Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack and malwares suspected [Solved]

Started by ladykaze , Jun 01 2013 07:58 AM

  • This topic is locked This topic is locked

#1
ladykaze
Posted 01 June 2013 - 07:58 AM

ladykaze

    Member

  • Member
  • PipPip
  • 54 posts
Hi, I think my computer is being hijacked by unknown trojan or virus. I was blocked from surfing some of the websites. I'm using Google Chrome browser currently and I receive error like "The server's security certificate is revoked!" Another symptom is, I'm unable to download anything as I will get an error like "Failed - Virus Scan failed" when I'm downloading things from trusted site. The third symptom is I get pop-ups every now and then.

Below is my OTL log. Appreciate any help to clear my PC of the malwares. Thank you.

OTL logfile created on: 01/06/2013 9:29:04 PM - Run 9
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.21 Gb Available Physical Memory | 10.49% Memory free
4.22 Gb Paging File | 2.20 Gb Available in Paging File | 52.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.73 Gb Total Space | 51.60 Gb Free Space | 23.49% Space Free | Partition Type: NTFS
Drive D: | 78.36 Gb Total Space | 77.89 Gb Free Space | 99.40% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 15.78 Gb Free Space | 3.39% Space Free | Partition Type: NTFS

Computer Name: MISSYIJUN-PC | User Name: Miss Yi Jun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/01/15 20:08:46 | 000,945,328 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/10/06 04:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012/05/11 17:39:26 | 002,637,624 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe
PRC - [2012/05/11 17:30:58 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/25 09:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/27 16:04:31 | 001,453,568 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SingTel\McciTrayApp.exe
PRC - [2008/01/16 09:10:37 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/25 17:29:38 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\FlashGet\flashget.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/23 13:44:07 | 000,393,168 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/23 13:44:06 | 013,136,336 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013/05/23 13:43:59 | 004,051,408 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/23 13:43:03 | 001,597,392 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/05/11 17:35:30 | 000,397,312 | ---- | M] () -- C:\Program Files\Orbitdownloader\wtlctrl.dll
MOD - [2010/07/05 05:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2009/04/11 14:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/04/11 14:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/09/11 19:21:34 | 001,327,184 | ---- | M] () -- C:\Program Files\FlashGet\FGEMCORE.dll
MOD - [2007/09/11 19:21:34 | 000,626,688 | ---- | M] () -- C:\Program Files\FlashGet\FGBTCORE.dll
MOD - [2006/03/09 18:45:36 | 000,081,920 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Ssbbuse)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - File not found [Auto | Stopped] -- C:\Users\Miss Yi Jun\funshion\funshiontools\FunshionSvr.dll -- (FunshionSvr)
SRV - [2013/05/15 23:27:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/15 20:08:46 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\appliand.sys -- (appliandMP)
DRV - [2013/06/01 21:19:00 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/02/22 09:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2013/02/22 09:37:16 | 000,040,136 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2013/01/15 20:08:47 | 000,031,576 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/07/20 19:48:54 | 000,031,360 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/02/18 12:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudobex.sys -- (ssudobex)
DRV - [2011/02/18 12:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/02/18 12:47:42 | 000,066,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/01/24 21:17:20 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/01/24 21:17:20 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/01/03 16:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 16:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/01/03 16:38:36 | 000,114,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/01/03 16:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/21 13:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/03 17:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/07/05 03:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/25 23:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 23:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 23:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 23:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 23:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 23:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 23:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008/04/02 09:48:40 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/04/02 09:48:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2006/09/19 22:14:10 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/09/19 22:14:10 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/06/03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=29/05/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=29/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...Date=29/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...Date=29/05/2013
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:0.8.0
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.12
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.startup.homepage: "http://www.hao123.com"
FF - prefs.js..browser.startup.homepage: "http://www.hao123.com"
FF - prefs.js..browser.startup.homepage: "http://www.hao123.co...ser.newtab.url", "about:blank");
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\1.0.0.54\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrlPlugin: C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(530).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npaplayer: C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files\Thunder Network\Thunder\BHO\xluser\npxluser.dll File not found
FF - HKLM\Software\MozillaPlugins\@ylmf.com/UploadPlugin: C:\Program Files\115\UDown\NPUpLoadFile.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Miss Yi Jun\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Miss Yi Jun\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files\Thunder Network\Thunder\BHO\xluser\npxluser.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.2: C:\Users\Miss Yi Jun\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/29 00:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components [2012/05/18 14:26:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2013/05/17 22:05:34 | 000,000,000 | ---D | M]

[2009/07/28 21:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Extensions
[2009/07/28 21:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2013/05/25 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions
[2010/05/29 01:08:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/07 21:10:37 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2011/04/22 01:58:38 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013/05/25 16:39:59 | 000,000,000 | ---D | M] (Funshion Player Extension) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{D119EDE5-84F2-4204-927D-D8811DC193B9}
[2011/02/07 21:10:37 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/10/23 15:10:18 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
[2010/08/15 03:26:47 | 000,000,000 | ---D | M] (Nami Plugin) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
[2010/09/12 22:13:04 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/02/29 00:03:13 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Windows Media Player\np-mswmp.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Thunder DapCtrl Plugin (Enabled) = C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(530).dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.2 (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Media Go Detector (Enabled) = c:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: YouTube = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DBankPlugin = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpphgmdbhahgadoggfojpaljepicgfpd\1.1.0.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.1.7_0\
CHR - Extension: Gmail = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/11 16:17:24 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SingTel_McciTrayApp] C:\Program Files\SingTel\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun File not found
O4 - Startup: C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - %SystemRoot%\system32\wshbth.dll File not found
O15 - HKCU\..Trusted Domains: security_PPStream.exe ([]about in Trusted sites)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D419BDA-FFB2-414C-A8BF-86FFF8B80DFA}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92833653-E5A0-4C2D-870F-10A4A9E9EC78}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/01 21:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/06/01 21:19:00 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/06/01 01:01:00 | 000,000,000 | ---D | C] -- C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
[2013/06/01 01:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\x264 Video Codec
[2013/05/29 02:58:12 | 000,000,000 | ---D | C] -- C:\Users\Miss Yi Jun\AppData\Local\Smartbar
[2013/05/29 02:55:12 | 000,000,000 | ---D | C] -- C:\Users\Miss Yi Jun\AppData\Roaming\OpenCandy
[2013/05/29 02:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013/05/29 02:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013/05/28 21:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2013/05/28 21:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2013/05/28 21:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2013/05/28 21:29:13 | 000,000,000 | ---D | C] -- C:\Users\Miss Yi Jun\AppData\Roaming\Hotspot Shield
[2013/05/26 20:30:00 | 000,000,000 | ---D | C] -- C:\TDDOWNLOAD
[2013/05/26 20:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Xunlei
[2013/05/26 20:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Baidu
[2013/05/26 20:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PPLiveNetwork
[2013/05/02 22:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Boxtools
[2013/05/02 22:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boxoft Free PDF to PowerPoint Converter (freeware)
[2013/05/02 22:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Boxoft Free PDF to PowerPoint Converter (freeware)

========== Files - Modified Within 30 Days ==========

[2013/06/01 21:38:09 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/06/01 21:27:39 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/01 21:19:00 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/06/01 21:18:03 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/01 20:55:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-631317932-1057005952-1023814535-1000UA.job
[2013/06/01 20:39:20 | 000,005,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/01 20:39:19 | 000,005,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/01 20:39:13 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/01 20:39:11 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/06/01 20:39:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/01 13:30:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/01 13:20:25 | 000,189,952 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/01 12:57:33 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/01 12:57:33 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/30 20:57:11 | 000,000,000 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\prvlcl.dat
[2013/05/29 22:37:11 | 162,069,447 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/29 02:55:51 | 000,001,095 | ---- | M] () -- C:\Users\Miss Yi Jun\Desktop\Free YouTube Download.lnk
[2013/05/29 01:08:57 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/26 20:01:49 | 000,000,911 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Roaming\coreavc.ini
[2013/05/26 19:38:41 | 000,000,938 | ---- | M] () -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/05/26 18:55:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-631317932-1057005952-1023814535-1000Core.job
[2013/05/25 14:56:08 | 000,002,074 | ---- | M] () -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/25 14:56:07 | 000,002,072 | ---- | M] () -- C:\Users\Miss Yi Jun\Desktop\Google Chrome.lnk
[2013/05/17 12:05:28 | 000,401,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/06/01 21:36:26 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/05/29 22:37:11 | 162,069,447 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/29 02:55:50 | 000,001,095 | ---- | C] () -- C:\Users\Miss Yi Jun\Desktop\Free YouTube Download.lnk
[2012/09/13 22:59:05 | 000,001,850 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\network.dat
[2012/03/23 22:03:21 | 000,000,911 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\coreavc.ini
[2011/12/02 14:06:28 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2011/03/09 02:11:22 | 000,004,096 | -H-- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\keyfile3.drm
[2011/02/20 20:32:32 | 000,000,050 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\Syscfg.ini
[2010/12/13 21:47:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/20 22:17:52 | 000,000,552 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\d3d8caps.dat
[2010/03/30 00:30:11 | 000,000,000 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\prvlcl.dat
[2008/09/20 23:57:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/18 20:19:05 | 000,037,165 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/06/21 19:39:38 | 000,189,952 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/20 16:45:56 | 000,001,356 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 20:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 14:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 14:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/10 15:15:14 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\115
[2012/07/07 13:21:12 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\360Login
[2013/05/30 01:29:43 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\360se
[2008/10/10 22:25:18 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Ashampoo
[2012/09/29 13:29:54 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\AVG2013
[2011/03/24 23:16:03 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\BitTorrent
[2009/03/01 23:38:10 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\BonkEnc
[2012/01/27 00:15:29 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Canon
[2009/10/27 21:57:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/19 22:16:36 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\CravingExplorer
[2011/12/31 23:47:59 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\DBank
[2012/03/24 18:27:35 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Digiarty
[2013/05/31 21:08:39 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\DVDVideoSoft
[2010/03/01 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Facebook
[2008/06/22 18:13:40 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\FlashGet
[2012/07/07 14:34:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\flash_se
[2009/07/28 21:24:29 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Flock
[2010/08/20 22:24:21 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\funshionAddr
[2012/03/27 12:25:16 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\HandBrake
[2013/05/28 21:29:13 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Hotspot Shield
[2013/03/02 17:50:23 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\ImgBurn
[2012/08/22 01:27:26 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Leawo
[2013/03/21 22:14:30 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Mp3tag
[2009/11/26 00:13:15 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\NCH Swift Sound
[2013/05/29 02:55:12 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\OpenCandy
[2013/03/03 23:08:49 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\OpenOffice.org
[2013/06/01 21:20:49 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Orbit
[2011/11/14 00:55:30 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\PhotoScape
[2010/08/15 01:04:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\PPStream
[2012/05/18 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\ProgSense
[2012/05/18 18:34:20 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Recordpad
[2010/08/17 01:10:10 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Runscanner.net
[2011/11/07 21:39:51 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Samsung
[2011/01/24 21:09:47 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Sony
[2011/01/24 20:59:23 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Sony Setup
[2009/06/12 23:12:48 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Teleca
[2012/08/22 01:29:00 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\tiger-k
[2012/09/29 13:07:12 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\TuneUp Software
[2011/02/20 20:57:25 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\UDown
[2009/10/19 02:09:13 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Windows Live Writer
[2010/11/27 17:04:37 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\YouSendIt

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/05/26 20:17:53 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
[2012/07/08 02:15:56 | 000,000,000 | ---D | M](C:\360????) -- C:\360高速下载
[2012/07/07 15:50:41 | 000,000,000 | ---D | C](C:\360????) -- C:\360高速下载
[2012/07/07 13:21:15 | 000,000,897 | ---- | M] ()(C:\Users\Miss Yi Jun\Desktop\360?????.lnk) -- C:\Users\Miss Yi Jun\Desktop\360安全浏览器.lnk
[2012/07/07 13:21:15 | 000,000,897 | ---- | C] ()(C:\Users\Miss Yi Jun\Desktop\360?????.lnk) -- C:\Users\Miss Yi Jun\Desktop\360安全浏览器.lnk
[2012/07/07 13:21:15 | 000,000,877 | ---- | M] ()(C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360?????.lnk) -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全浏览器.lnk
[2012/07/07 13:21:15 | 000,000,877 | ---- | C] ()(C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360?????.lnk) -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全浏览器.lnk
[2012/07/02 12:59:18 | 000,014,347 | ---- | M] ()(C:\Users\Miss Yi Jun\Documents\???.docx) -- C:\Users\Miss Yi Jun\Documents\迪迪宅.docx
[2012/07/02 12:59:16 | 000,014,347 | ---- | C] ()(C:\Users\Miss Yi Jun\Documents\???.docx) -- C:\Users\Miss Yi Jun\Documents\迪迪宅.docx
[2012/06/20 13:01:47 | 000,000,162 | -H-- | M] ()(C:\Users\Miss Yi Jun\Documents\~$?????.docx) -- C:\Users\Miss Yi Jun\Documents\~$自己想要的.docx
[2012/06/20 13:01:47 | 000,000,162 | -H-- | C] ()(C:\Users\Miss Yi Jun\Documents\~$?????.docx) -- C:\Users\Miss Yi Jun\Documents\~$自己想要的.docx
[2012/03/08 22:30:34 | 000,000,000 | ---D | M](C:\Users\Miss Yi Jun\Documents\115???) -- C:\Users\Miss Yi Jun\Documents\115浏览器
[2012/03/08 21:31:25 | 000,000,000 | ---D | C](C:\Users\Miss Yi Jun\Documents\115???) -- C:\Users\Miss Yi Jun\Documents\115浏览器
(C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360????) -- C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360安全中心

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB60561$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 01 June 2013 - 08:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there you have a zero access infection so I would recommend that you change all passwords on completion

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
SRV - File not found [Auto | Stopped] -- C:\Users\Miss Yi Jun\funshion\funshiontools\FunshionSvr.dll -- (FunshionSvr)
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=29/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=29/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...Date=29/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...Date=29/05/2013
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[2013/05/25 16:39:59 | 000,000,000 | ---D | M] (Funshion Player Extension) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{D119EDE5-84F2-4204-927D-D8811DC193B9}
O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [Boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun File not found
[2012/02/10 15:15:14 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\115
[2012/07/07 13:21:12 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\360Login
[2013/05/30 01:29:43 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\360se
[2013/05/29 02:55:12 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\OpenCandy

:Files
C:\Users\Miss Yi Jun\funshion\funshiontools

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#3
ladykaze
Posted 01 June 2013 - 09:45 AM

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Thanks for the response. Let me know what should I do next. I have problem with combofix.

I had done as instructed.
Here is my OTL log:
All processes killed
========== OTL ==========
Error: No service named FunshionSvr was found to stop!
Service\Driver key FunshionSvr not found.
File C:\Users\Miss Yi Jun\funshion\funshiontools\FunshionSvr.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{D119EDE5-84F2-4204-927D-D8811DC193B9}\components folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{D119EDE5-84F2-4204-927D-D8811DC193B9}\chrome folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{D119EDE5-84F2-4204-927D-D8811DC193B9} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Boxoft Tools deleted successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\115\UploadPlugin\27231262 folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\115\UploadPlugin folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\115\Box\UserData\27231262\Files folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\115\Box\UserData\27231262 folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\115\Box\UserData folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\115\Box folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\115 folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360Login folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\WebCache folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\v3update\v3install folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\v3update\v3download folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\v3update folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Update folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Hang folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\SafeCentral folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\LoginEnrol\pushInfo\pic folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\LoginEnrol\pushInfo folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\LoginEnrol\pic folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\LoginEnrol folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\LoginAssis folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\Favorites\Log folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\Favorites folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtYouxi\server folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtYouxi\pngs folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtYouxi\GameNews folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtYouxi\GameMode folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtYouxi\GameCenter\pic folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtYouxi\GameCenter folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtYouxi\adsoft folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtYouxi folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtSmartWiz\res\search-icon-hot folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtSmartWiz\res\images folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtSmartWiz\res folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtSmartWiz folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtSafeAddress folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtDownload\temp folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtDownload folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtDoctor folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtBank\icon folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions\ExtBank folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\extensions folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\data\snapcache\logo folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\data\snapcache\json folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\data\snapcache folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\data\ico folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\data\ConfigV2 folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\data folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\bin\v3update folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\bin\skin folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\bin\SafeCentral folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\bin\Pages folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\bin\LoginEnrol folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\bin\Favorites folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\bin folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\yinyue folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\xinwen folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\xiaoshuo folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\wanyouxi folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\TranslatorPlugin folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\SnapPlugin folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\shipin folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\maidongxi folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\logs folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\LoginAssis folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\ExtYouxi folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\ExtWebmail folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\ExtTuan folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\ExtSmartWiz folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\ExtShare folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\ExtNews folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\ExtFeedWeibo folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\ExtAppStore folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\download_temp folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\baoku folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\2091 folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\2022 folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\2011 folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\2001 folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\2000 folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\102043400 folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\102028944 folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\1018 folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\100000747 folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps\1000 folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se\Apps folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\360se folder moved successfully.
Folder C:\Users\Miss Yi Jun\AppData\Roaming\OpenCandy\ not found.
========== FILES ==========
File\Folder C:\Users\Miss Yi Jun\funshion\funshiontools not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Miss Yi Jun
->Temp folder emptied: 42620141 bytes
->Temporary Internet Files folder emptied: 41391975 bytes
->Java cache emptied: 1128870 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 366035535 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 161243564 bytes
RecycleBin emptied: 154562143 bytes

Total Files Cleaned = 731.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 06012013_231538

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Combofix
I have problem with combofix. Firstly, I'm unable to download anything using the browser whether Chrome or IE. It will give me error message like "Failed - Virus Scan failed". Something is wrong when I can't download anything at all. So I ended up using Flashget to download it. After downloading it and run it. The program ran. But it somehow disappeared and I'm unable to get any log out of it and even I reboot my PC manually.

AdwCleaner

Here is my log:
# AdwCleaner v2.301 - Logfile created 06/01/2013 at 23:35:58
# Updated 16/05/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Miss Yi Jun - MISSYIJUN-PC
# Boot Mode : Normal
# Running from : C:\Users\Miss Yi Jun\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R3].txt - [1048 octets] - [01/06/2013 23:35:24]
AdwCleaner[S5].txt - [986 octets] - [01/06/2013 23:35:58]

########## EOF - C:\AdwCleaner[S5].txt - [1045 octets] ##########
  • 0

#4
Essexboy
Posted 01 June 2013 - 10:01 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I believe I know the culprit... Re-run OTL please, there will only be one log this time

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#5
ladykaze
Posted 01 June 2013 - 10:44 AM

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Hi, I did as instructed but I get only one log: OJT log. What is next?

OTL logfile created on: 02/06/2013 12:25:23 AM - Run 10
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.59% Memory free
4.22 Gb Paging File | 2.67 Gb Available in Paging File | 63.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.73 Gb Total Space | 51.98 Gb Free Space | 23.66% Space Free | Partition Type: NTFS
Drive D: | 78.36 Gb Total Space | 77.89 Gb Free Space | 99.40% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 15.78 Gb Free Space | 3.39% Space Free | Partition Type: NTFS

Computer Name: MISSYIJUN-PC | User Name: Miss Yi Jun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/01 22:36:50 | 000,106,280 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/18 19:04:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/15 20:08:46 | 000,945,328 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/25 09:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/27 16:04:31 | 001,453,568 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SingTel\McciTrayApp.exe
PRC - [2008/01/16 09:10:37 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/25 17:29:38 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\FlashGet\flashget.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/09/11 19:21:34 | 001,327,184 | ---- | M] () -- C:\Program Files\FlashGet\FGEMCORE.dll
MOD - [2007/09/11 19:21:34 | 000,626,688 | ---- | M] () -- C:\Program Files\FlashGet\FGBTCORE.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Ssbbuse)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013/06/01 22:36:50 | 000,106,280 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013/05/15 23:27:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/15 20:08:46 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2011/11/17 00:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\appliand.sys -- (appliandMP)
DRV - [2013/06/01 23:38:49 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC4E476D-E4CF-4EBD-9ED8-3260ECDF27CB}\MpKslfb250734.sys -- (MpKslfb250734)
DRV - [2013/02/22 09:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2013/02/22 09:37:16 | 000,040,136 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/01/15 20:08:47 | 000,031,576 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/07/20 19:48:54 | 000,031,360 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/02/18 12:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudobex.sys -- (ssudobex)
DRV - [2011/02/18 12:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/02/18 12:47:42 | 000,066,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/01/24 21:17:20 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/01/24 21:17:20 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/01/03 16:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 16:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/01/03 16:38:36 | 000,114,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/01/03 16:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/21 13:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/03 17:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/07/05 03:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/25 23:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 23:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 23:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 23:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 23:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 23:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 23:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008/04/02 09:48:40 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/04/02 09:48:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2006/09/19 22:14:10 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/09/19 22:14:10 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/06/03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:0.8.0
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.12
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.startup.homepage: "http://www.hao123.com"
FF - prefs.js..browser.startup.homepage: "http://www.hao123.com"
FF - prefs.js..browser.startup.homepage: "http://www.hao123.co...ser.newtab.url", "about:blank");
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\1.0.0.54\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrlPlugin: C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(530).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npaplayer: C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files\Thunder Network\Thunder\BHO\xluser\npxluser.dll File not found
FF - HKLM\Software\MozillaPlugins\@ylmf.com/UploadPlugin: C:\Program Files\115\UDown\NPUpLoadFile.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Miss Yi Jun\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Miss Yi Jun\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files\Thunder Network\Thunder\BHO\xluser\npxluser.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.2: C:\Users\Miss Yi Jun\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/29 00:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components [2012/05/18 14:26:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2013/05/17 22:05:34 | 000,000,000 | ---D | M]

[2009/07/28 21:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Extensions
[2009/07/28 21:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2013/06/01 23:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions
[2010/05/29 01:08:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/07 21:10:37 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2011/04/22 01:58:38 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/02/07 21:10:37 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/10/23 15:10:18 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
[2010/08/15 03:26:47 | 000,000,000 | ---D | M] (Nami Plugin) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
[2010/09/12 22:13:04 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/02/29 00:03:13 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\{D119EDE5-84F2-4204-927D-D8811DC193B9}
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Windows Media Player\np-mswmp.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Thunder DapCtrl Plugin (Enabled) = C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(530).dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.2 (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Media Go Detector (Enabled) = c:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: YouTube = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DBankPlugin = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpphgmdbhahgadoggfojpaljepicgfpd\1.1.0.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.1.7_0\
CHR - Extension: Gmail = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/06/01 23:15:48 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O4 - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SingTel_McciTrayApp] C:\Program Files\SingTel\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - %SystemRoot%\system32\wshbth.dll File not found
O15 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..Trusted Domains: security_PPStream.exe ([]about in Trusted sites)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D419BDA-FFB2-414C-A8BF-86FFF8B80DFA}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92833653-E5A0-4C2D-870F-10A4A9E9EC78}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/06/01 23:26:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/01 23:25:19 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/06/01 22:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/06/01 22:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/06/01 22:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/06/01 22:15:32 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\yyjvmrkt.sys
[2013/06/01 21:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/06/01 21:20:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Miss Yi Jun\Desktop\OTL.exe
[2013/06/01 10:39:33 | 005,076,199 | R--- | C] (Swearware) -- C:\Users\Miss Yi Jun\Desktop\ComboFix.exe
[2013/06/01 01:01:00 | 000,000,000 | ---D | C] -- C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
[2013/06/01 01:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\x264 Video Codec
[2013/05/29 02:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013/05/29 02:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013/05/28 21:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2013/05/28 21:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2013/05/28 21:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2013/05/28 21:29:13 | 000,000,000 | ---D | C] -- C:\Users\Miss Yi Jun\AppData\Roaming\Hotspot Shield
[2013/05/26 20:30:00 | 000,000,000 | ---D | C] -- C:\TDDOWNLOAD
[2013/05/26 20:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Xunlei
[2013/05/26 20:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Baidu
[2013/05/26 20:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PPLiveNetwork
[2013/05/16 21:31:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/16 21:17:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/16 21:17:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/16 21:17:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/16 21:17:11 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/16 21:17:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/16 21:17:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/16 21:17:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/15 21:26:17 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/15 21:26:14 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2013/06/02 00:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/02 00:18:05 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/01 23:55:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-631317932-1057005952-1023814535-1000UA.job
[2013/06/01 23:38:32 | 000,005,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/01 23:38:29 | 000,005,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/01 23:38:23 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/01 23:38:23 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/06/01 23:38:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/01 23:36:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/01 23:36:25 | 000,000,345 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/06/01 23:15:48 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/06/01 22:36:50 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/06/01 22:15:32 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\yyjvmrkt.sys
[2013/06/01 22:04:33 | 000,632,031 | ---- | M] () -- C:\Users\Miss Yi Jun\Desktop\adwcleaner.exe
[2013/06/01 21:38:09 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/06/01 13:20:25 | 000,189,952 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/01 12:57:33 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/01 12:57:33 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/01 10:39:33 | 005,076,199 | R--- | M] (Swearware) -- C:\Users\Miss Yi Jun\Desktop\ComboFix.exe
[2013/05/30 20:57:11 | 000,000,000 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\prvlcl.dat
[2013/05/29 22:37:11 | 162,069,447 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/29 02:55:51 | 000,001,095 | ---- | M] () -- C:\Users\Miss Yi Jun\Desktop\Free YouTube Download.lnk
[2013/05/29 01:08:57 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/26 20:01:49 | 000,000,911 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Roaming\coreavc.ini
[2013/05/26 19:38:41 | 000,000,938 | ---- | M] () -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/05/26 18:55:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-631317932-1057005952-1023814535-1000Core.job
[2013/05/25 14:56:08 | 000,002,074 | ---- | M] () -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/25 14:56:07 | 000,002,072 | ---- | M] () -- C:\Users\Miss Yi Jun\Desktop\Google Chrome.lnk
[2013/05/17 12:05:28 | 000,401,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/15 23:27:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/15 23:27:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/06 03:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files Created - No Company Name ==========

[2013/06/01 22:36:50 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/06/01 22:04:29 | 000,632,031 | ---- | C] () -- C:\Users\Miss Yi Jun\Desktop\adwcleaner.exe
[2013/06/01 21:38:09 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/06/01 21:36:26 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/05/29 22:37:11 | 162,069,447 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/29 02:55:50 | 000,001,095 | ---- | C] () -- C:\Users\Miss Yi Jun\Desktop\Free YouTube Download.lnk
[2012/09/13 22:59:05 | 000,001,850 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\network.dat
[2012/03/23 22:03:21 | 000,000,911 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\coreavc.ini
[2011/12/02 14:06:28 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2011/03/09 02:11:22 | 000,004,096 | -H-- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\keyfile3.drm
[2011/02/20 20:32:32 | 000,000,050 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\Syscfg.ini
[2010/12/13 21:47:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/20 22:17:52 | 000,000,552 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\d3d8caps.dat
[2010/03/30 00:30:11 | 000,000,000 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\prvlcl.dat
[2008/09/20 23:57:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/18 20:19:05 | 000,037,165 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/06/21 19:39:38 | 000,189,952 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/20 16:45:56 | 000,001,356 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 20:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 14:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 14:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/13 12:49:10 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/13 12:49:10 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2008/10/10 22:25:18 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Ashampoo
[2012/09/29 13:29:54 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\AVG2013
[2011/03/24 23:16:03 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\BitTorrent
[2009/03/01 23:38:10 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\BonkEnc
[2012/01/27 00:15:29 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Canon
[2009/10/27 21:57:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/19 22:16:36 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\CravingExplorer
[2011/12/31 23:47:59 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\DBank
[2012/03/24 18:27:35 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Digiarty
[2013/05/31 21:08:39 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\DVDVideoSoft
[2010/03/01 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Facebook
[2008/06/22 18:13:40 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\FlashGet
[2012/07/07 14:34:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\flash_se
[2009/07/28 21:24:29 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Flock
[2010/08/20 22:24:21 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\funshionAddr
[2012/03/27 12:25:16 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\HandBrake
[2013/05/28 21:29:13 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Hotspot Shield
[2013/03/02 17:50:23 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\ImgBurn
[2012/08/22 01:27:26 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Leawo
[2013/03/21 22:14:30 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Mp3tag
[2009/11/26 00:13:15 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\NCH Swift Sound
[2013/03/03 23:08:49 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\OpenOffice.org
[2013/06/01 23:10:47 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Orbit
[2011/11/14 00:55:30 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\PhotoScape
[2010/08/15 01:04:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\PPStream
[2012/05/18 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\ProgSense
[2012/05/18 18:34:20 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Recordpad
[2010/08/17 01:10:10 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Runscanner.net
[2011/11/07 21:39:51 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Samsung
[2011/01/24 21:09:47 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Sony
[2011/01/24 20:59:23 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Sony Setup
[2009/06/12 23:12:48 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Teleca
[2012/08/22 01:29:00 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\tiger-k
[2012/09/29 13:07:12 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\TuneUp Software
[2011/02/20 20:57:25 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\UDown
[2009/10/19 02:09:13 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Windows Live Writer
[2010/11/27 17:04:37 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\YouSendIt

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 17:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/21 10:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/21 10:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 14:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 14:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/21 10:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 08:02:32 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 14:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 14:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 23:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/21 10:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 14:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/21 10:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 14:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/04/11 14:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/21 10:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/21 10:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/21 10:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/21 10:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/21 10:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 14:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 22:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 14:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/21 10:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 14:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 14:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/21 10:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 14:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/07 00:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 19:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 14:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/05 02:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 14:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 19:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 14:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 14:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 14:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 14:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/21 10:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 14:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 14:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 14:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 14:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 14:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/03 06:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 14:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/12 03:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 19:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 14:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 11:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 10:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 10:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/19 05:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/19 05:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CFG >
[2013/05/10 15:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.CNF >
[2008/06/22 01:48:41 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\Miss Yi Jun\Documents\My Webs\_vti_pvt\services.cnf

< MD5 for: SERVICES.CSS >
[2013/05/21 00:23:40 | 000,003,086 | ---- | M] () MD5=8970BCFBBE53AD2B95D0C74C8F3253B2 -- C:\Users\Miss Yi Jun\Documents\Hypnosis Recording\New Meditation To Ease Your Money Stress (+ quick question) Mind-Body Training Community Blog_files\services.css

< MD5 for: SERVICES.DAT >
[2013/02/03 08:47:04 | 000,001,508 | ---- | M] () MD5=687B06F8F906AE9FC4D92F16F19356C0 -- C:\JRT\services.dat
[2009/05/24 21:38:57 | 000,000,030 | ---- | M] () MD5=9C6DCDE88B3E394BF959816512037E76 -- C:\Users\Miss Yi Jun\AppData\Local\VirtualStore\Program Files\ProxyWay\services.dat

< MD5 for: SERVICES.EXE >
[2008/01/21 10:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 20:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 20:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/21 10:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 10:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 20:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/19 05:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 20:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/19 05:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.RDB >
[2012/08/13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012/08/10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: SVCHOST.EXE >
[2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2011/12/30 02:35:29 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 10:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 10:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 10:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 14EE-906F
Directory of C:\
02/11/2006 09:02 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows Defender
02/11/2006 08:42 PM <SYMLINKD> en-US [c:\windows\system32\config]
02/11/2006 08:34 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MpClient.dll [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
02/11/2006 08:34 PM <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MpRtMon.dll [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MpRtPlug.dll [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MpSigDwn.dll [c:\windows\system32\config]
11/04/2009 02:27 PM <SYMLINK> MpSoftEx.dll [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
02/11/2006 08:34 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
02/11/2006 08:34 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
14 File(s) 4,344,192 bytes
Directory of C:\ProgramData
02/11/2006 09:02 PM <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 09:02 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 09:02 PM <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 09:02 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 09:02 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 09:02 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
02/11/2006 09:02 PM <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 09:02 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
02/11/2006 09:02 PM <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 09:02 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 09:02 PM <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 09:02 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 09:02 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 09:02 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
02/11/2006 09:02 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 09:02 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 09:02 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 09:02 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 09:02 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 09:02 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 09:02 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 09:02 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 09:02 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
02/11/2006 09:02 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 09:02 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 09:02 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
02/11/2006 09:02 PM <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 09:02 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 09:02 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Miss Yi Jun
20/06/2008 04:45 PM <JUNCTION> Application Data [C:\Users\Miss Yi Jun\AppData\Roaming]
20/06/2008 04:45 PM <JUNCTION> Cookies [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Cookies]
20/06/2008 04:45 PM <JUNCTION> Local Settings [C:\Users\Miss Yi Jun\AppData\Local]
20/06/2008 04:45 PM <JUNCTION> My Documents [C:\Users\Miss Yi Jun\Documents]
20/06/2008 04:45 PM <JUNCTION> NetHood [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
20/06/2008 04:45 PM <JUNCTION> PrintHood [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
20/06/2008 04:45 PM <JUNCTION> Recent [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Recent]
20/06/2008 04:45 PM <JUNCTION> SendTo [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\SendTo]
20/06/2008 04:45 PM <JUNCTION> Start Menu [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu]
20/06/2008 04:45 PM <JUNCTION> Templates [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Miss Yi Jun\AppData\Local
20/06/2008 04:45 PM <JUNCTION> Application Data [C:\Users\Miss Yi Jun\AppData\Local]
20/06/2008 04:45 PM <JUNCTION> History [C:\Users\Miss Yi Jun\AppData\Local\Microsoft\Windows\History]
20/06/2008 04:45 PM <JUNCTION> Temporary Internet Files [C:\Users\Miss Yi Jun\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Miss Yi Jun\AppData\LocalLow
09/06/2010 08:43 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Miss Yi Jun\Documents
20/06/2008 04:45 PM <JUNCTION> My Music [C:\Users\Miss Yi Jun\Music]
20/06/2008 04:45 PM <JUNCTION> My Pictures [C:\Users\Miss Yi Jun\Pictures]
20/06/2008 04:45 PM <JUNCTION> My Videos [C:\Users\Miss Yi Jun\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
02/11/2006 09:02 PM <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 09:02 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 09:02 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows
22/06/2008 12:15 AM <SYMLINKD> $NtUninstallKB60561$ [..]
0 File(s) 0 bytes
Total Files Listed:
14 File(s) 4,344,192 bytes
52 Dir(s) 55,452,282,880 bytes free

========== Files - Unicode (All) ==========
[2013/05/26 20:17:53 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
[2012/07/08 02:15:56 | 000,000,000 | ---D | M](C:\360????) -- C:\360高速下载
[2012/07/07 15:50:41 | 000,000,000 | ---D | C](C:\360????) -- C:\360高速下载
[2012/07/07 13:21:15 | 000,000,897 | ---- | M] ()(C:\Users\Miss Yi Jun\Desktop\360?????.lnk) -- C:\Users\Miss Yi Jun\Desktop\360安全浏览器.lnk
[2012/07/07 13:21:15 | 000,000,897 | ---- | C] ()(C:\Users\Miss Yi Jun\Desktop\360?????.lnk) -- C:\Users\Miss Yi Jun\Desktop\360安全浏览器.lnk
[2012/07/07 13:21:15 | 000,000,877 | ---- | M] ()(C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360?????.lnk) -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全浏览器.lnk
[2012/07/07 13:21:15 | 000,000,877 | ---- | C] ()(C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360?????.lnk) -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全浏览器.lnk
[2012/07/02 12:59:18 | 000,014,347 | ---- | M] ()(C:\Users\Miss Yi Jun\Documents\???.docx) -- C:\Users\Miss Yi Jun\Documents\迪迪宅.docx
[2012/07/02 12:59:16 | 000,014,347 | ---- | C] ()(C:\Users\Miss Yi Jun\Documents\???.docx) -- C:\Users\Miss Yi Jun\Documents\迪迪宅.docx
[2012/06/20 13:01:47 | 000,000,162 | -H-- | M] ()(C:\Users\Miss Yi Jun\Documents\~$?????.docx) -- C:\Users\Miss Yi Jun\Documents\~$自己想要的.docx
[2012/06/20 13:01:47 | 000,000,162 | -H-- | C] ()(C:\Users\Miss Yi Jun\Documents\~$?????.docx) -- C:\Users\Miss Yi Jun\Documents\~$自己想要的.docx
[2012/03/08 22:30:34 | 000,000,000 | ---D | M](C:\Users\Miss Yi Jun\Documents\115???) -- C:\Users\Miss Yi Jun\Documents\115浏览器
[2012/03/08 21:31:25 | 000,000,000 | ---D | C](C:\Users\Miss Yi Jun\Documents\115???) -- C:\Users\Miss Yi Jun\Documents\115浏览器
(C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360????) -- C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360安全中心

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB60561$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
  • 0

#6
Essexboy
Posted 01 June 2013 - 11:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Next we will remove the reparse points which are stopping you downloading files

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  • Click on the Start Posted Image button and in the search box, type Notepad and click on it
  • Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad
    fsutil reparsepoint delete C:\Program Files\Windows Defender\en-US 
fsutil reparsepoint delete C:\Program Files\Windows Defender\MpAsDesc.dll 
fsutil reparsepoint delete C:\Program Files\Windows Defender\MpClient.dll 
fsutil reparsepoint delete C:\Program Files\Windows Defender\MpCmdRun.exe 
fsutil reparsepoint delete C:\Program Files\Windows Defender\MpEvMsg.dll 
fsutil reparsepoint delete C:\Program Files\Windows Defender\MpOAV.dll  
fsutil reparsepoint delete C:\Program Files\Windows Defender\MpRtMon.dll 
fsutil reparsepoint delete C:\Program Files\Windows Defender\MpRtPlug.dll 
fsutil reparsepoint delete C:\Program Files\Windows Defender\MpSigDwn.dll 
fsutil reparsepoint delete C:\Program Files\Windows Defender\MpSoftEx.dll 
fsutil reparsepoint delete C:\Program Files\Windows Defender\MpSvc.dll  
fsutil reparsepoint delete C:\Program Files\Windows Defender\MSASCui.exe   
fsutil reparsepoint delete C:\Program Files\Windows Defender\MsMpCom.dll  
fsutil reparsepoint delete C:\Program Files\Windows Defender\MsMpLics.dll   
fsutil reparsepoint delete C:\Program Files\Windows Defender\MsMpRes.dll  

CD \
DIR /S /A:L > %USERPROFILE%\Desktop\JunctionPoints.txt
START JunctionPoints.txt
EXIT
  • Go to File > Save As... and save it to your Desktop named fix.bat. Make sure you change the Save as type to All Files (*.*)
  • Locate fix.bat on your Desktop and right click then select Run as administrator
  • A log Junction.txt will be located on the desktop attach that

THEN

Re-run Combofix please
  • 0

#7
ladykaze
Posted 01 June 2013 - 11:49 PM

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Hi! I did as instructed. But I received an error message: "Window cannot find 'JunctionPoints.txt'. Make sure you type the name correctly, and then try again." What should I do next?
  • 0

#8
Essexboy
Posted 02 June 2013 - 03:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now re-run Combofix please, this time it should produce a log
  • 0

#9
ladykaze
Posted 02 June 2013 - 04:55 AM

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Hi! I had tried running fix.bat twice as I tried to run Combofix twice of which they would not produce a report. I only manage to get a Conbofix log on the third time. Please let me know what is next. Thanks a lot :)

ComboFix 13-06-02.02 - Miss Yi Jun 02/06/2013 18:43:22.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.65.1033.18.2035.779 [GMT 8:00]
Running from: c:\users\Miss Yi Jun\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Previous Run --
.
Infected copy of c:\windows\system32\wshtcpip.dll was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy5_!Windows!System32!WSHTCPIP.DLL
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2013-05-02 to 2013-06-02 )))))))))))))))))))))))))))))))
.
.
2013-06-02 10:50 . 2013-06-02 10:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-06-02 10:50 . 2013-06-02 10:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-02 09:27 . 2013-06-02 09:27 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC4E476D-E4CF-4EBD-9ED8-3260ECDF27CB}\offreg.dll
2013-06-02 06:31 . 2013-06-02 10:50 -------- d-----w- c:\users\Miss Yi Jun\AppData\Local\temp
2013-06-01 14:36 . 2013-06-01 14:36 -------- d-----w- c:\program files\HitmanPro
2013-06-01 14:36 . 2013-06-01 15:05 -------- d-----w- c:\programdata\HitmanPro
2013-06-01 14:15 . 2013-06-01 14:15 75264 ----a-w- c:\windows\system32\drivers\yyjvmrkt.sys
2013-06-01 13:40 . 2013-05-13 17:49 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC4E476D-E4CF-4EBD-9ED8-3260ECDF27CB}\mpengine.dll
2013-06-01 13:35 . 2013-06-01 13:36 -------- d-----w- c:\program files\Microsoft Security Client
2013-05-31 17:01 . 2013-05-31 17:01 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-05-31 17:00 . 2013-05-31 17:01 -------- d-----w- c:\program files\x264 Video Codec
2013-05-28 18:55 . 2013-05-31 13:09 -------- d-----w- c:\program files\DVDVideoSoft
2013-05-28 18:55 . 2013-05-31 13:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2013-05-28 13:29 . 2013-05-28 13:34 -------- d-----w- c:\programdata\Hotspot Shield
2013-05-28 13:29 . 2013-05-28 16:40 -------- d-----w- c:\program files\Hotspot Shield
2013-05-28 13:29 . 2013-05-28 13:29 -------- d-----w- c:\users\Miss Yi Jun\AppData\Roaming\Hotspot Shield
2013-05-26 12:30 . 2013-05-26 12:35 -------- d-----w- C:\TDDOWNLOAD
2013-05-26 12:19 . 2013-05-26 12:19 -------- d-----w- c:\programdata\Xunlei
2013-05-26 12:19 . 2013-05-26 12:19 -------- d-----w- c:\program files\Baidu
2013-05-26 12:07 . 2013-05-26 12:07 -------- d-----w- c:\program files\Common Files\PPLiveNetwork
2013-05-26 12:07 . 2012-12-07 06:31 141368 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.54\npplugin2.dll
2013-05-26 12:07 . 2012-12-07 06:31 194608 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.54\pplugin2.dll
2013-05-26 12:07 . 2012-12-07 06:31 129024 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.54\PluginInstaller.exe
2013-05-16 13:31 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 13:26 . 2013-04-15 14:20 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 13:26 . 2013-04-13 10:56 37376 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 13:26 . 2013-04-09 01:36 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-01 15:36 . 2013-01-30 16:28 345 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-01 14:15 . 2011-06-16 16:44 75264 ----a-w- c:\windows\system32\drivers\DFSC.SYS
2013-05-15 15:27 . 2012-04-14 06:35 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 15:27 . 2011-05-13 11:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-13 10:06 . 2010-06-24 03:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-22 15:07 . 2013-04-22 15:07 341512 ----a-r- c:\users\Miss Yi Jun\AppData\Roaming\Microsoft\Installer\{902EF8A0-AA81-47FB-AA57-E59BF4BEDF1F}\ARPPRODUCTICON.exe
2013-04-04 06:50 . 2013-02-27 14:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-11 13:25 . 2013-04-10 12:36 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 12:36 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-10 12:36 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-10 12:36 64000 ----a-w- c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-10 12:36 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-10 12:36 2067968 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaIconsOverlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2013-05-31 17:01 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]
@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"
[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]
2012-11-14 11:32 251856 ----a-w- c:\program files\Common Files\Thunder Network\KanKan\xappex.1.1.1.62.(87).dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-16 4702208]
"SingTel_McciTrayApp"="c:\program files\SingTel\McciTrayApp.exe" [2008-06-27 1453568]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-10 3147384]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
.
c:\users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-9-2 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\???]
c:\users\Miss Yi Jun\AppData\Roaming\115\Box\115Box.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-15 02:14 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 10:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2007-09-25 09:29 2007088 ----a-w- c:\program files\FlashGet\flashget.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-25 15:26 136176 ----atw- c:\users\Miss Yi Jun\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 10:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 15:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-04-14 11:55 928656 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-04-14 11:57 19872 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-04-14 11:55 3373968 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2013-04-04 06:50 887432 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 07:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 12:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-11-13 16:41 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-02-28 16:02 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2011-08-05 04:29 159456 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
FunshionServiceTools REG_MULTI_SZ FunshionSvr
XLServicePlatform REG_MULTI_SZ XLServicePlatform
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 15:27]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 15:26]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 15:26]
.
2013-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-631317932-1057005952-1023814535-1000Core.job
- c:\users\Miss Yi Jun\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 15:26]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-631317932-1057005952-1023814535-1000UA.job
- c:\users\Miss Yi Jun\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 15:26]
.
.
------- Supplementary Scan -------
.
mStart Page =
uInternet Settings,ProxyOverride = local
uSearchAssistant =
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
Trusted Zone: security_PPStream.exe
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{8A8BC1BD-D897-4CE7-9F60-F93990548F3D} - (no file)
ShellIconOverlayIdentifiers-{6E2D25A2-5272-4B77-9A1E-6BE1AA5CFCEE} - (no file)
ShellIconOverlayIdentifiers-{24606D69-91E1-4370-BA41-53174339C1C3} - (no file)
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-BitTorrent DNA - c:\users\Miss Yi Jun\Program Files\DNA\btdna.exe
MSConfigStartUp-Sony Ericsson PC Companion - c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
MSConfigStartUp-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
MSConfigStartUp-YouSendIt - c:\program files\YouSendIt\Express\YouSendIt.exe
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-Free 3D Video Maker_is1 - c:\program files\DVDVideoSoft\Free 3D Video Maker\unins000.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free Audio Converter_is1 - c:\program files\DVDVideoSoft\Free Audio Converter\unins000.exe
AddRemove-Free Audio Dub_is1 - c:\program files\DVDVideoSoft\Free Audio Dub\unins000.exe
AddRemove-Free DVD Decrypter_is1 - c:\program files\DVDVideoSoft\Free DVD Decrypter\unins000.exe
AddRemove-Free DVD Video Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Free Video Dub_is1 - c:\program files\DVDVideoSoft\Free Video Dub\unins000.exe
AddRemove-Free Video to iPod Converter_is1 - c:\program files\DVDVideoSoft\Free Video to iPod Converter\unins000.exe
AddRemove-Free Video to JPG Converter_is1 - c:\program files\DVDVideoSoft\Free Video to JPG Converter\unins000.exe
AddRemove-Free Video to MP3 Converter_is1 - c:\program files\DVDVideoSoft\Free Video to MP3 Converter\unins001.exe
AddRemove-Free YouTube to iPod Converter_is1 - c:\program files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\DVDVideoSoft\Free YouTube to MP3 Converter\unins001.exe
AddRemove-QvodPlayer - c:\qvodplayerqvodplayer\QvodUninst.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{23F3F476-BE34-4f48-9C77-2806A8393EC4} - c:\users\Miss Yi Jun\AppData\Roaming\360se\bin\UnInst360SE.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-02 18:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*&*Y]*)YCQz4xE*D*&*̉‰r‚Lk\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. c o m 0
0^y`€2 0 hTt^ª~ơ_ÛVẹ̀f,{ÛV9_- ¾|^y 0\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ä*¸* è*¾* \OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%m0ueP!kÎ)*]*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%m0ueP!kÎ)*]*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-06-02 18:52:38
ComboFix-quarantined-files.txt 2013-06-02 10:52
.
Pre-Run: 57,386,565,632 bytes free
Post-Run: 57,363,877,888 bytes free
.
- - End Of File - - 87BC1AD986F8559FAB102EE1C9E44E8F
  • 0

#10
Essexboy
Posted 02 June 2013 - 05:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that looks OK now, could you try to download this programme (it should now work ) then let me know how the computer is behaving

Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
  • 0

Advertisements

#11
ladykaze
Posted 02 June 2013 - 09:05 AM

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Hi. I tried downloading other things but I'm still getting the same error. I had downloaded the program not long ago so below is my log.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.28.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Miss Yi Jun :: MISSYIJUN-PC [administrator]

02/06/2013 8:55:06 PM
mbam-log-2013-06-02 (20-55-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223870
Time elapsed: 12 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#12
Essexboy
Posted 02 June 2013 - 09:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run a quick OTL scan please with this script .. Again there will only be one log


Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#13
ladykaze
Posted 02 June 2013 - 10:10 AM

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Hi! Done as instructed. I can't locate any Extras.Txt. Here is my OTL log.

OTL logfile created on: 02/06/2013 11:50:50 PM - Run 11
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Miss Yi Jun\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 37.10% Memory free
4.22 Gb Paging File | 2.19 Gb Available in Paging File | 51.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.73 Gb Total Space | 53.55 Gb Free Space | 24.37% Space Free | Partition Type: NTFS
Drive D: | 78.36 Gb Total Space | 77.89 Gb Free Space | 99.40% Space Free | Partition Type: NTFS
Drive H: | 998.10 Mb Total Space | 31.66 Mb Free Space | 3.17% Space Free | Partition Type: FAT32

Computer Name: MISSYIJUN-PC | User Name: Miss Yi Jun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/01 22:36:50 | 000,106,280 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/15 20:08:46 | 000,945,328 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/10/06 04:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Miss Yi Jun\Desktop\OTL.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012/05/11 17:39:26 | 002,637,624 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe
PRC - [2012/05/11 17:30:58 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/25 09:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/27 16:04:31 | 001,453,568 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SingTel\McciTrayApp.exe
PRC - [2008/01/16 09:10:37 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/25 17:29:38 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\FlashGet\flashget.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/23 13:44:07 | 000,393,168 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/23 13:44:06 | 013,136,336 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013/05/23 13:43:59 | 004,051,408 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/23 13:43:03 | 001,597,392 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/05/11 17:35:30 | 000,397,312 | ---- | M] () -- C:\Program Files\Orbitdownloader\wtlctrl.dll
MOD - [2010/07/05 05:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/09/11 19:21:34 | 001,327,184 | ---- | M] () -- C:\Program Files\FlashGet\FGEMCORE.dll
MOD - [2007/09/11 19:21:34 | 000,626,688 | ---- | M] () -- C:\Program Files\FlashGet\FGBTCORE.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Ssbbuse)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013/06/01 22:36:50 | 000,106,280 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013/05/15 23:27:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/15 20:08:46 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MISSYI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\appliand.sys -- (appliandMP)
DRV - [2013/02/22 09:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2013/02/22 09:37:16 | 000,040,136 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/01/15 20:08:47 | 000,031,576 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/07/20 19:48:54 | 000,031,360 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/02/18 12:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudobex.sys -- (ssudobex)
DRV - [2011/02/18 12:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/02/18 12:47:42 | 000,066,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/01/24 21:17:20 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/01/24 21:17:20 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/01/03 16:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 16:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/01/03 16:38:36 | 000,114,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/01/03 16:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/21 13:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/03 17:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/25 23:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 23:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 23:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 23:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 23:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 23:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 23:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008/04/02 09:48:40 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/04/02 09:48:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2006/09/19 22:14:10 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/09/19 22:14:10 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/06/03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:0.8.0
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.12
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.startup.homepage: "http://www.hao123.com"
FF - prefs.js..browser.startup.homepage: "http://www.hao123.com"
FF - prefs.js..browser.startup.homepage: "http://www.hao123.co...ser.newtab.url", "about:blank");
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\1.0.0.54\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrlPlugin: C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(530).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npaplayer: C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files\Thunder Network\Thunder\BHO\xluser\npxluser.dll File not found
FF - HKLM\Software\MozillaPlugins\@ylmf.com/UploadPlugin: C:\Program Files\115\UDown\NPUpLoadFile.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Miss Yi Jun\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Miss Yi Jun\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files\Thunder Network\Thunder\BHO\xluser\npxluser.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.2: C:\Users\Miss Yi Jun\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/29 00:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components [2012/05/18 14:26:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2013/05/17 22:05:34 | 000,000,000 | ---D | M]

[2009/07/28 21:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Extensions
[2009/07/28 21:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2013/06/01 23:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions
[2010/05/29 01:08:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/07 21:10:37 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2011/04/22 01:58:38 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/02/07 21:10:37 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/10/23 15:10:18 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
[2010/08/15 03:26:47 | 000,000,000 | ---D | M] (Nami Plugin) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
[2010/09/12 22:13:04 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/02/29 00:03:13 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\{D119EDE5-84F2-4204-927D-D8811DC193B9}
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Windows Media Player\np-mswmp.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Thunder DapCtrl Plugin (Enabled) = C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(530).dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.2 (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Media Go Detector (Enabled) = c:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: YouTube = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DBankPlugin = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpphgmdbhahgadoggfojpaljepicgfpd\1.1.0.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.1.8_0\
CHR - Extension: Gmail = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/06/02 14:33:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SingTel_McciTrayApp] C:\Program Files\SingTel\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O15 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..Trusted Domains: security_PPStream.exe ([]about in Trusted sites)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D419BDA-FFB2-414C-A8BF-86FFF8B80DFA}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92833653-E5A0-4C2D-870F-10A4A9E9EC78}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/06/02 18:52:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/02 18:52:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/02 18:42:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/02 18:42:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/06/02 14:31:32 | 000,000,000 | ---D | C] -- C:\Users\Miss Yi Jun\AppData\Local\temp
[2013/06/02 14:05:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/02 14:05:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/02 00:48:03 | 000,000,000 | ---D | C] -- C:\Users\Miss Yi Jun\AppData\Local\{3F741F2D-8D83-46B2-8FE7-62F69BC2A605}
[2013/06/01 23:26:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/01 22:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/06/01 22:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/06/01 22:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/06/01 21:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/06/01 21:20:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Miss Yi Jun\Desktop\OTL.exe
[2013/06/01 10:39:33 | 005,076,415 | R--- | C] (Swearware) -- C:\Users\Miss Yi Jun\Desktop\ComboFix.exe
[2013/06/01 01:01:00 | 000,000,000 | ---D | C] -- C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
[2013/06/01 01:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\x264 Video Codec
[2013/05/29 02:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013/05/29 02:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013/05/28 21:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2013/05/28 21:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2013/05/28 21:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2013/05/28 21:29:13 | 000,000,000 | ---D | C] -- C:\Users\Miss Yi Jun\AppData\Roaming\Hotspot Shield
[2013/05/26 20:30:00 | 000,000,000 | ---D | C] -- C:\TDDOWNLOAD
[2013/05/26 20:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Xunlei
[2013/05/26 20:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Baidu
[2013/05/26 20:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PPLiveNetwork

========== Files - Modified Within 30 Days ==========

[2013/06/02 23:55:05 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-631317932-1057005952-1023814535-1000UA.job
[2013/06/02 23:27:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/02 23:24:05 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/02 23:24:05 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/02 23:18:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/02 22:51:43 | 000,005,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/02 22:51:42 | 000,005,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/02 21:00:02 | 000,190,976 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/02 20:51:58 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/02 20:51:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/02 19:44:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/02 18:55:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-631317932-1057005952-1023814535-1000Core.job
[2013/06/02 18:40:50 | 000,000,000 | ---- | M] () -- C:\Miss
[2013/06/02 18:15:00 | 005,076,415 | R--- | M] (Swearware) -- C:\Users\Miss Yi Jun\Desktop\ComboFix.exe
[2013/06/02 14:33:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/06/01 23:36:25 | 000,000,345 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/06/01 22:36:50 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/06/01 22:04:33 | 000,632,031 | ---- | M] () -- C:\Users\Miss Yi Jun\Desktop\adwcleaner.exe
[2013/06/01 21:38:09 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/05/30 20:57:11 | 000,000,000 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\prvlcl.dat
[2013/05/29 02:55:51 | 000,001,095 | ---- | M] () -- C:\Users\Miss Yi Jun\Desktop\Free YouTube Download.lnk
[2013/05/29 01:08:57 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/26 20:01:49 | 000,000,911 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Roaming\coreavc.ini
[2013/05/26 19:38:41 | 000,000,938 | ---- | M] () -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/05/25 14:56:08 | 000,002,074 | ---- | M] () -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/25 14:56:07 | 000,002,072 | ---- | M] () -- C:\Users\Miss Yi Jun\Desktop\Google Chrome.lnk
[2013/05/17 12:05:28 | 000,401,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/06/02 14:05:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/02 14:05:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/02 14:05:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/02 14:05:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/02 14:05:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/02 13:50:22 | 000,000,000 | ---- | C] () -- C:\Miss
[2013/06/01 22:36:50 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/06/01 22:04:29 | 000,632,031 | ---- | C] () -- C:\Users\Miss Yi Jun\Desktop\adwcleaner.exe
[2013/06/01 21:38:09 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/06/01 21:36:26 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/05/29 02:55:50 | 000,001,095 | ---- | C] () -- C:\Users\Miss Yi Jun\Desktop\Free YouTube Download.lnk
[2012/09/13 22:59:05 | 000,001,850 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\network.dat
[2012/03/23 22:03:21 | 000,000,911 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\coreavc.ini
[2011/12/02 14:06:28 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2011/03/09 02:11:22 | 000,004,096 | -H-- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\keyfile3.drm
[2011/02/20 20:32:32 | 000,000,050 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\Syscfg.ini
[2010/12/13 21:47:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/20 22:17:52 | 000,000,552 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\d3d8caps.dat
[2010/03/30 00:30:11 | 000,000,000 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\prvlcl.dat
[2008/09/20 23:57:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/18 20:19:05 | 000,037,165 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/06/21 19:39:38 | 000,190,976 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/20 16:45:56 | 000,001,356 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 20:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 14:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 14:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/13 12:49:10 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/13 12:49:10 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2008/10/10 22:25:18 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Ashampoo
[2012/09/29 13:29:54 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\AVG2013
[2011/03/24 23:16:03 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\BitTorrent
[2009/03/01 23:38:10 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\BonkEnc
[2012/01/27 00:15:29 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Canon
[2009/10/27 21:57:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/19 22:16:36 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\CravingExplorer
[2011/12/31 23:47:59 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\DBank
[2012/03/24 18:27:35 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Digiarty
[2013/05/31 21:08:39 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\DVDVideoSoft
[2010/03/01 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Facebook
[2008/06/22 18:13:40 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\FlashGet
[2012/07/07 14:34:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\flash_se
[2009/07/28 21:24:29 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Flock
[2010/08/20 22:24:21 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\funshionAddr
[2012/03/27 12:25:16 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\HandBrake
[2013/05/28 21:29:13 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Hotspot Shield
[2013/03/02 17:50:23 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\ImgBurn
[2012/08/22 01:27:26 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Leawo
[2013/03/21 22:14:30 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Mp3tag
[2009/11/26 00:13:15 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\NCH Swift Sound
[2013/03/03 23:08:49 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\OpenOffice.org
[2013/06/02 23:04:17 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Orbit
[2011/11/14 00:55:30 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\PhotoScape
[2010/08/15 01:04:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\PPStream
[2012/05/18 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\ProgSense
[2012/05/18 18:34:20 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Recordpad
[2010/08/17 01:10:10 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Runscanner.net
[2011/11/07 21:39:51 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Samsung
[2011/01/24 21:09:47 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Sony
[2011/01/24 20:59:23 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Sony Setup
[2009/06/12 23:12:48 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Teleca
[2012/08/22 01:29:00 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\tiger-k
[2012/09/29 13:07:12 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\TuneUp Software
[2011/02/20 20:57:25 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\UDown
[2009/10/19 02:09:13 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Windows Live Writer
[2010/11/27 17:04:37 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\YouSendIt

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 17:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/21 10:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/21 10:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 14:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 14:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/21 10:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 08:02:32 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 14:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 14:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 23:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/21 10:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 14:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/21 10:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 14:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/04/11 14:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/21 10:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/21 10:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/21 10:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/21 10:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/21 10:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 14:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 22:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 14:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/21 10:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 14:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 14:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/21 10:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 14:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/07 00:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 19:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 14:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/05 02:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 14:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 19:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 14:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 14:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 14:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 14:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/21 10:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 14:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 14:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 14:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 14:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 14:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/03 06:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 14:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/12 03:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 19:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 14EE-906F
Directory of C:\
02/11/2006 09:02 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows Defender
02/11/2006 08:42 PM <SYMLINKD> en-US [c:\windows\system32\config]
02/11/2006 08:34 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MpClient.dll [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
02/11/2006 08:34 PM <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MpRtMon.dll [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MpRtPlug.dll [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MpSigDwn.dll [c:\windows\system32\config]
11/04/2009 02:27 PM <SYMLINK> MpSoftEx.dll [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
21/01/2008 10:23 AM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
02/11/2006 08:34 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
02/11/2006 08:34 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
14 File(s) 4,344,192 bytes
Directory of C:\ProgramData
02/11/2006 09:02 PM <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 09:02 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 09:02 PM <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 09:02 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 09:02 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 09:02 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB60561$
01/06/2013 01:02 AM <SYMLINK> 1332567033.vir [c:\windows\system32\config]
1 File(s) 0 bytes
Directory of C:\Users
02/11/2006 09:02 PM <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 09:02 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
02/11/2006 09:02 PM <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 09:02 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 09:02 PM <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 09:02 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 09:02 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 09:02 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
02/11/2006 09:02 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 09:02 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 09:02 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 09:02 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 09:02 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 09:02 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 09:02 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 09:02 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 09:02 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
02/11/2006 09:02 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 09:02 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 09:02 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
02/11/2006 09:02 PM <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 09:02 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 09:02 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Miss Yi Jun
20/06/2008 04:45 PM <JUNCTION> Application Data [C:\Users\Miss Yi Jun\AppData\Roaming]
20/06/2008 04:45 PM <JUNCTION> Cookies [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Cookies]
20/06/2008 04:45 PM <JUNCTION> Local Settings [C:\Users\Miss Yi Jun\AppData\Local]
20/06/2008 04:45 PM <JUNCTION> My Documents [C:\Users\Miss Yi Jun\Documents]
20/06/2008 04:45 PM <JUNCTION> NetHood [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
20/06/2008 04:45 PM <JUNCTION> PrintHood [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
20/06/2008 04:45 PM <JUNCTION> Recent [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Recent]
20/06/2008 04:45 PM <JUNCTION> SendTo [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\SendTo]
20/06/2008 04:45 PM <JUNCTION> Start Menu [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu]
20/06/2008 04:45 PM <JUNCTION> Templates [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Miss Yi Jun\AppData\Local
20/06/2008 04:45 PM <JUNCTION> Application Data [C:\Users\Miss Yi Jun\AppData\Local]
20/06/2008 04:45 PM <JUNCTION> History [C:\Users\Miss Yi Jun\AppData\Local\Microsoft\Windows\History]
20/06/2008 04:45 PM <JUNCTION> Temporary Internet Files [C:\Users\Miss Yi Jun\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Miss Yi Jun\AppData\LocalLow
09/06/2010 08:43 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Miss Yi Jun\Documents
20/06/2008 04:45 PM <JUNCTION> My Music [C:\Users\Miss Yi Jun\Music]
20/06/2008 04:45 PM <JUNCTION> My Pictures [C:\Users\Miss Yi Jun\Pictures]
20/06/2008 04:45 PM <JUNCTION> My Videos [C:\Users\Miss Yi Jun\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
02/11/2006 09:02 PM <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 09:02 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 09:02 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
15 File(s) 4,344,192 bytes
51 Dir(s) 57,119,481,856 bytes free

========== Files - Unicode (All) ==========
[2013/05/26 20:17:53 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
[2012/07/08 02:15:56 | 000,000,000 | ---D | M](C:\360????) -- C:\360高速下载
[2012/07/07 15:50:41 | 000,000,000 | ---D | C](C:\360????) -- C:\360高速下载
[2012/07/07 13:21:15 | 000,000,877 | ---- | M] ()(C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360?????.lnk) -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全浏览器.lnk
[2012/07/07 13:21:15 | 000,000,877 | ---- | C] ()(C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360?????.lnk) -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全浏览器.lnk
[2012/07/02 12:59:18 | 000,014,347 | ---- | M] ()(C:\Users\Miss Yi Jun\Documents\???.docx) -- C:\Users\Miss Yi Jun\Documents\迪迪宅.docx
[2012/07/02 12:59:16 | 000,014,347 | ---- | C] ()(C:\Users\Miss Yi Jun\Documents\???.docx) -- C:\Users\Miss Yi Jun\Documents\迪迪宅.docx
[2012/06/20 13:01:47 | 000,000,162 | -H-- | M] ()(C:\Users\Miss Yi Jun\Documents\~$?????.docx) -- C:\Users\Miss Yi Jun\Documents\~$自己想要的.docx
[2012/06/20 13:01:47 | 000,000,162 | -H-- | C] ()(C:\Users\Miss Yi Jun\Documents\~$?????.docx) -- C:\Users\Miss Yi Jun\Documents\~$自己想要的.docx
[2012/03/08 22:30:34 | 000,000,000 | ---D | M](C:\Users\Miss Yi Jun\Documents\115???) -- C:\Users\Miss Yi Jun\Documents\115浏览器
[2012/03/08 21:31:25 | 000,000,000 | ---D | C](C:\Users\Miss Yi Jun\Documents\115???) -- C:\Users\Miss Yi Jun\Documents\115浏览器
(C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360????) -- C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360安全中心

< End of report >
  • 0

#14
Essexboy
Posted 02 June 2013 - 10:26 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can see the problem, the reparse points were not deleted because I forgot an inverted comma :blush:

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  • Click on the Start Posted Image button and in the search box, type Notepad and click on it
  • Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\en-US" 
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpAsDesc.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpClient.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCmdRun.exe"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpEvMsg.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpOAV.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpRtMon.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpRtPlug.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSigDwn.dll" 
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSoftEx.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSvc.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MSASCui.exe"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpCom.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpLics.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpRes.dll"
CD \
DIR /S /A:L > %USERPROFILE%\Desktop\JunctionPoints.txt
START JunctionPoints.txt
EXIT
  • Go to File > Save As... and save it to your Desktop named fix.bat. Make sure you change the Save as type to All Files (*.*)
  • Locate fix.bat on your Desktop and right click then select Run as administrator
  • A log Junction.txt will be located on the desktop attach that

  • 0

#15
ladykaze
Posted 02 June 2013 - 11:30 AM

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Hi! I did as instructed but I'm still getting the same error of "Window cannot find 'JunctionPoints.txt'. Make sure you type the name correctly, and then try again." What should I do? :huh:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP