Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack and malwares suspected [Solved]

Started by ladykaze , Jun 01 2013 07:58 AM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 02 June 2013 - 12:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I think I need to recheck that batch file, although it does work on my system



Once the reparse points are gone you should be back to normal

Could you run a scan with OTL please to confirm they have now gone

Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in


    dir "%systemdrive%\*" /S /A:L /C

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window.

  • 0

Advertisements

#17
ladykaze
Posted 03 June 2013 - 07:52 AM

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Hi! I had done as instructed. The log is below:

OTL logfile created on: 03/06/2013 9:31:50 PM - Run 12
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Miss Yi Jun\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 34.44% Memory free
4.22 Gb Paging File | 2.16 Gb Available in Paging File | 51.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.73 Gb Total Space | 50.46 Gb Free Space | 22.96% Space Free | Partition Type: NTFS
Drive D: | 78.36 Gb Total Space | 77.89 Gb Free Space | 99.40% Space Free | Partition Type: NTFS
Drive H: | 998.10 Mb Total Space | 11.70 Mb Free Space | 1.17% Space Free | Partition Type: FAT32

Computer Name: MISSYIJUN-PC | User Name: Miss Yi Jun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/01 22:36:50 | 000,106,280 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/15 20:08:46 | 000,945,328 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/10/06 04:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Miss Yi Jun\Desktop\OTL.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/25 09:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 14:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/06/27 16:04:31 | 001,453,568 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SingTel\McciTrayApp.exe
PRC - [2008/01/16 09:10:37 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/25 17:29:38 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\FlashGet\flashget.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/23 13:44:07 | 000,393,168 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/23 13:44:06 | 013,136,336 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013/05/23 13:43:59 | 004,051,408 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/23 13:43:03 | 001,597,392 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/07/05 05:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/09/11 19:21:34 | 001,327,184 | ---- | M] () -- C:\Program Files\FlashGet\FGEMCORE.dll
MOD - [2007/09/11 19:21:34 | 000,626,688 | ---- | M] () -- C:\Program Files\FlashGet\FGBTCORE.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Ssbbuse)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013/06/01 22:36:50 | 000,106,280 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013/05/15 23:27:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/15 20:08:46 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MISSYI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\appliand.sys -- (appliandMP)
DRV - [2013/02/22 09:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2013/02/22 09:37:16 | 000,040,136 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/01/15 20:08:47 | 000,031,576 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/07/20 19:48:54 | 000,031,360 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/02/18 12:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudobex.sys -- (ssudobex)
DRV - [2011/02/18 12:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/02/18 12:47:42 | 000,066,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/01/24 21:17:20 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/01/24 21:17:20 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/01/03 16:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 16:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/01/03 16:38:36 | 000,114,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/01/03 16:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/21 13:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/03 17:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/25 23:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 23:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 23:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 23:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 23:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 23:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 23:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008/04/02 09:48:40 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/04/02 09:48:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2006/09/19 22:14:10 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/09/19 22:14:10 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/06/03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:0.8.0
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.12
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.startup.homepage: "http://www.hao123.com"
FF - prefs.js..browser.startup.homepage: "http://www.hao123.com"
FF - prefs.js..browser.startup.homepage: "http://www.hao123.co...ser.newtab.url", "about:blank");
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\1.0.0.54\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrlPlugin: C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(530).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npaplayer: C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files\Thunder Network\Thunder\BHO\xluser\npxluser.dll File not found
FF - HKLM\Software\MozillaPlugins\@ylmf.com/UploadPlugin: C:\Program Files\115\UDown\NPUpLoadFile.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Miss Yi Jun\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Miss Yi Jun\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files\Thunder Network\Thunder\BHO\xluser\npxluser.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.2: C:\Users\Miss Yi Jun\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/29 00:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components [2012/05/18 14:26:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2013/05/17 22:05:34 | 000,000,000 | ---D | M]

[2009/07/28 21:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Extensions
[2009/07/28 21:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2013/06/01 23:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions
[2010/05/29 01:08:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/07 21:10:37 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2011/04/22 01:58:38 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/02/07 21:10:37 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/10/23 15:10:18 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
[2010/08/15 03:26:47 | 000,000,000 | ---D | M] (Nami Plugin) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
[2010/09/12 22:13:04 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/02/29 00:03:13 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\{D119EDE5-84F2-4204-927D-D8811DC193B9}
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Windows Media Player\np-mswmp.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Thunder DapCtrl Plugin (Enabled) = C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(530).dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.2 (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Media Go Detector (Enabled) = c:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: YouTube = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DBankPlugin = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpphgmdbhahgadoggfojpaljepicgfpd\1.1.0.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.1.8_0\
CHR - Extension: Gmail = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/06/02 14:33:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SingTel_McciTrayApp] C:\Program Files\SingTel\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O15 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..Trusted Domains: security_PPStream.exe ([]about in Trusted sites)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D419BDA-FFB2-414C-A8BF-86FFF8B80DFA}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92833653-E5A0-4C2D-870F-10A4A9E9EC78}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/03 21:00:59 | 000,000,000 | ---D | C] -- C:\Users\Miss Yi Jun\AppData\Roaming\DVDVideoSoftIEHelpers
[2013/06/03 20:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/06/03 19:54:14 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/06/03 19:54:01 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/06/03 19:54:01 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/06/03 19:54:01 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/06/02 18:52:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/02 18:52:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/02 18:42:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/02 18:42:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/06/02 14:31:32 | 000,000,000 | ---D | C] -- C:\Users\Miss Yi Jun\AppData\Local\temp
[2013/06/02 14:05:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/02 14:05:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/02 00:48:03 | 000,000,000 | ---D | C] -- C:\Users\Miss Yi Jun\AppData\Local\{3F741F2D-8D83-46B2-8FE7-62F69BC2A605}
[2013/06/01 23:26:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/01 22:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/06/01 22:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/06/01 22:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/06/01 22:15:32 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\yyjvmrkt.sys
[2013/06/01 21:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/06/01 21:20:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Miss Yi Jun\Desktop\OTL.exe
[2013/06/01 10:39:33 | 005,076,415 | R--- | C] (Swearware) -- C:\Users\Miss Yi Jun\Desktop\ComboFix.exe
[2013/06/01 01:01:00 | 000,000,000 | ---D | C] -- C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
[2013/06/01 01:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\x264 Video Codec
[2013/05/29 02:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013/05/29 02:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013/05/28 21:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2013/05/28 21:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2013/05/28 21:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2013/05/28 21:29:13 | 000,000,000 | ---D | C] -- C:\Users\Miss Yi Jun\AppData\Roaming\Hotspot Shield
[2013/05/26 20:30:00 | 000,000,000 | ---D | C] -- C:\TDDOWNLOAD
[2013/05/26 20:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Xunlei
[2013/05/26 20:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Baidu
[2013/05/26 20:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PPLiveNetwork
[2013/05/16 21:31:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/16 21:17:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/16 21:17:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/16 21:17:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/16 21:17:11 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/16 21:17:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/16 21:17:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/16 21:17:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/15 21:26:17 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/15 21:26:14 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2013/06/03 21:27:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/03 21:18:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/03 20:55:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-631317932-1057005952-1023814535-1000UA.job
[2013/06/03 19:53:55 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/06/03 19:53:55 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/06/03 19:53:55 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/06/03 19:53:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/06/03 19:53:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/06/03 19:53:55 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/06/03 19:39:01 | 000,005,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 19:39:01 | 000,005,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 19:38:57 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/03 19:38:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/03 01:34:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/03 01:28:28 | 000,001,231 | ---- | M] () -- C:\Users\Miss Yi Jun\Desktop\fix.bat
[2013/06/02 23:24:05 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/02 23:24:05 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/02 21:00:02 | 000,190,976 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/02 18:55:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-631317932-1057005952-1023814535-1000Core.job
[2013/06/02 18:40:50 | 000,000,000 | ---- | M] () -- C:\Miss
[2013/06/02 18:15:00 | 005,076,415 | R--- | M] (Swearware) -- C:\Users\Miss Yi Jun\Desktop\ComboFix.exe
[2013/06/02 14:33:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/06/01 23:36:25 | 000,000,345 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/06/01 22:36:50 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/06/01 22:15:32 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\yyjvmrkt.sys
[2013/06/01 22:04:33 | 000,632,031 | ---- | M] () -- C:\Users\Miss Yi Jun\Desktop\adwcleaner.exe
[2013/06/01 21:38:09 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/05/30 20:57:11 | 000,000,000 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\prvlcl.dat
[2013/05/29 02:55:51 | 000,001,095 | ---- | M] () -- C:\Users\Miss Yi Jun\Desktop\Free YouTube Download.lnk
[2013/05/29 01:08:57 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/26 20:01:49 | 000,000,911 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Roaming\coreavc.ini
[2013/05/26 19:38:41 | 000,000,938 | ---- | M] () -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/05/25 14:56:08 | 000,002,074 | ---- | M] () -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/25 14:56:07 | 000,002,072 | ---- | M] () -- C:\Users\Miss Yi Jun\Desktop\Google Chrome.lnk
[2013/05/17 12:05:28 | 000,401,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/15 23:27:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/15 23:27:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/06 03:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files Created - No Company Name ==========

[2013/06/03 01:28:28 | 000,001,231 | ---- | C] () -- C:\Users\Miss Yi Jun\Desktop\fix.bat
[2013/06/02 14:05:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/02 14:05:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/02 14:05:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/02 14:05:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/02 14:05:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/02 13:50:22 | 000,000,000 | ---- | C] () -- C:\Miss
[2013/06/01 22:36:50 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/06/01 22:04:29 | 000,632,031 | ---- | C] () -- C:\Users\Miss Yi Jun\Desktop\adwcleaner.exe
[2013/06/01 21:38:09 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/06/01 21:36:26 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/05/29 02:55:50 | 000,001,095 | ---- | C] () -- C:\Users\Miss Yi Jun\Desktop\Free YouTube Download.lnk
[2012/09/13 22:59:05 | 000,001,850 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\network.dat
[2012/03/23 22:03:21 | 000,000,911 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\coreavc.ini
[2011/12/02 14:06:28 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2011/03/09 02:11:22 | 000,004,096 | -H-- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\keyfile3.drm
[2011/02/20 20:32:32 | 000,000,050 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\Syscfg.ini
[2010/12/13 21:47:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/20 22:17:52 | 000,000,552 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\d3d8caps.dat
[2010/03/30 00:30:11 | 000,000,000 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\prvlcl.dat
[2008/09/20 23:57:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/18 20:19:05 | 000,037,165 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/06/21 19:39:38 | 000,190,976 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/20 16:45:56 | 000,001,356 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 20:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 14:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 14:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/13 12:49:10 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/13 12:49:10 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2008/10/10 22:25:18 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Ashampoo
[2012/09/29 13:29:54 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\AVG2013
[2011/03/24 23:16:03 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\BitTorrent
[2009/03/01 23:38:10 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\BonkEnc
[2012/01/27 00:15:29 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Canon
[2009/10/27 21:57:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/19 22:16:36 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\CravingExplorer
[2011/12/31 23:47:59 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\DBank
[2012/03/24 18:27:35 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Digiarty
[2013/06/03 21:01:23 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\DVDVideoSoft
[2013/06/03 21:00:59 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/03/01 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Facebook
[2008/06/22 18:13:40 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\FlashGet
[2012/07/07 14:34:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\flash_se
[2009/07/28 21:24:29 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Flock
[2010/08/20 22:24:21 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\funshionAddr
[2012/03/27 12:25:16 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\HandBrake
[2013/05/28 21:29:13 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Hotspot Shield
[2013/03/02 17:50:23 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\ImgBurn
[2012/08/22 01:27:26 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Leawo
[2013/03/21 22:14:30 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Mp3tag
[2009/11/26 00:13:15 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\NCH Swift Sound
[2013/03/03 23:08:49 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\OpenOffice.org
[2013/06/03 01:33:45 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Orbit
[2011/11/14 00:55:30 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\PhotoScape
[2010/08/15 01:04:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\PPStream
[2012/05/18 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\ProgSense
[2012/05/18 18:34:20 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Recordpad
[2010/08/17 01:10:10 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Runscanner.net
[2011/11/07 21:39:51 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Samsung
[2011/01/24 21:09:47 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Sony
[2011/01/24 20:59:23 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Sony Setup
[2009/06/12 23:12:48 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Teleca
[2012/08/22 01:29:00 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\tiger-k
[2012/09/29 13:07:12 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\TuneUp Software
[2011/02/20 20:57:25 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\UDown
[2009/10/19 02:09:13 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Windows Live Writer
[2010/11/27 17:04:37 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\YouSendIt

========== Purity Check ==========



========== Custom Scans ==========

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 14EE-906F
Directory of C:\
02/11/2006 09:02 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
02/11/2006 09:02 PM <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 09:02 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 09:02 PM <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 09:02 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 09:02 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 09:02 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB60561$
01/06/2013 01:02 AM <SYMLINK> 1332567033.vir [c:\windows\system32\config]
1 File(s) 0 bytes
Directory of C:\Users
02/11/2006 09:02 PM <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 09:02 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
02/11/2006 09:02 PM <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 09:02 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 09:02 PM <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 09:02 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 09:02 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 09:02 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
02/11/2006 09:02 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 09:02 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 09:02 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 09:02 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 09:02 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 09:02 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 09:02 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 09:02 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 09:02 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
02/11/2006 09:02 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 09:02 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 09:02 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
02/11/2006 09:02 PM <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 09:02 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 09:02 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Miss Yi Jun
20/06/2008 04:45 PM <JUNCTION> Application Data [C:\Users\Miss Yi Jun\AppData\Roaming]
20/06/2008 04:45 PM <JUNCTION> Cookies [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Cookies]
20/06/2008 04:45 PM <JUNCTION> Local Settings [C:\Users\Miss Yi Jun\AppData\Local]
20/06/2008 04:45 PM <JUNCTION> My Documents [C:\Users\Miss Yi Jun\Documents]
20/06/2008 04:45 PM <JUNCTION> NetHood [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
20/06/2008 04:45 PM <JUNCTION> PrintHood [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
20/06/2008 04:45 PM <JUNCTION> Recent [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Recent]
20/06/2008 04:45 PM <JUNCTION> SendTo [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\SendTo]
20/06/2008 04:45 PM <JUNCTION> Start Menu [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu]
20/06/2008 04:45 PM <JUNCTION> Templates [C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Miss Yi Jun\AppData\Local
20/06/2008 04:45 PM <JUNCTION> Application Data [C:\Users\Miss Yi Jun\AppData\Local]
20/06/2008 04:45 PM <JUNCTION> History [C:\Users\Miss Yi Jun\AppData\Local\Microsoft\Windows\History]
20/06/2008 04:45 PM <JUNCTION> Temporary Internet Files [C:\Users\Miss Yi Jun\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Miss Yi Jun\AppData\LocalLow
09/06/2010 08:43 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Miss Yi Jun\Documents
20/06/2008 04:45 PM <JUNCTION> My Music [C:\Users\Miss Yi Jun\Music]
20/06/2008 04:45 PM <JUNCTION> My Pictures [C:\Users\Miss Yi Jun\Pictures]
20/06/2008 04:45 PM <JUNCTION> My Videos [C:\Users\Miss Yi Jun\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
02/11/2006 09:02 PM <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 09:02 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 09:02 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
1 File(s) 0 bytes
50 Dir(s) 54,175,985,664 bytes free

========== Files - Unicode (All) ==========
[2013/05/26 20:17:53 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
[2012/07/08 02:15:56 | 000,000,000 | ---D | M](C:\360????) -- C:\360高速下载
[2012/07/07 15:50:41 | 000,000,000 | ---D | C](C:\360????) -- C:\360高速下载
[2012/07/07 13:21:15 | 000,000,877 | ---- | M] ()(C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360?????.lnk) -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全浏览器.lnk
[2012/07/07 13:21:15 | 000,000,877 | ---- | C] ()(C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360?????.lnk) -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全浏览器.lnk
[2012/07/02 12:59:18 | 000,014,347 | ---- | M] ()(C:\Users\Miss Yi Jun\Documents\???.docx) -- C:\Users\Miss Yi Jun\Documents\迪迪宅.docx
[2012/07/02 12:59:16 | 000,014,347 | ---- | C] ()(C:\Users\Miss Yi Jun\Documents\???.docx) -- C:\Users\Miss Yi Jun\Documents\迪迪宅.docx
[2012/06/20 13:01:47 | 000,000,162 | -H-- | M] ()(C:\Users\Miss Yi Jun\Documents\~$?????.docx) -- C:\Users\Miss Yi Jun\Documents\~$自己想要的.docx
[2012/06/20 13:01:47 | 000,000,162 | -H-- | C] ()(C:\Users\Miss Yi Jun\Documents\~$?????.docx) -- C:\Users\Miss Yi Jun\Documents\~$自己想要的.docx
[2012/03/08 22:30:34 | 000,000,000 | ---D | M](C:\Users\Miss Yi Jun\Documents\115???) -- C:\Users\Miss Yi Jun\Documents\115浏览器
[2012/03/08 21:31:25 | 000,000,000 | ---D | C](C:\Users\Miss Yi Jun\Documents\115???) -- C:\Users\Miss Yi Jun\Documents\115浏览器
(C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360????) -- C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360安全中心

< End of report >
  • 0

#18
Essexboy
Posted 03 June 2013 - 08:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that worked, my apologies for my error causing the delay

Could you now confirm that you are able to do downloads by downloading a fresh copy of Malwarebytes
  • 0

#19
ladykaze
Posted 03 June 2013 - 10:09 AM

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Hi! It's ok. I thought I went wrong somewhere. You had been quick in responding which I'm really grateful for. :thumbsup:
Yes, I had tried downloading some stuff. Malwarebytes go straight to orbit downloader so I went ahead to download some other stuff and it works. Thank you so much. :happy:
  • 0

#20
Essexboy
Posted 03 June 2013 - 10:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#21
ladykaze
Posted 04 June 2013 - 08:30 AM

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Thank you! I will look out in case there is anymore issue. Thank you so much for your quick response and help! :thumbsup:
  • 0

#22
Essexboy
Posted 04 June 2013 - 08:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure, and once more I apologise for my coding error

Keep safe and enjoy :cool:
  • 0

#23
ladykaze
Posted 05 June 2013 - 10:15 AM

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
No problem as of today! Thank you so much :thumbsup:
  • 0

#24
Essexboy
Posted 05 June 2013 - 11:33 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP