:14 | 000,628,072 | ---- | M] (Nortel Networks) -- C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/02/03 05:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/08 04:35:43 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/06/08 04:35:43 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/06/08 04:35:39 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/04/03 17:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/02/03 20:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007/01/01 13:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/08 17:37:24 | 002,557,952 | ---- | M] () -- C:\Program Files\Webroot\Security\Current\Framework\frameworkresources.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/09/19 04:19:58 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/09/08 17:37:19 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/24 17:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/12/28 00:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/01 10:19:14 | 000,628,072 | ---- | M] (Nortel Networks) [Auto | Running] -- C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe -- (NvcSvcMgr)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/03 02:45:04 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Stopped] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/28 20:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/09/23 11:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/09/20 17:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/09/20 09:23:16 | 000,204,800 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/09/05 09:53:48 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/08/28 15:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 15:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/14 19:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 00:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 00:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/08/09 00:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/08/09 00:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/08/09 00:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/28 07:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 07:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

========== Driver Services (SafeList) ==========

DRV - [2011/10/23 18:43:29 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\68522918.sys -- (68522918)
DRV - [2011/10/23 13:17:10 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\uzi1odu0.sys -- (uzi1odu0)
DRV - [2011/10/22 11:54:16 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/11 09:07:52 | 000,181,008 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2011/07/11 09:07:52 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2011/07/11 09:07:50 | 000,045,584 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2010/03/01 09:52:50 | 000,068,688 | ---- | M] (Nortel Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nvcwfpco.sys -- (nvcwfpco)
DRV - [2010/03/01 09:52:46 | 000,040,016 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ntnvca.sys -- (NT_NvcA)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/10/28 04:28:02 | 000,776,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/19 12:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/19 04:24:58 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/18 19:30:44 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/28 17:58:06 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/08 04:35:43 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/05 04:17:29 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/24 16:36:21 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/01 23:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2005/11/02 03:23:08 | 000,014,464 | R--- | M] (©NOWCOM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\nowmemdf.sys -- (NOWMEMDF)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found

IE - HKU\.DEFAULT\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = globalsources.com;www2.variety.com;*.local;<local>
IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.sg.globalsources.com:3333

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/CCBPL: C:\Program Files\Canon\APU\npCCBPLFirefox.dll (Canon Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 19:01:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 22:49:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/19 14:24:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/08/26 20:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2011/11/07 18:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions
[2010/03/25 21:17:18 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/27 18:27:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/10 18:59:25 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/06/19 13:46:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/10/30 22:57:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/15 19:00:20 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/10/10 21:33:32 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/12/14 05:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/01/08 08:08:37 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/01/26 20:29:44 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011/11/07 18:03:41 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2010/11/15 08:37:36 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\[email protected]
[2011/03/21 14:28:02 | 000,000,921 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d7hqvm9f.default\searchplugins\conduit.xml
[2011/07/02 14:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 20:10:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 04:42:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/10 18:41:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/11 05:38:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 05:40:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/02 14:54:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
[2011/10/03 19:01:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/12/17 05:57:53 | 000,024,672 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll
[2011/09/08 20:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 19:01:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/07 18:01:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [NVC] C:\Program Files\Nortel\Nortel VPN Client\Nvc.exe (Nortel Networks)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: d-addicts.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: d-addicts.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: globalsources.com ([bugzero] * in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: globalsources.com ([exchange] * in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: globalsources.com ([merlion] * in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: globalsources.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: google.com ([mail] http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: variety.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: variety.com ([www2] http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: youtube.com ([www] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D043B09-6D04-416F-98FD-37C14266FA88}: DhcpNameServer = 10.35.28.28 10.35.28.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F0D53FB-9794-4FCC-A3D7-BDE95685A1FF}: NameServer = 10.71.20.53,10.71.20.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBA58C74-8DE1-4E19-A4C4-10380F461B9D}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O30 - LSA: Security Packages - (410-3601204245-1000) - File not found
O30 - LSA: Security Packages - (Ḯ&) - File not found
O30 - LSA: Security Packages - (䥬) - File not found
O30 - LSA: Security Packages - () - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/06 10:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
[2011/11/05 09:19:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/05 09:14:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/05 07:48:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/03 21:19:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2011/11/03 19:53:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/03 19:53:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/03 19:53:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/23 14:45:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/23 09:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/23 09:10:11 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\68522918.sys
[2011/10/22 18:50:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\system malfunction screenshots
[2011/10/22 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2011/10/22 13:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/22 13:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/22 13:43:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/22 13:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/22 13:29:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/22 13:20:12 | 004,283,735 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/10/22 13:17:24 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/22 08:37:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/22 01:23:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OneNote Notebooks
[2011/10/21 23:39:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/10/12 19:51:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Training Lessons
[2011/10/10 18:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet

========== Files - Modified Within 30 Days ==========

[2011/11/07 18:25:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job
[2011/11/07 18:07:16 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/07 18:04:17 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/07 18:04:17 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/07 18:01:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/07 17:58:47 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/07 17:58:45 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 17:58:44 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 17:58:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/07 17:58:24 | 2137,427,968 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 17:45:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000UA.job
[2011/11/07 17:44:25 | 000,001,768 | ---- | M] () -- C:\Users\Owner\Documents\Default.rdp
[2011/11/06 10:40:50 | 000,000,939 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk
[2011/11/05 23:08:29 | 000,064,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/05 07:46:39 | 004,283,735 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/11/01 23:45:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000Core.job
[2011/11/01 04:03:36 | 214,444,320 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/23 18:43:29 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\68522918.sys
[2011/10/23 13:17:10 | 000,011,264 | ---- | M] () -- C:\Windows\System32\drivers\uzi1odu0.sys
[2011/10/22 13:17:32 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/22 12:12:11 | 000,002,557 | ---- | M] () -- C:\Users\Owner\Desktop\RSA SecurID Software Token.lnk
[2011/10/22 11:54:16 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/22 11:50:20 | 000,006,324 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/10/22 09:47:05 | 000,684,297 | ---- | M] () -- C:\Users\Owner\Desktop\unhide.exe
[2011/10/22 08:32:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/10/22 01:23:47 | 000,001,111 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/10/15 00:50:49 | 000,001,614 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/10/13 18:42:18 | 000,875,022 | ---- | M] () -- C:\Users\Owner\Desktop\Learn CSS3 From A - Z- Getting Started With Layouts_1318560125613.jpeg
[2011/10/10 19:38:32 | 000,000,804 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BitComet.lnk

========== Files Created - No Company Name ==========

[2011/11/06 10:40:50 | 000,000,939 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk
[2011/11/03 19:53:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/03 19:53:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/03 19:53:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/03 19:53:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/03 19:53:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/03 19:30:23 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2011/11/03 19:21:44 | 000,000,944 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/10/31 22:41:45 | 2137,427,968 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/23 13:17:10 | 000,011,264 | ---- | C] () -- C:\Windows\System32\drivers\uzi1odu0.sys
[2011/10/22 10:20:35 | 000,001,643 | ---- | C] () -- C:\Users\Public\Desktop\Nortel VPN Client.lnk
[2011/10/22 10:20:35 | 000,001,081 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoomBrowser EX.lnk
[2011/10/22 10:20:34 | 000,002,821 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero BurnLite 10.lnk
[2011/10/22 10:20:34 | 000,002,004 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/22 10:20:34 | 000,001,854 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari 4.lnk
[2011/10/22 10:20:34 | 000,001,844 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\MP Navigator EX - MP210 Solution Menu.lnk
[2011/10/22 10:20:34 | 000,001,790 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/10/22 10:20:34 | 000,001,726 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/10/22 10:20:34 | 000,001,724 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/22 10:20:34 | 000,001,664 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/10/22 10:20:34 | 000,001,643 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk
[2011/10/22 10:20:34 | 000,001,614 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/10/22 10:20:34 | 000,000,943 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/22 10:20:34 | 000,000,939 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Trend Micro AntiVirus.lnk
[2011/10/22 10:20:34 | 000,000,938 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/22 10:20:34 | 000,000,871 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\TMPGEnc.exe - Shortcut.lnk
[2011/10/22 10:20:34 | 000,000,842 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad++.lnk
[2011/10/22 10:20:34 | 000,000,823 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk
[2011/10/22 10:20:34 | 000,000,796 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\TextPad.lnk
[2011/10/22 10:20:34 | 000,000,258 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/10/22 10:20:34 | 000,000,240 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/10/22 10:20:33 | 000,002,305 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/22 10:20:33 | 000,002,221 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro Photo X2.lnk
[2011/10/22 10:20:33 | 000,001,883 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Chikka Messenger v.4.lnk
[2011/10/22 10:20:33 | 000,000,967 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop 6.0.lnk
[2011/10/22 10:20:33 | 000,000,806 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\bsplay.exe - Shortcut.lnk
[2011/10/22 10:20:33 | 000,000,804 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BitComet.lnk
[2011/10/22 10:20:33 | 000,000,798 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ExamDiff.lnk
[2011/10/22 10:20:33 | 000,000,778 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Core FTP Lite.lnk
[2011/10/22 10:20:33 | 000,000,765 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CDex.exe - Shortcut.lnk
[2011/10/22 10:20:33 | 000,000,629 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CASETOOL.EXE - Shortcut.lnk
[2011/10/22 10:19:39 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/22 09:46:56 | 000,684,297 | ---- | C] () -- C:\Users\Owner\Desktop\unhide.exe
[2011/10/22 01:23:47 | 000,001,111 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/10/13 18:42:15 | 000,875,022 | ---- | C] () -- C:\Users\Owner\Desktop\Learn CSS3 From A - Z- Getting Started With Layouts_1318560125613.jpeg
[2011/07/26 23:11:21 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{29526623-9FE2-4B87-8260-01B1C7EB7782}
[2010/12/24 05:37:05 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2010/12/24 05:37:05 | 000,017,472 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe
[2009/12/27 02:14:23 | 000,017,451 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\TempResizeJpeg.JPG
[2009/10/08 19:03:34 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/18 23:43:28 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/15 20:01:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/15 20:01:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/06 21:12:57 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/05/04 08:29:22 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat
[2008/04/12 10:45:29 | 000,006,324 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/02/28 19:26:19 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2008/02/28 16:33:51 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/02/21 13:38:11 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/02/21 13:38:01 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/02/21 13:38:01 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/02/21 13:38:00 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/02/21 13:37:55 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/18 19:13:38 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\287DA63AB7.sys
[2008/02/18 19:13:36 | 000,003,608 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/02/17 21:52:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/16 23:26:23 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2008/02/16 23:23:15 | 000,777,728 | ---- | C] () -- C:\Windows\System32\Sslsvc.dll
[2008/02/16 23:23:14 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008/02/16 23:23:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\cfmsg.dll
[2008/02/16 23:23:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/02/16 23:23:01 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lang_cfml.dll
[2008/02/16 23:23:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\xml_datagrove.dll
[2008/02/15 16:12:52 | 000,064,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/15 02:55:14 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/11/15 02:53:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2007/10/31 10:45:08 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/10/31 09:56:19 | 000,000,033 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2007/10/30 19:28:59 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/30 19:28:59 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/10/30 19:28:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2007/06/05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 001,684,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/02 00:20:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2011/11/06 10:46:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BSplayer
[2008/02/21 13:02:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BSplayer Pro
[2009/10/11 21:14:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2010/09/19 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CoreFTP
[2010/04/10 09:31:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Facebook
[2008/03/23 20:41:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Helios
[2008/07/21 19:17:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\InterVideo
[2010/08/15 15:55:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Notepad++
[2009/02/28 18:16:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2008/10/06 21:12:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ScanSoft
[2009/10/08 19:03:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2008/02/27 15:50:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird
[2011/11/07 17:57:34 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/07 18:25:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\Lovers in Paris NGs.avi:TOC.WMV

< End of report >

#87
maezhou

Posted 07 November 2011 - 08:45 PM

Member

Topic Starter
Member
152 posts

I restarted the machine after running OTL. And this popup came up "Bonjour Service has stopped working":

Other than that, all looks good. :-)

#88
maezhou

Posted 08 November 2011 - 01:52 AM

Member

Topic Starter
Member
152 posts

I spoke too soon again.

I got these set of popups after I left my machine for a couple of minutes:

First I got the untitled blank Microsoft One Note document (beneath the IE error on this screenshot).

Then I got the balloon note from the taskbar:

And then i got the Internet Explorer has stopped working error on top of the Microsoft One Note Document:

I closed the IE error. And then Internet Explorer browser came up with a blank page.
IE is not my default browser. It probably just open up because I got the IE popup error.

#89
maezhou

Posted 08 November 2011 - 11:11 AM

Member

Topic Starter
Member
152 posts

I opened my laptop this morning, And just leave it, When I came back, IE browser is already open with a blank page.
I'm not sure though if there was an error before that.

#90
Essexboy

Posted 08 November 2011 - 12:34 PM

GeekU Moderator

Retired Staff
69,964 posts

OK first thing to do is to update to IE9

Then run this OTL fix and let me know if the problems still exist

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = globalsources.com;www2.variety.com;*.local;<local>
IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.sg.globalsources.com:3333
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.