Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google Redirect Virus [Solved]

Started by applestarz , Oct 17 2009 04:33 AM

This topic is locked

#31
hammerman

Posted 02 November 2009 - 02:23 PM

Member 4k

Member
4,183 posts

Hello,

Please follow these steps.

-- Step 1 --

Please install the Firefox add-on Extension List Dumper from here.

Restart Firefox.
Select Tools on the menu bar and select Add-ons
Click on the Dump List button.
Ensure the following are checked.
Version number
Description
URL
ID
Software info
Click on Save as. Enter a filename of extensions and save in a suitable location.
Please attach the file extensions.txt to your reply.

-- Step 2 --

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
C:\Users\Jenny\Documents\update_for_media_player_(KB972036).exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
This fix will produce a report. Please add this to your reply.

#32
applestarz

Posted 03 November 2009 - 12:03 AM

Member

Topic Starter
Member
21 posts

I have done every step outlined for the Extensions List Dumper but once I save it, I cannot find where it is. I have saved it to my desktop and it doesn't appear. I even searched it and it says file not found.

Here's the log for OTL:

OTL Log

All processes killed
========== FILES ==========
C:\Users\Jenny\Documents\update_for_media_player_(KB972036).exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jenny
File delete failed. C:\Users\Jenny\AppData\Local\Temp\hsperfdata_Jenny\2288 scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JETC416.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JETE625.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JETE6FF.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JETE819.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JETE970.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 100791 bytes
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYD1MDBN\en[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYD1MDBN\openhand_8_8[1].bmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 45463526 bytes
->Java cache emptied: 10727 bytes
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
->FireFox cache emptied: 59899110 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 100.59 mb

OTL by OldTimer - Version 3.0.21.0 log created on 11032009_163443

Files\Folders moved on Reboot...
File\Folder C:\Users\Jenny\AppData\Local\Temp\hsperfdata_Jenny\2288 not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JETC416.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JETE625.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JETE6FF.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JETE819.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JETE970.tmp not found!
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYD1MDBN\en[1].htm moved successfully.
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYD1MDBN\openhand_8_8[1].bmp moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...

Thanks for your continued help!

#33
hammerman

Posted 03 November 2009 - 01:47 AM

Member 4k

Member
4,183 posts

Hello,

Instead of using Save as, try selecting Copy to clipboard. Then open Notepad and select Edit->Paste.
Save the Notepad contents into a file called extensions.txt and attach the file to your reply.

#34
applestarz

Posted 03 November 2009 - 02:05 AM

Member

Topic Starter
Member
21 posts

Hi, I can't find the txt file even though it says it will save in Documents.

Somehow, I still have the virus!

Thanks

#35
applestarz

Posted 03 November 2009 - 02:07 AM

Member

Topic Starter
Member
21 posts

Hi, there is no option to Copy to Clipboard and I still can't find the txt file even though it says it will save in My Documents. And I still have the virus!

Thanks

Edited by applestarz, 03 November 2009 - 02:09 AM.

#36
hammerman

Posted 03 November 2009 - 02:22 AM

Member 4k

Member
4,183 posts

Hello,

There's a Firefox extension which I do not recognise. Let's remove it.

You will need to close Firefox before running this fix.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - prefs.js..extensions.enabledItems: {b16728a5-d2ee-4011-ac93-9d4a6af0fd6e}:1.0
[2009/10/17 13:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{b16728a5-d2ee-4011-ac93-9d4a6af0fd6e}

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
This fix will produce a report. Please add this to your reply.

Then,

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.

#37
applestarz

Posted 06 November 2009 - 04:17 AM

Member

Topic Starter
Member
21 posts

Hi hammerman

Log for Custom Scan/Fixes for OTL

All processes killed
========== OTL ==========
Prefs.js: {b16728a5-d2ee-4011-ac93-9d4a6af0fd6e}:1.0 removed from extensions.enabledItems
C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{b16728a5-d2ee-4011-ac93-9d4a6af0fd6e} moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jenny
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET3251.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET3416.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET35DB.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET36A6.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JETF67.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 3034675 bytes
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIO9VCN6\en[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIO9VCN6\openhand_8_8[1].bmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 16031373 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 95827889 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 11253119 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 1565500 bytes

Total Files Cleaned = 121.80 mb

OTL by OldTimer - Version 3.0.21.0 log created on 11062009_210532

Files\Folders moved on Reboot...
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET3251.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET3416.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET35DB.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET36A6.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JETF67.tmp not found!
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIO9VCN6\en[1].htm moved successfully.
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIO9VCN6\openhand_8_8[1].bmp moved successfully.

Registry entries deleted on Reboot...

OTL Quick Scan

OTL logfile created on: 6/11/2009 9:11:53 PM - Run 6
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\Jenny\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 82.38% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.28 Gb Total Space | 62.26 Gb Free Space | 44.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNY-PC
Current User Name: Jenny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe ()
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\KMaestro\Kmaestro.exe (Kmaestro)
PRC - C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
PRC - C:\Program Files\LiveZilla\LiveZilla.exe (SPAUN Power GmbH)
PRC - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\MMaestro\Kmaestro.exe (Kmaestro)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\PC Tools Internet Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\PC Tools Internet Security\pctsTray.exe (PC Tools)
PRC - C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe (PC Tools)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Users\Jenny\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppHostSvc [Auto | Running]) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc [Auto | Running]) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CLHNService [Auto | Running]) -- C:\Program Files\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (gupdate1ca5b7dd56aebca [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ [On_Demand | Running]) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (sdAuxService [Auto | Running]) -- C:\Program Files\PC Tools Internet Security\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [Auto | Running]) -- C:\Program Files\PC Tools Internet Security\pctsSvc.exe (PC Tools)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (SQLBrowser [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (ThreatFire [On_Demand | Running]) -- C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe (PC Tools)
SRV - (W3SVC [Auto | Running]) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (WAS [On_Demand | Running]) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (wlidsvc [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 99 F0 33 00 4A D7 93 46 91 8B 6B 01 AF 69 4D C5 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {8B72860F-C5F8-4286-865E-D2C2DB98A9E6}:0.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.14.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.6
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {e36db930-f18d-4449-b45f-e286cfb9e03a}:3.1.09060400
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/07/23 10:41:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/22 14:26:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 21:00:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/06 21:02:24 | 00,000,000 | ---D | M]

[2009/06/02 17:08:24 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions
[2009/01/30 22:24:55 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/02 17:08:24 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/11/06 21:09:35 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions
[2009/10/22 21:21:04 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/10 19:50:27 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/08/13 17:48:30 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}
[2009/11/05 16:53:56 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/06 21:02:07 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/08/13 17:48:42 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2009/11/05 16:53:54 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/03 16:27:31 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\[email protected]
[2009/11/05 16:53:48 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\[email protected]
[2009/11/03 16:27:31 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\[email protected]
[2009/11/03 16:27:30 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\[email protected]\chrome
[2009/11/03 16:27:30 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\[email protected]\defaults
[2009/02/01 17:26:14 | 00,000,417 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\FireFox\Profiles\s7dorkb6.default\searchplugins\kim-doan.xml
[2009/06/13 10:24:30 | 00,000,585 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\FireFox\Profiles\s7dorkb6.default\searchplugins\scour---search-socially.xml
[2009/08/13 17:47:30 | 00,000,705 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\FireFox\Profiles\s7dorkb6.default\searchplugins\webster.xml
[2009/10/30 18:08:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/11/06 21:00:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/01 17:45:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/02 17:06:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/10/30 18:08:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/06 21:00:32 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/11/06 21:00:32 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/14 08:55:22 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/01/16 19:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/02/12 06:16:16 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/10/30 18:07:58 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/14 08:54:50 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/27 13:18:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/11/06 21:00:34 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/27 14:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/10/03 16:13:10 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/10/17 13:33:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/17 13:33:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/17 13:33:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/05/30 12:57:06 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2009/07/02 11:19:28 | 00,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2009/09/23 16:37:30 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/05/14 08:55:22 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/25 05:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/25 05:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/25 05:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/25 05:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/25 05:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/25 05:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/25 05:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (56 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe (Kmaestro)
O4 - HKLM..\Run: [BtcMouseMaestro] C:\Program Files\MMaestro\KMaestro.exe (Kmaestro)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Internet Security\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LiveZilla] C:\Program Files\LiveZilla\LiveZilla.exe (SPAUN Power GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/18 22:49:05 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\Shell\AutoRun\command - "" = J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
O33 - MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\Shell\open\command - "" = J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/06 21:02:20 | 00,000,000 | ---D | C] -- C:\ProgramData\NOS
[2009/11/02 16:33:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Zylom
[2009/10/30 20:01:32 | 00,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\Grubby Games
[2009/11/02 22:55:35 | 00,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\temp
[1 C:\Users\Jenny\Documents\*.tmp files]
[2009/10/31 11:29:40 | 00,000,000 | ---D | C] -- C:\Program Files\Graboid
[2009/11/06 20:26:25 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/11/06 20:22:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/06 20:25:00 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009/10/30 19:49:06 | 00,000,000 | ---D | C] -- C:\Program Files\My Tribe
[2009/10/30 19:57:15 | 00,000,000 | ---D | C] -- C:\Program Files\Yuri Software HEdit
[2009/11/02 16:33:11 | 00,000,000 | ---D | C] -- C:\Program Files\Zylom Games
[2009/11/06 20:47:27 | 00,000,000 | R-SD | C] -- C:\Users\Jenny\Documents\My Stationery
[2009/11/02 22:55:36 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/11/02 22:36:48 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/10/29 00:14:15 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/10/29 00:14:15 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/10/29 00:14:15 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/10/28 22:34:55 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/10/28 18:52:36 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\My WangWang
[2009/10/25 00:31:46 | 00,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU
[2009/10/24 20:29:01 | 03,309,072 | ---- | C] (Piriform Ltd) -- C:\Users\Jenny\Documents\ccsetup224.exe

========== Files - Modified Within 14 Days ==========

[1 C:\Users\Jenny\Documents\*.tmp files]
[2009/11/06 21:07:51 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/06 21:07:51 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/06 21:07:49 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/06 21:07:46 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/06 21:07:42 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/06 21:07:39 | 32,110,59200 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/06 21:06:49 | 04,930,543 | -H-- | M] () -- C:\Users\Jenny\AppData\Local\IconCache.db
[2009/11/06 20:55:47 | 00,024,640 | ---- | M] () -- C:\Users\Jenny\Documents\SC History Notes - Jenny.docx
[2009/11/06 20:50:04 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/06 18:25:22 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E94DFA29-8D31-482E-91E1-781862F24D2A}.job
[2009/11/03 21:01:42 | 00,840,452 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/03 21:01:42 | 00,707,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/03 21:01:42 | 00,143,380 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/03 00:28:57 | 00,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/11/03 00:08:08 | 04,052,363 | ---- | M] () -- C:\Users\Jenny\Documents\nero_9_Keygen.rar.html
[2009/11/02 22:52:48 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/11/02 22:32:53 | 03,533,547 | R--- | M] () -- C:\Users\Jenny\Desktop\ComboFix.exe
[2009/11/02 19:20:25 | 00,022,340 | ---- | M] () -- C:\Users\Jenny\Documents\logo.jpg
[2009/11/02 17:07:15 | 00,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2009/11/02 16:46:22 | 00,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2009/11/02 16:00:23 | 18,562,780 | ---- | M] () -- C:\Users\Jenny\Documents\Supergirl- Superjunior.mp4
[2009/11/01 22:38:23 | 00,006,413 | ---- | M] () -- C:\Users\Jenny\Documents\new year fest.jpg
[2009/10/31 14:25:00 | 12,345,648 | ---- | M] () -- C:\Users\Jenny\Documents\Clearance Catalogue.pdf
[2009/10/31 11:28:24 | 13,037,200 | ---- | M] () -- C:\Users\Jenny\Documents\GraboidVideoSetup.exe
[2009/10/29 15:50:28 | 02,306,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/29 00:08:55 | 00,014,038 | ---- | M] () -- C:\Users\Jenny\Documents\Hair Extension Suppliers.docx
[2009/10/28 21:21:44 | 00,036,647 | ---- | M] () -- C:\Users\Jenny\Documents\Hi hammerman.docx
[2009/10/28 21:16:13 | 00,000,530 | ---- | M] () -- C:\Users\Jenny\Desktop\OTL.exe - Shortcut.lnk
[2009/10/26 23:07:13 | 00,000,949 | ---- | M] () -- C:\Users\Jenny\Desktop\Windows Media Player (2).lnk
[2009/10/26 16:33:48 | 00,012,198 | ---- | M] () -- C:\Users\Jenny\Documents\Lockerz ad.docx
[2009/10/26 00:35:47 | 01,569,462 | ---- | M] () -- C:\Users\Jenny\Documents\Malouf_Mothers_Day07.pdf
[2009/10/25 21:46:19 | 00,001,252 | ---- | M] () -- C:\Users\Jenny\Desktop\gmer.exe - Shortcut.lnk
[2009/10/25 19:59:04 | 00,001,673 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/10/25 16:47:34 | 00,004,172 | ---- | M] () -- C:\Users\Jenny\Documents\kaspersky report.html
[2009/10/25 16:31:00 | 00,036,320 | ---- | M] () -- C:\Users\Jenny\Documents\Properties of Shapes.docx
[2009/10/25 12:54:34 | 00,026,989 | ---- | M] () -- C:\Users\Jenny\Documents\0789215 RMA.PDF
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\Windows\MBR.exe
[2009/10/24 20:41:16 | 00,001,675 | ---- | M] () -- C:\Users\Jenny\Desktop\CCleaner.lnk
[2009/10/24 20:40:18 | 03,309,072 | ---- | M] (Piriform Ltd) -- C:\Users\Jenny\Documents\ccsetup224.exe
[2009/10/24 10:58:17 | 00,000,876 | ---- | M] () -- C:\Windows\$_hpcst$.hpc
[2009/10/24 10:35:20 | 00,045,043 | ---- | M] () -- C:\Users\Jenny\Documents\chanel-voucher00.pdf

========== Files - No Company Name ==========
[2009/11/06 20:16:37 | 00,024,640 | ---- | C] () -- C:\Users\Jenny\Documents\SC History Notes - Jenny.docx
[2009/11/03 00:07:52 | 04,052,363 | ---- | C] () -- C:\Users\Jenny\Documents\nero_9_Keygen.rar.html
[2009/11/02 22:36:49 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/02 22:32:47 | 03,533,547 | R--- | C] () -- C:\Users\Jenny\Desktop\ComboFix.exe
[2009/11/02 16:40:33 | 00,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/02 16:40:32 | 00,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/02 16:32:46 | 00,001,976 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2009/11/02 15:57:49 | 18,562,780 | ---- | C] () -- C:\Users\Jenny\Documents\Supergirl- Superjunior.mp4
[2009/11/01 22:34:08 | 00,006,413 | ---- | C] () -- C:\Users\Jenny\Documents\new year fest.jpg
[2009/10/31 14:25:00 | 12,345,648 | ---- | C] () -- C:\Users\Jenny\Documents\Clearance Catalogue.pdf
[2009/10/31 11:25:48 | 13,037,200 | ---- | C] () -- C:\Users\Jenny\Documents\GraboidVideoSetup.exe
[2009/10/31 11:00:16 | 00,022,340 | ---- | C] () -- C:\Users\Jenny\Documents\logo.jpg
[2009/10/28 23:34:16 | 00,014,038 | ---- | C] () -- C:\Users\Jenny\Documents\Hair Extension Suppliers.docx
[2009/10/28 21:21:43 | 00,036,647 | ---- | C] () -- C:\Users\Jenny\Documents\Hi hammerman.docx
[2009/10/28 21:16:13 | 00,000,530 | ---- | C] () -- C:\Users\Jenny\Desktop\OTL.exe - Shortcut.lnk
[2009/10/26 23:07:13 | 00,000,949 | ---- | C] () -- C:\Users\Jenny\Desktop\Windows Media Player (2).lnk
[2009/10/26 15:47:54 | 00,012,198 | ---- | C] () -- C:\Users\Jenny\Documents\Lockerz ad.docx
[2009/10/26 00:28:15 | 01,569,462 | ---- | C] () -- C:\Users\Jenny\Documents\Malouf_Mothers_Day07.pdf
[2009/10/25 21:41:19 | 00,001,252 | ---- | C] () -- C:\Users\Jenny\Desktop\gmer.exe - Shortcut.lnk
[2009/10/25 16:47:34 | 00,004,172 | ---- | C] () -- C:\Users\Jenny\Documents\kaspersky report.html
[2009/10/25 16:27:29 | 00,036,320 | ---- | C] () -- C:\Users\Jenny\Documents\Properties of Shapes.docx
[2009/10/25 12:54:22 | 00,026,989 | ---- | C] () -- C:\Users\Jenny\Documents\0789215 RMA.PDF
[2009/10/24 10:58:17 | 00,000,876 | ---- | C] () -- C:\Windows\$_hpcst$.hpc
[2009/10/24 10:36:22 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/10/24 10:36:20 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/10/24 10:36:14 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/10/24 10:36:13 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/24 10:36:13 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/24 10:36:11 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/10/24 10:36:11 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/10/24 10:36:08 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/10/24 10:36:00 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/10/24 10:35:59 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/10/24 10:35:36 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/10/24 10:35:32 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/10/24 10:35:20 | 00,045,043 | ---- | C] () -- C:\Users\Jenny\Documents\chanel-voucher00.pdf
[2009/09/18 19:50:55 | 00,000,680 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat
[2009/07/30 09:39:35 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/07/30 09:26:18 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/07/14 01:51:38 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/02 14:12:32 | 00,000,600 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\winscp.rnd
[2009/07/01 19:54:30 | 00,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2009/05/23 14:53:24 | 00,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2009/04/07 19:55:22 | 00,099,864 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2009/04/06 23:21:11 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/25 11:24:39 | 00,025,600 | ---- | C] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/05 19:36:04 | 00,000,213 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/02/05 19:36:04 | 00,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/02/05 19:22:54 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/02/05 19:22:53 | 00,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/01/30 22:06:32 | 00,024,206 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\UserTile.png
[2009/01/30 22:00:57 | 04,930,543 | -H-- | C] () -- C:\Users\Jenny\AppData\Local\IconCache.db
[2009/01/30 21:12:38 | 00,101,528 | ---- | C] () -- C:\Users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/12/27 18:27:18 | 00,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/12/27 18:27:18 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1277.dll
[2006/11/07 10:57:56 | 00,049,152 | ---- | C] () -- C:\Windows\System32\RunSetup.dll
[2006/11/02 23:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 23:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 21:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 21:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 18:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/09/02 02:49:17 | 03,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== LOP Check ==========

[2009/10/27 23:18:17 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming
[2009/09/21 23:04:35 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\.purple
[2009/09/07 19:05:59 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ahead
[2009/04/08 16:47:31 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\BitZipper
[2009/02/08 22:51:48 | 00,000,000 | R--D | M] -- C:\Users\Jenny\AppData\Roaming\Brother
[2009/10/13 05:08:05 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Canon
[2009/11/06 21:10:29 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DMCache
[2009/10/26 19:18:38 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\FileZilla
[2009/10/28 20:40:23 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\gtk-2.0
[2009/11/06 21:10:34 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\IDM
[2009/07/06 00:50:08 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\iSerial Reader
[2009/11/06 21:10:51 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\LimeWire
[2006/11/02 23:37:34 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Media Center Programs
[2009/06/07 23:47:07 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Opera
[2009/01/30 22:46:16 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PCToolsFirewallPlus
[2009/01/30 22:46:07 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PCToolsSpamMonitorPlus
[2009/08/27 16:58:06 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PlayFirst
[2009/08/05 21:03:53 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Samsung
[2009/06/02 18:16:06 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SmartFTP
[2009/10/21 23:08:37 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ubisoft
[2009/08/27 17:56:07 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\UClick
[2009/08/23 01:08:15 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\uTorrent
[2009/11/06 21:07:49 | 00,000,882 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/11/06 20:50:04 | 00,000,886 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/11/06 21:07:46 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/06 21:06:52 | 00,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/11/06 18:25:22 | 00,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E94DFA29-8D31-482E-91E1-781862F24D2A}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:2785F3BB
< End of report >

Thanks heaps

#38
hammerman

Posted 06 November 2009 - 01:05 PM

Member 4k

Member
4,183 posts

Are you still getting redirected?

#39
applestarz

Posted 07 November 2009 - 05:58 PM

Member

Topic Starter
Member
21 posts

Nope! Thanks a lot for all your help

#40
hammerman

Posted 08 November 2009 - 02:00 AM

Member 4k

Member
4,183 posts

Hello,

That's good news. Little bit more work to do though before we tidy up.

You appear to be using a flash drive (comes up as drive J:) that has a bad file on it. Can you please plug it in, check you can see drive J: on My Computer and then run this fix.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O33 - MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\Shell\AutoRun\command - "" = J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
O33 - MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\Shell\open\command - "" = J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
This fix will produce a report. Please add this to your reply.

#41
applestarz

Posted 10 November 2009 - 02:01 AM

Member

Topic Starter
Member
21 posts

hi hammerman

heres the log:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afc5770a-78df-11de-954c-001d92941cf3}\ not found.
J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afc5770a-78df-11de-954c-001d92941cf3}\ not found.
File J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jenny
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET60B4.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET7507.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET7555.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET76AD.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET772A.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 890749 bytes
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QU5TNICR\openhand_8_8[1].bmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODKS3ZX1\en[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 2165003 bytes
->Java cache emptied: 13689500 bytes
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 89600757 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 12801984 bytes

Total Files Cleaned = 113.63 mb

OTL by OldTimer - Version 3.0.21.0 log created on 11102009_183649

Files\Folders moved on Reboot...
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET60B4.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET7507.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET7555.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET76AD.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET772A.tmp not found!
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QU5TNICR\openhand_8_8[1].bmp moved successfully.
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODKS3ZX1\en[1].htm moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\urlclassifier3.sqlite moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

thanks

#42
applestarz

Posted 10 November 2009 - 02:03 AM

Member

Topic Starter
Member
21 posts

#43
applestarz

Posted 10 November 2009 - 02:05 AM

Member

Topic Starter
Member
21 posts

#44
hammerman

Posted 10 November 2009 - 01:01 PM

Member 4k

Member
4,183 posts

Congratulations, your computer appears clean

Let's remove the tools we've been using.

Please follow these steps.

-- Step 1 --

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

-- Step 2 --

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

Click Start
Select Control Panel
Click on Automatic (recommended)
Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
Click Apply then OK.

Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

Click Start
Select Control Panel
Select Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

Adobe Updates

Your Adobe reader needs updating. You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.