OTL logfile created on: 6/20/2011 8:59:10 PM - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\ooba\Desktop Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.24 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 61.33% Memory free 6.70 Gb Paging File | 5.27 Gb Available in Paging File | 78.63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 283.40 Gb Total Space | 181.30 Gb Free Space | 63.97% Space Free | Partition Type: NTFS Drive D: | 14.65 Gb Total Space | 7.14 Gb Free Space | 48.73% Space Free | Partition Type: NTFS Drive K: | 976.13 Mb Total Space | 960.36 Mb Free Space | 98.38% Space Free | Partition Type: FAT Computer Name: OOBA-PC | User Name: ooba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/06/20 19:33:23 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Users\ooba\AppData\Local\ies.exe PRC - [2011/05/31 20:20:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\ooba\Desktop\OTL.exe PRC - [2011/05/06 17:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe PRC - [2009/12/08 20:08:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009/06/18 23:49:01 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/05/13 18:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009/04/30 18:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2009/02/27 16:10:16 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\DELL\DellDock\DellDock.exe PRC - [2009/02/23 10:48:06 | 000,632,048 | ---- | M] (SoftThinks) -- C:\Windows\sminst\SftService.exe PRC - [2009/02/02 22:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe PRC - [2009/01/05 18:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe PRC - [2009/01/05 18:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\DELL\DellDock\DockLogin.exe PRC - [2008/01/20 22:34:32 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe PRC - [2007/09/21 14:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe PRC - [2007/09/14 14:35:04 | 005,730,304 | ---- | M] () -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe PRC - [2007/04/24 19:24:16 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbfcoms.exe PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011/05/31 20:20:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\ooba\Desktop\OTL.exe MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011/05/06 17:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2009/12/08 20:08:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/06/18 21:11:34 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2009/05/13 18:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/04/30 18:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009/02/23 10:48:06 | 000,632,048 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Windows\sminst\sftservice.EXE -- (SftService) SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) SRV - [2009/01/05 18:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc) SRV - [2009/01/05 18:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync) SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\DELL\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/09/21 14:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2) SRV - [2007/09/14 14:35:04 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db) SRV - [2007/04/24 19:24:16 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbfcoms.exe -- (lxbf_device) SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2009/12/08 20:08:28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/07/18 20:25:34 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\atmarps.sys -- (atmarps) DRV - [2009/05/11 12:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/04/30 19:03:06 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC) DRV - [2009/04/30 19:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2009/04/30 18:59:58 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2009/04/30 18:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009/03/30 12:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009/02/13 14:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/11/04 19:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104}) DRV - [2008/06/17 12:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet) DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\prxtbAns0.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-167698497-3311186056-1143447074-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 IE - HKU\S-1-5-21-167698497-3311186056-1143447074-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hao.kuaibo.com/ IE - HKU\S-1-5-21-167698497-3311186056-1143447074-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-167698497-3311186056-1143447074-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-167698497-3311186056-1143447074-1000\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-167698497-3311186056-1143447074-1000\..\URLSearchHook: {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\prxtbAns0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-167698497-3311186056-1143447074-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-167698497-3311186056-1143447074-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-167698497-3311186056-1143447074-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=135963" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6102 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100005 FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.4 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=135963&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/26 06:12:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/12 19:49:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/12 19:49:59 | 000,000,000 | ---D | M] [2009/06/29 22:18:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ooba\AppData\Roaming\Mozilla\Extensions [2011/06/20 15:17:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ooba\AppData\Roaming\Mozilla\Firefox\Profiles\z5wkdeix.default\extensions [2010/10/22 08:06:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ooba\AppData\Roaming\Mozilla\Firefox\Profiles\z5wkdeix.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/12/16 20:55:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\ooba\AppData\Roaming\Mozilla\Firefox\Profiles\z5wkdeix.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/08/05 12:37:40 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\ooba\AppData\Roaming\Mozilla\Firefox\Profiles\z5wkdeix.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2010/10/22 08:06:41 | 000,000,000 | ---D | M] ("AIM Toolbar") -- C:\Users\ooba\AppData\Roaming\Mozilla\Firefox\Profiles\z5wkdeix.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760} [2011/05/27 05:26:12 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\ooba\AppData\Roaming\Mozilla\Firefox\Profiles\z5wkdeix.default\extensions\toolbar@ask.com [2009/10/14 10:08:36 | 000,004,546 | ---- | M] () -- C:\Users\ooba\AppData\Roaming\Mozilla\Firefox\Profiles\z5wkdeix.default\searchplugins\aim-search-1.xml [2009/07/21 20:11:41 | 000,004,207 | ---- | M] () -- C:\Users\ooba\AppData\Roaming\Mozilla\Firefox\Profiles\z5wkdeix.default\searchplugins\aim-search.xml [2011/06/20 08:03:27 | 000,002,581 | ---- | M] () -- C:\Users\ooba\AppData\Roaming\Mozilla\Firefox\Profiles\z5wkdeix.default\searchplugins\askcom.xml [2010/02/11 10:28:09 | 000,009,985 | ---- | M] () -- C:\Users\ooba\AppData\Roaming\Mozilla\Firefox\Profiles\z5wkdeix.default\searchplugins\mywebsearch.xml [2011/05/21 19:33:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/02/16 10:03:29 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/11/18 17:19:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011/05/21 19:33:13 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM [2011/05/21 19:33:13 | 000,000,000 | ---D | M] (Dealio Toolbar) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF [2011/05/26 06:12:04 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2009/10/28 08:37:27 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\OOBA\APPDATA\ROAMING\MOVE NETWORKS [2010/11/18 18:15:53 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll (Spigot, Inc.) O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\pvod\JfCheck.dll (PIPI Tech.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Answers.com Toolbar) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\prxtbAns0.dll (Conduit Ltd.) O2 - BHO: (Baidu Toolbar BHO) - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Program Files\Baidu\Toolbar\BaiduBarX.dll () O2 - BHO: (QvodGameExtend) - {94C3E4BB-A261-4A83-B437-EA6F7A28CA68} - C:\Program Files\Kuaiwan\QvodGameExtend.dll (Shenzhen QVOD Technology Co.,Ltd) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (FE060AE0-F94F-BD40-42DB-771347123C9A Class) - {FE060AE0-F94F-BD40-42DB-771347123C9A} - C:\QvodPlayer\AddIn\QvodAddr.dll () O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Answers.com Toolbar) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\prxtbAns0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (°Ù¶È¹¤¾ßÀ¸) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\Baidu\Toolbar\BaiduBarX.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-167698497-3311186056-1143447074-1000\..\Toolbar\WebBrowser: (Answers.com Toolbar) - {6341761B-BABE-406D-B0D6-8D99B81C2EE5} - C:\Program Files\Answers.com\prxtbAns0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-167698497-3311186056-1143447074-1000\..\Toolbar\WebBrowser: (°Ù¶È¹¤¾ßÀ¸) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\Baidu\Toolbar\BaiduBarX.dll () O3 - HKU\S-1-5-21-167698497-3311186056-1143447074-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [GVOD] C:\Program Files\GVOD\GVODS.exe (ShenZhen PiaoYi Network Technology Co.,Ltd.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) O4 - HKLM..\Run: [jfproc] C:\pvod\jfCacheMgr.exe (皮皮科技) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-167698497-3311186056-1143447074-1000..\Run: [4139161940] C:\Users\ooba\AppData\Local\ies.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-167698497-3311186056-1143447074-1000..\Run: [BAIDUMEDIA] C:\Program Files\Baidu\BaiduPlayer\BaiduPlayer.exe () O4 - HKU\S-1-5-21-167698497-3311186056-1143447074-1000..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.) O4 - HKU\S-1-5-21-167698497-3311186056-1143447074-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - HKU\S-1-5-21-167698497-3311186056-1143447074-1000..\Run: [QvodPlayer] C:\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd) O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat () O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\ooba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation) O8 - Extra context menu item: °Ù¶ÈÒ»ÏÂËùÑ¡ÎÄ×Ö (&B) - C:\Program Files\Common Files\Baidu\Baidu.html () O8 - Extra context menu item: Answers... - C:\Program Files\1-Click Answers\Html\atiemenu.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class) O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} http://download1.answers.com/pub/AnswersSetup.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{d26ff94e-5c41-11de-8d6a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d26ff94e-5c41-11de-8d6a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKU\S-1-5-21-167698497-3311186056-1143447074-1000..exefile [open] -- "C:\Users\ooba\AppData\Local\ies.exe" -a "%1" %* (Microsoft Corporation) O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-167698497-3311186056-1143447074-1000\...exe [@ = exefile] -- "C:\Users\ooba\AppData\Local\ies.exe" -a "%1" %* (Microsoft Corporation) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/06/20 20:52:23 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\ooba\Desktop\OTL.exe [2011/06/20 19:33:23 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Users\ooba\AppData\Local\ies.exe [2011/06/19 06:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras [2011/06/12 19:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011/06/12 19:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/06/12 19:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011/06/12 19:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011/06/12 19:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011/06/12 19:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011/06/10 20:37:25 | 000,000,000 | ---D | C] -- C:\Users\ooba\AppData\Roaming\go [2011/06/10 20:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO [2011/06/04 17:38:35 | 000,000,000 | ---D | C] -- C:\Users\ooba\AppData\Local\Canon Easy-PhotoPrint EX [2011/05/26 08:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2011/05/26 08:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2011/05/26 08:11:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan [2011/05/26 08:11:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS [2011/05/26 08:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan [2011/05/26 08:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011/05/26 08:11:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0301020.009 [2011/05/26 08:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2011/05/26 08:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2011/05/26 06:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2009/07/31 08:17:58 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\ooba\AppData\Roaming\DataSafeDotNet.exe [2009/07/19 12:26:45 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbfserv.dll [2009/07/19 12:26:45 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbfusb1.dll [2009/07/19 12:26:45 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbfhbn3.dll [2009/07/19 12:26:45 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomc.dll [2009/07/19 12:26:45 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbfpmui.dll [2009/07/19 12:26:45 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbflmpm.dll [2009/07/19 12:26:45 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbfcoms.exe [2009/07/19 12:26:45 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomm.dll [2009/07/19 12:26:45 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbfinpa.dll [2009/07/19 12:26:45 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbfiesc.dll [2009/07/19 12:26:45 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbfih.exe [2009/07/19 12:26:45 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbfcfg.exe [2009/07/19 12:26:45 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBFhcp.dll [2009/07/19 12:26:45 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbfprox.dll [2009/07/19 12:26:45 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbfpplc.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/06/20 20:58:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/06/20 20:52:32 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/06/20 20:52:32 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/06/20 20:45:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-167698497-3311186056-1143447074-1000UA.job [2011/06/20 20:20:06 | 000,010,216 | -HS- | M] () -- C:\Users\ooba\AppData\Local\v1e11s0a3715x3h1hrdefn540r28f5h [2011/06/20 20:20:06 | 000,010,216 | -HS- | M] () -- C:\ProgramData\v1e11s0a3715x3h1hrdefn540r28f5h [2011/06/20 20:17:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/06/20 20:17:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/06/20 20:17:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/06/20 20:17:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/06/20 20:17:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2011/06/20 20:17:06 | 3478,310,912 | -HS- | M] () -- C:\hiberfil.sys [2011/06/20 19:53:13 | 000,005,216 | ---- | M] () -- C:\Users\ooba\AppData\Local\d3d9caps.dat [2011/06/20 19:47:13 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for ooba.job [2011/06/20 16:45:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-167698497-3311186056-1143447074-1000Core.job [2011/06/20 11:22:08 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{84DD734E-DAA7-4572-8E9D-E6F534EBDB8B}.job [2011/06/14 18:59:15 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011/06/12 19:57:54 | 000,001,626 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/06/12 19:51:50 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2011/06/12 19:51:29 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2011/06/12 19:51:29 | 000,001,854 | ---- | M] () -- C:\Users\ooba\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2011/06/12 19:49:43 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/06/10 20:37:25 | 000,001,557 | ---- | M] () -- C:\Users\ooba\Desktop\Play games (EasyBits GO).lnk [2011/05/31 20:20:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\ooba\Desktop\OTL.exe [2011/05/26 08:11:10 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk [2011/05/26 06:12:17 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2011/05/26 06:11:38 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/06/20 19:33:38 | 000,010,216 | -HS- | C] () -- C:\Users\ooba\AppData\Local\v1e11s0a3715x3h1hrdefn540r28f5h [2011/06/20 19:33:38 | 000,010,216 | -HS- | C] () -- C:\ProgramData\v1e11s0a3715x3h1hrdefn540r28f5h [2011/06/12 19:57:54 | 000,001,626 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/06/12 19:51:50 | 000,000,629 | ---- | C] () -- C:\Windows\System32\mapisvc.inf [2011/06/12 19:51:29 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2011/06/12 19:49:43 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/06/10 20:37:25 | 000,001,587 | ---- | C] () -- C:\Users\ooba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play games (EasyBits GO).lnk [2011/06/10 20:37:25 | 000,001,557 | ---- | C] () -- C:\Users\ooba\Desktop\Play games (EasyBits GO).lnk [2011/05/26 08:11:10 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk [2011/05/26 08:11:10 | 000,000,434 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for ooba.job [2011/05/26 08:11:06 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0301020.009\isolate.ini [2011/05/26 06:12:17 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2011/05/17 12:35:30 | 000,000,305 | ---- | C] () -- C:\Windows\System32\bdsecushr.dat [2010/06/21 03:00:04 | 000,000,680 | ---- | C] () -- C:\Users\ooba\AppData\Roaming\coreavc.ini [2010/04/13 22:29:14 | 000,000,078 | ---- | C] () -- C:\Users\ooba\AppData\Roaming\wklnhst.dat [2010/02/16 10:06:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/08/07 16:11:07 | 000,005,216 | ---- | C] () -- C:\Users\ooba\AppData\Local\d3d9caps.dat [2009/08/01 21:26:37 | 000,000,012 | ---- | C] () -- C:\Windows\System32\cid_store.dat [2009/07/27 20:55:02 | 000,006,144 | ---- | C] () -- C:\Users\ooba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/19 14:54:20 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat [2009/07/19 12:30:30 | 000,000,396 | ---- | C] () -- C:\Windows\lexstat.ini [2009/07/19 12:26:45 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbfutil.dll [2009/07/19 12:26:45 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBFinst.dll [2009/06/29 00:41:07 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009/06/18 23:53:18 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2009/06/18 23:53:18 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2009/06/18 23:53:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2009/06/18 23:53:18 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2009/06/18 23:53:16 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll [2009/06/18 23:50:28 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/06/18 23:50:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/06/18 21:16:52 | 000,385,024 | ---- | C] () -- C:\Windows\System32\STODD.dll [2009/06/18 21:16:52 | 000,380,928 | ---- | C] () -- C:\Windows\System32\STODDRD.dll [2009/06/18 21:16:52 | 000,266,240 | ---- | C] () -- C:\Windows\System32\STODDIM.dll [2009/06/18 21:16:52 | 000,253,952 | ---- | C] () -- C:\Windows\System32\STODDSC.dll [2009/06/18 21:16:52 | 000,122,880 | ---- | C] () -- C:\Windows\System32\STLog.dll [2009/06/18 21:16:52 | 000,115,712 | ---- | C] () -- C:\Windows\System32\STNLS.dll [2009/06/18 21:16:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\STPE.dll [2009/06/18 21:16:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\STMsXml.dll [2009/06/18 21:16:52 | 000,077,824 | ---- | C] () -- C:\Windows\System32\STLangXml.dll [2009/06/18 21:16:52 | 000,069,632 | ---- | C] () -- C:\Windows\System32\STRegistry.dll [2009/06/18 21:16:52 | 000,066,048 | ---- | C] () -- C:\Windows\System32\STWiz.dll [2009/06/18 21:16:52 | 000,065,536 | ---- | C] () -- C:\Windows\System32\STProcess.dll [2009/06/18 21:16:51 | 000,471,040 | ---- | C] () -- C:\Windows\System32\PSTImage.dll [2009/06/18 21:16:51 | 000,229,376 | ---- | C] () -- C:\Windows\System32\STFiles.dll [2009/06/18 21:16:51 | 000,126,976 | ---- | C] () -- C:\Windows\System32\STWmiM.dll [2009/06/18 21:16:51 | 000,118,784 | ---- | C] () -- C:\Windows\System32\STCrypto.dll [2009/06/18 21:16:51 | 000,110,592 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll [2009/06/18 21:16:51 | 000,098,304 | ---- | C] () -- C:\Windows\System32\STFileMonitor.dll [2009/06/18 21:16:51 | 000,090,112 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll [2009/06/18 21:16:51 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib1.dll [2009/06/18 21:16:50 | 000,102,400 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll [2009/06/18 21:16:48 | 001,118,208 | ---- | C] () -- C:\Windows\System32\libxml2.dll [2009/06/18 21:16:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll [2009/05/08 12:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009/04/30 18:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2008/02/03 19:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007/02/22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbfcoin.dll [2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:44:53 | 000,295,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 06:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/01/12 10:24:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbfvs.dll [2005/09/13 17:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbfcnv4.dll [color=#E56717]========== LOP Check ==========[/color] [2011/02/27 16:54:18 | 000,000,000 | ---D | M] -- C:\Users\ooba\AppData\Roaming\360safe [2011/02/28 00:03:08 | 000,000,000 | ---D | M] -- C:\Users\ooba\AppData\Roaming\360se [2009/07/21 20:11:54 | 000,000,000 | ---D | M] -- C:\Users\ooba\AppData\Roaming\acccore [2011/05/17 11:42:19 | 000,000,000 | ---D | M] -- C:\Users\ooba\AppData\Roaming\Baidu [2010/11/10 00:54:01 | 000,000,000 | ---D | M] -- C:\Users\ooba\AppData\Roaming\BitTorrent [2010/06/23 22:28:23 | 000,000,000 | ---D | M] -- C:\Users\ooba\AppData\Roaming\Canon [2009/07/19 12:35:18 | 000,000,000 | ---D | M] -- C:\Users\ooba\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/06/20 19:53:12 | 000,000,000 | ---D | M] -- C:\Users\ooba\AppData\Roaming\go [2011/06/20 19:54:34 | 000,000,000 | ---D | M] -- C:\Users\ooba\AppData\Roaming\PIPI [2010/11/19 23:07:10 | 000,000,000 | ---D | M] -- C:\Users\ooba\AppData\Roaming\qvodaddr [2010/03/30 13:41:25 | 000,000,000 | ---D | M] -- C:\Users\ooba\AppData\Roaming\TechWizard [2010/04/13 22:29:15 | 000,000,000 | ---D | M] -- C:\Users\ooba\AppData\Roaming\Template [2010/08/29 06:38:41 | 000,000,000 | ---D | M] -- C:\Users\ooba\AppData\Roaming\XiTaotao [2011/06/20 19:59:22 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011/06/20 11:22:08 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{84DD734E-DAA7-4572-8E9D-E6F534EBDB8B}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2009/06/18 23:49:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2009/06/18 23:49:01 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2009/06/18 23:49:01 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2009/06/18 23:49:01 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009/06/18 23:49:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008/01/20 22:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008/01/20 22:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/20 22:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008/01/20 22:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008/01/20 22:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\360SE.exe\shell\open\command\\: C:\Program Files\360\360Se\360se3\360SE.exe [2010/12/22 23:32:34 | 001,836,560 | ---- | M] (360.cn) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/29 21:20:55 | 000,552,400 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/29 21:20:55 | 000,552,400 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/29 21:20:55 | 000,552,400 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Users\ooba\AppData\Local\ies.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" [2011/06/20 19:33:23 | 000,348,160 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/29 21:20:55 | 000,910,296 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Users\ooba\AppData\Local\ies.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/20 19:33:23 | 000,348,160 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 22:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 22:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 22:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Users\ooba\AppData\Local\ies.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe" [2011/06/20 19:33:23 | 000,348,160 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.) [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010/02/15 00:52:51 | 000,197,578 | ---- | M] ()(C:\Users\ooba\??????.exe) -- C:\Users\ooba\无缓冲播放器.exe (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度工具栏 [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D432CE3 < End of report >