Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus- findgala [Solved]

Started by terencemag , May 27 2010 10:20 AM

  • This topic is locked This topic is locked

#16
terencemag
Posted 29 May 2010 - 09:56 AM

terencemag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
When ComboFix finished, a report named "log"(txt file) automatically pop up. I opened C:\ComboFix.txt and found out that they are the same =)
  • 0

Advertisements

#17
terencemag
Posted 29 May 2010 - 09:57 AM

terencemag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
When ComboFix finished, a report named "log"(txt file) automatically pop up. I opened C:\ComboFix.txt and found out that they are the same =)
  • 0

#18
SweetTech
Posted 29 May 2010 - 10:00 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Did you see my instructions in this post: http://www.geekstogo...14#entry1839914
  • 0

#19
terencemag
Posted 29 May 2010 - 10:02 AM

terencemag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
???? 5.5.2
??????? 2.0
?????????
ÃÀͼÐãÐã 2.1.7 °²È«°æ
Acrobat.com
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.3
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Audio FX Engine
AHV content for Acrobat and Flash
Apple Application Support
Apple Software Update
AVG Free 9.0
Banner Generator 2.0
Battery Meter
Camtasia Studio 6
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Dell DataSafe Online
Dell Dock
Dell Support Center (Support Software)
Dell Webcam Central
Dell Wireless WLAN Card Utility
Download Updater (AOL LLC)
EMSC
FileZilla Client 3.3.0.1
FlashGet 1.9.6.1073
Funshion
Google Earth
Google Update Helper
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IDT Audio
Image Resizer Powertoy Clone for Windows
Integrated Webcam Driver (1.05.01.0820)
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Intel® Matrix Storage Manager
Java™ 6 Update 17
Lame ACM MP3 Codec
Live! Cam Avatar Creator
Macromedia Extension Manager
Malwarebytes' Anti-Malware
MassArticleCreator
Maxis Broadband
Megaporn Video Downloader 3.21
Micro Niche Finder
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Choice Guard
Microsoft Office Suite Activation Assistant
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Application Compatibility Database
Mozilla Firefox (3.6.3)
MSVCRT
O2Micro Flash Memory Card Windows Driver
ODD Eject
Opera 10.00
PDF Settings
QQ2008II Beta1
QuickTime
Real Alternative 2.0.1
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
RealUpgrade 1.0
Steam
Synaptics Pointing Device Driver
The KMPlayer (remove only)
Traffic Travis 3.2.1
UltraISO Premium V8.63
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WampServer 2.0
WebEx
WIDCOMM Bluetooth Software 6.2.0.6600
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinZip 14.5
Wireless Select Switch
Xtranormal State
Xtranormal State - Voicepack-English-UK-Daniel
Xtranormal State - Voicepack-English-UK-Serena
Xtranormal State - Voicepack-English-US-Samantha
Xtranormal State - Voicepack-English-US-Tom
XviD MPEG-4 Video Codec
  • 0

#20
SweetTech
Posted 29 May 2010 - 10:11 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Driver::
9iQ79cE79kU7m3
File::
c:\windows\system32\drivers\555e555555.sys

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /180

  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.



NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the ComboFix scan.
3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
4. The log that was produced after running the ESET Online Virus Scanner.
5. The log that was produced after running the OTL scan.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Cheers,
SweetTech.
  • 0

#21
terencemag
Posted 29 May 2010 - 10:49 AM

terencemag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
1. My laptop had the AVG antivirus disabled when it restarted after ComboFix scan. Shall I enable it and the Windows Firewall now?
  • 0

#22
SweetTech
Posted 29 May 2010 - 10:50 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
No.
  • 0

#23
terencemag
Posted 29 May 2010 - 10:50 AM

terencemag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
2. The following is the result of ComboFix scan. (not including this sentence)

ComboFix 10-05-28.08 - terencemagpie 30/05/2010 0:29.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.60.1033.18.2008.893 [GMT 8:00]
Running from: c:\users\terencemagpie\Desktop\ComboFix.exe
Command switches used :: c:\users\terencemagpie\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\555e555555.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_9iQ79cE79kU7m3


((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))))
.

2010-05-29 16:34 . 2010-05-29 16:35 -------- d-----w- c:\users\terencemagpie\AppData\Local\temp
2010-05-29 16:34 . 2010-05-29 16:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-29 15:02 . 2010-05-29 15:02 -------- d-----w- C:\_OTL
2010-05-27 12:01 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-26 06:02 . 2010-05-26 06:02 733184 ----a-w- c:\programdata\WebEx\WebEx\926\atastrm.dll
2010-05-26 06:01 . 2010-05-26 06:01 630784 ----a-w- c:\programdata\WebEx\WebEx\926\mutiltpd.dll
2010-05-26 06:01 . 2010-05-26 06:01 77824 ----a-w- c:\programdata\WebEx\WebEx\926\mticket.dll
2010-05-26 06:00 . 2010-05-26 06:00 237568 ----a-w- c:\programdata\WebEx\WebEx\926\strsess.dll
2010-05-26 06:00 . 2010-05-26 06:09 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\webex
2010-05-26 06:00 . 2010-05-26 06:00 81408 ----a-w- c:\programdata\WebEx\WebEx\926\atjpeg60.dll
2010-05-26 06:00 . 2010-05-26 06:00 65536 ----a-w- c:\programdata\WebEx\WebEx\926\atnetext.dll
2010-05-26 06:00 . 2010-05-26 06:00 45056 ----a-w- c:\programdata\WebEx\WebEx\926\atdocvu.dll
2010-05-26 06:00 . 2010-05-26 06:00 5702 ----a-w- c:\programdata\WebEx\WebEx\926\atkbctl.dll
2010-05-26 06:00 . 2010-05-26 06:00 30080 ----a-w- c:\programdata\WebEx\WebEx\926\atasanot.exe
2010-05-26 06:00 . 2010-05-26 06:00 24576 ----a-w- c:\programdata\WebEx\WebEx\926\atmemmgr.dll
2010-05-26 06:00 . 2010-05-26 06:00 49152 ----a-w- c:\programdata\WebEx\WebEx\926\wbxtrace.dll
2010-05-26 06:00 . 2010-05-26 06:00 45121 ----a-w- c:\programdata\WebEx\WebEx\926\raurl.dll
2010-05-26 06:00 . 2010-05-26 06:00 163840 ----a-w- c:\programdata\WebEx\WebEx\926\uilibres.dll
2010-05-26 05:58 . 2010-05-26 05:58 150087 ----a-w- c:\programdata\WebEx\WebEx\926\atdl2006.dll
2010-05-26 05:58 . 2010-05-26 05:58 401462 ----a-w- c:\programdata\WebEx\WebEx\926\msvcp60.dll
2010-05-26 05:58 . 2010-05-26 05:58 2084864 ----a-w- c:\programdata\WebEx\WebEx\926\atpdmod.dll
2010-05-26 05:58 . 2010-05-26 05:58 286720 ----a-w- c:\programdata\WebEx\WebEx\926\attp.dll
2010-05-26 05:58 . 2010-05-26 05:58 311296 ----a-w- c:\programdata\WebEx\WebEx\926\atlchat.dll
2010-05-26 05:57 . 2010-05-26 05:57 402744 ----a-w- c:\programdata\WebEx\atcliun.exe
2010-05-26 05:57 . 2010-05-26 05:57 380928 ----a-w- c:\programdata\WebEx\WebEx\926\atarm.dll
2010-05-26 05:57 . 2010-05-26 05:57 376832 ----a-w- c:\programdata\WebEx\WebEx\926\atpollk2.dll
2010-05-26 05:56 . 2010-05-26 05:56 396160 ----a-w- c:\programdata\WebEx\WebEx\926\atasctrl.dll
2010-05-26 05:55 . 2010-05-26 05:56 3563520 ----a-w- c:\programdata\WebEx\WebEx\926\pfwres.dll
2010-05-26 05:55 . 2010-05-26 05:55 458752 ----a-w- c:\programdata\WebEx\WebEx\926\atwbxui7.dll
2010-05-26 05:54 . 2010-05-26 05:54 3043328 ----a-w- c:\programdata\WebEx\WebEx\926\atres.dll
2010-05-26 05:54 . 2010-05-26 05:54 548864 ----a-w- c:\programdata\WebEx\WebEx\926\mmssl32.dll
2010-05-26 05:51 . 2010-05-26 05:51 79160 ----a-w- c:\programdata\WebEx\WebEx\926\atinst.exe
2010-05-26 05:51 . 2010-05-26 05:51 62848 ----a-w- c:\programdata\WebEx\WebEx\926\ateccli.dll
2010-05-26 05:51 . 2010-05-26 05:51 254005 ----a-w- c:\programdata\WebEx\WebEx\926\msvcrt.dll
2010-05-26 05:51 . 2010-05-26 05:51 83256 ----a-w- c:\programdata\WebEx\WebEx\926\atmgr.exe
2010-05-26 05:51 . 2010-05-26 05:51 101760 ----a-w- c:\programdata\WebEx\ieatgpc.dll
2010-05-26 05:50 . 2010-05-26 05:50 239488 ----a-w- c:\programdata\WebEx\WebEx\926\atgpcext.dll
2010-05-26 05:49 . 2010-05-26 05:49 28472 ----a-w- c:\programdata\WebEx\WebEx\926\atgpcdec.dll
2010-05-26 05:49 . 2010-05-26 05:57 -------- d-----w- c:\programdata\WebEx
2010-05-25 09:27 . 2010-05-25 09:27 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-25 09:27 . 2010-05-25 09:27 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-25 09:27 . 2010-05-25 09:27 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-25 09:27 . 2010-05-25 09:27 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-25 09:27 . 2010-05-25 09:27 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-05-25 09:27 . 2010-05-25 09:27 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-25 09:27 . 2010-05-25 09:27 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-25 09:27 . 2010-05-25 09:27 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-25 09:27 . 2010-05-25 09:27 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-25 09:26 . 2010-05-25 09:26 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-25 09:25 . 2010-05-25 09:26 -------- d-----w- c:\program files\Common Files\Real
2010-05-25 09:25 . 2010-05-25 09:26 -------- d-----w- c:\program files\Real
2010-05-23 16:29 . 2010-05-25 09:13 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-23 16:29 . 2010-05-23 16:22 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-23 16:28 . 2010-05-24 05:29 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\DivX
2010-05-23 16:28 . 2010-05-25 09:12 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-05-23 16:24 . 2010-05-25 09:12 -------- d-----w- c:\program files\DivX
2010-05-23 16:23 . 2010-05-25 09:13 -------- d-----w- c:\programdata\DivX
2010-05-19 12:03 . 2010-05-19 12:03 -------- d-----w- c:\program files\DownloadToolz
2010-05-17 08:23 . 2010-05-17 08:23 -------- d-----w- c:\program files\MSECache
2010-05-13 08:41 . 2010-05-13 08:41 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\Malwarebytes
2010-05-13 08:40 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 08:40 . 2010-05-13 08:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 08:40 . 2010-05-13 08:40 -------- d-----w- c:\programdata\Malwarebytes
2010-05-13 08:40 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-12 17:35 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-12 17:35 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-12 17:35 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-05-12 17:31 . 2010-02-18 17:36 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-12 17:30 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-05-12 17:30 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-05-12 17:26 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-05-12 17:24 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-05-12 17:24 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-05-12 17:24 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-05-12 17:24 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-05-12 17:24 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-05-12 17:24 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-05-12 17:24 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-05-12 17:24 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-05-12 17:24 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-05-12 17:24 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-05-12 17:24 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-05-12 17:24 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-05-12 09:45 . 2007-03-20 06:49 2781184 ----a-w- c:\users\terencemagpie\AppData\Roaming\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll
2010-05-05 18:34 . 2010-05-05 18:35 -------- d-----w- c:\users\terencemagpie\funshion
2010-05-05 18:34 . 2010-05-05 18:34 -------- d-----w- c:\program files\Funshion Online
2010-05-03 01:36 . 2010-05-03 01:36 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\Octoshape
2010-05-02 17:34 . 2010-05-02 17:34 -------- d-sh--w- c:\windows\ftpcache
2010-04-30 22:05 . 2010-04-30 22:05 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\Acapela Group
2010-04-30 22:05 . 2010-04-30 22:05 -------- d-----w- c:\users\terencemagpie\AppData\Local\Xtranormal
2010-04-30 22:02 . 2010-04-30 22:02 -------- d-----w- c:\program files\Xtranormal
2010-04-30 22:02 . 2010-04-30 22:05 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\Xtranormal
2010-04-30 14:40 . 2010-04-30 14:40 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\ScrapeBox Link Checker Free Edition

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 16:34 . 2009-09-17 01:20 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-29 05:56 . 2010-04-07 20:06 -------- d-----w- c:\program files\Keyword Elite 2.0
2010-05-27 09:50 . 2010-03-24 17:17 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\uTorrent
2010-05-25 09:26 . 2009-11-24 07:49 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-24 22:26 . 2009-12-02 08:46 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\FileZilla
2010-05-22 10:01 . 2009-09-24 12:37 57216 ----a-w- c:\users\terencemagpie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-20 13:51 . 2009-09-24 14:19 -------- d-----w- c:\program files\Google
2010-05-13 01:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-02 18:13 . 2009-07-20 10:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-30 14:29 . 2009-12-16 12:35 -------- d-----w- c:\program files\FlashGet
2010-04-28 15:46 . 2009-12-03 06:29 -------- d-----w- c:\program files\Maxis Broadband
2010-04-27 15:14 . 2010-04-02 13:13 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\WinFF
2010-04-27 12:03 . 2010-04-27 12:03 0 ----a-w- c:\windows\nsreg.dat
2010-04-27 11:58 . 2010-04-13 02:45 -------- d-----w- c:\programdata\Skype
2010-04-27 05:32 . 2010-04-27 05:32 105212 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-25 14:44 . 2010-04-25 14:38 -------- d-----w- c:\program files\Instant Article Wizard 2.0
2010-04-23 11:38 . 2010-04-13 02:46 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\Skype
2010-04-23 11:36 . 2010-04-13 02:47 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\skypePM
2010-04-22 05:02 . 2010-03-21 16:54 -------- d-----w- c:\program files\Common Files\AOL
2010-04-21 00:11 . 2009-10-28 15:10 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-14 14:13 . 2010-04-14 14:11 -------- d-----w- c:\programdata\WinZip
2010-04-13 02:47 . 2010-04-13 02:47 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-07 20:11 . 2010-04-07 20:09 -------- d-----w- c:\programdata\Keyword Elite 2.0
2010-04-07 19:40 . 2010-04-07 19:40 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2010-04-05 21:35 . 2010-04-05 21:35 -------- d-----w- c:\program files\Traffic Travis v3
2010-04-05 21:35 . 2010-04-05 21:35 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\Affilorama
2010-04-04 10:54 . 2010-04-04 10:54 -------- d-----w- c:\programdata\Micro Niche Finder
2010-04-04 10:04 . 2010-04-04 10:04 -------- d-----w- c:\program files\Micro Niche Finder
2010-04-03 08:02 . 2010-04-03 08:02 -------- d-----w- c:\program files\Playinator
2010-03-27 14:03 . 2010-03-27 14:03 65024 ----a-w- c:\windows\IFinst26.exe
2010-03-17 00:29 . 2010-03-17 00:29 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 00:29 . 2009-10-28 15:10 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 00:28 . 2009-10-28 15:10 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-09 16:28 . 2010-05-12 17:33 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-05-12 17:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-05-12 17:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-06 20:04 . 2010-03-06 20:03 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-03-06 02:34 . 2010-03-06 02:34 20 ----a-w- c:\windows\system32\pub_store.dat
2010-03-04 18:54 . 2010-05-12 17:31 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 12:02 . 2010-03-01 12:02 29926 ----a-r- c:\users\terencemagpie\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe
2010-03-01 12:02 . 2010-03-01 12:02 29422 ----a-r- c:\users\terencemagpie\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe
2009-07-20 10:43 . 2009-07-20 10:43 75 --sha-r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-04-27 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-19 1451304]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-05-12 450652]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-16 3810304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-07 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-13 153624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"WLSS"="c:\program files\Wireless Select Switch\WLSS.exe" [2009-04-15 550184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-25 202256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-07-20 10:35 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^?????????.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\?????????.lnk
backup=c:\windows\pss\?????????.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^terencemagpie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ÌÚѶQQ.lnk]
path=c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÌÚѶQQ.lnk
backup=c:\windows\pss\ÌÚѶQQ.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 17:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2009-03-03 21:01 405639 ----a-w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Pinyin 2 Autoupdater]
2009-09-28 16:28 1009648 ----a-w- c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 10:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-13 14:39 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-839650790-1182488598-3075496029-1000]
"EnableNotificationsRef"=dword:00000002

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-24 133104]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-25 29736]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2007-10-25 17192]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-17 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-21 242896]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a1ffb3e6\aestsrv.exe [2009-05-12 81920]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-17 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-17 308064]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-03-12 143840]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-05 112640]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdg.sys [2009-05-23 58016]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdg.sys [2009-05-08 41504]
S3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\DRIVERS\OA012Ufd.sys [2009-03-05 133632]
S3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\DRIVERS\OA012Vid.sys [2009-07-07 272256]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-24 14:19]

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-24 14:19]

2010-05-29 c:\windows\Tasks\User_Feed_Synchronization-{50924E06-01AF-492E-9855-FFE4755D3521}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
FF - ProfilePath - c:\users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
FF - plugin: c:\program files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(119).dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-30 00:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839650790-1182488598-3075496029-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*C*O*M*@*‡V0R{\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4812)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a1ffb3e6\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Kingsoft\PowerWord Lite\XDict.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-05-30 00:42:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-29 16:42
ComboFix2.txt 2010-05-29 15:34

Pre-Run: 24,842,510,336 bytes free
Post-Run: 24,503,091,200 bytes free

- - End Of File - - 4A64830617FC9F249E078B757DE2B338
  • 0

#24
SweetTech
Posted 29 May 2010 - 10:58 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
:)
  • 0

#25
terencemag
Posted 29 May 2010 - 11:00 AM

terencemag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4154

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

30/5/2010 1:00:32 AM
mbam-log-2010-05-30 (01-00-32).txt

Scan type: Quick scan
Objects scanned: 125956
Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 18
Files Infected: 222

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funshion (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Funshion Task (Adware.Funshion) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Funshion Online (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\XPSP2Patch (Adware.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\Baiduflash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\Baiduflash\subflash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\cacheflash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\control (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\historyTorrent (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\Seed (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\update (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\update\FunshionInstall2.1.0.27Beta (Adware.Funshion) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\terencemagpie\downloads\FunshionInstall2.1.0.26Beta.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\cook.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\CrashReport.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\dbghelp.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\drvc.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\Encrypt.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\Funshion-install.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\Funshion.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\FunshionGame.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\FunshionHelp.url (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\FunshionImg.jpg (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\funshionplugin2.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\FunshionService.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\GetMACAddress.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\LangResEnAmerican.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\pncrt.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\pndx5016.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\pndx5032.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\quality.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\rmoc3260.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\RouterSetting.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\Uninstall.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\UpdateHistory.url (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\upnp.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\Buffering.gif (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionMaxBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionMenuBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionMenuBtnEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionMinBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionNormalBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionText.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionTextEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\DiskWarnning.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\DragCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarBack.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarBackEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarForward.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarForwardEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarHomePage.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarHomePageEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarRefresh.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarRefreshEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ListHeaderBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ListHeaderSplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\MainNcFrameBtm.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\MainNcFrameLeft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\MainNcFrameRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\MainNcFrameTop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\MainNcLeftBtmCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\MainNcLeftTopCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\MainNcRightBtmCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\MainNcRightTopCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PauseAdCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarThumb.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayBufferInfoWndBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayBufferInfoWndLeft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayBufferInfoWndRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnFullView.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnMute.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNext.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNormal.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPause.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPlay.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPlayList.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPre.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnSetting.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnStop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnVolume.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarLeftBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarRightBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarSplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerHideBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerHideBtnRgn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerTipCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoBkgndSel.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoBtmBar.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoBtnMenu.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoCurPlay.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoHeaderBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoTitleBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayListAddBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayListRemove.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBefore.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarDownload.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarHead.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarThumb.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarTrail.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\RpcLoading.gif (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\RpcStartDlgBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarDownArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarDownArrowRound.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarUpArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarUpArrowRound.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetHead.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetMid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetTrail.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollLinkBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollLinkFrm.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\SettingDlgIcon.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\SplidBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\SplidBarMark.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\StatusBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\StatusBarLeft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\StatusBarRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\StatusBarSplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarBtnMenu.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarBtnOpenLcl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarBtnShowPlayer.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarTipDownArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\taskdown.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskListRightLine.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskListStatIcons.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskListStatSelIcon.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskManagerCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskManagerCloseTxtBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarItem.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarList.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarLScrollBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarRScrollBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnTitleBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnTitleLeft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnTitleRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\taskpause.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\taskplaying.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\taskstop.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskTabBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarDelete.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarDeleteEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarDownload.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarDownloadEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarRestore.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarRestoreEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarStop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarStopEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\taskupload.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\Thumbs.db (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TipBottomArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TipRightArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TipTopArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\XPSP2Patch\evid4226-vc80-mt.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion Use Help.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Pop Game Corpora.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Uninstall Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Update History.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\flash-1.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\fsdxdiag.txt (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\fstracert.txt (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\install.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\TERENCEMAGPI-PC_info.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\Baiduflash\fxPlayer2.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\cacheflash\blankFs.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\cacheflash\donghua1_16.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\cacheflash\donghua3_18.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flash\FunshionAD20100507.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\00C596A8_BB54_B579_1793_A539898139F3.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\0EA2C7C7_F1C6_58BD_A9EC_3E970B47C8B7.date1274977384.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\2C29DA75_94BF_14B2_9252_AA3B6B6867D1.date1274172458.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\2E35B8BB_1930_169F_0C2B_E6E9966DE0BD.date1274894321.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\2E772096_3FB7_CA75_7064_17A74AA6991A.date1274977384.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\2ECC3F6C_D8DC_825A_D878_EA36365D5197.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\3420C30B_658B_201C_79E8_BD50E0641E6D.date1274363989.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\3470AD19_70BA_1B2A_9C91_76B64156B97E.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\63F5178A_E470_81B2_70F8_39B6B1CE2F2B.date1274172458.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\65B75D61_79BC_FC45_B308_EEF6BF432B0C.date1274873297.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\7C3B465F_80E8_353E_CE96_9C3E84DC9C02.date1274873297.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\850BB9C3_4020_AA42_911A_B8E5F0B9D212.date1274494977.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\891DC1CE_0DE3_644A_178A_6AF9EAF62E66.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\A641F1C6_E5B9_569C_7847_2C8792D352E1.date1274873297.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\ACDF47EB_EFF5_8B9E_185A_FF898451C29D.date1274873297.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\B5C947CF_0D60_551C_FC4C_F7803E182524.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\BB5B886D_C836_08AB_B2E9_9E8367C51ADB.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\C19F20DD_EFB5_2FD9_0F8F_3B0D3F88EB9C.date1274363989.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\E58C490F_0149_AED1_5963_98668F7535FD.date1274633795.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\FA6651A1_E071_9D60_C079_4A626BCF7BF3.date1274873297.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\FC7DF760_C33E_796F_96C5_5752A8007CE9.date1274873297.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\cache\flashNew\FD7128AD_8504_F68C_3D01_53EF49C40E48.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\control\1273084710_5881262_1225955628_891.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\control\1273084710_5881262_1225955628_891.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\control\1274172182_18524595_1273558640_801.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\control\1274172182_18524595_1273558640_801.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\control\1274364320_5372255_1240897431_874.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\control\1274364320_5372255_1240897431_874.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\control\1274714665_6634280_1273037969_17.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\control\1274714665_6634280_1273037969_17.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\control\[email protected] (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\control\[email protected] (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\control\1274802437_FunshionInstall2.1.0.27Beta.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\control\1274802437_FunshionInstall2.1.0.27Beta.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\control\1274894799_2111662_1196323723_304.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\control\1274894799_2111662_1196323723_304.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\historyTorrent\FunshionInstall2.1.0.27Beta.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\Funshion\historyTorrent\??2(100505).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\Funshion\historyTorrent\????.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\Funshion\historyTorrent\????4.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\Funshion\historyTorrent\???.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\Funshion\historyTorrent\???2(20100511???).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\ini\httpfile.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\Seed\5881262_1225955628_891.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\update\AdLinkParamFile.fax (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\update\ad_define.fai (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\update\ad_material.fax (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\update\FunshionInstall2.1.0.27Beta.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\update\localad.fax (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\funshion\update\FunshionInstall2.1.0.27Beta\FunshionInstall2.1.0.27Beta.exe.fc! (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\terencemagpie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
  • 0

Advertisements

#26
terencemag
Posted 29 May 2010 - 11:01 AM

terencemag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Sorry forgot to say the above reply served as Item 3 :)
  • 0

#27
SweetTech
Posted 29 May 2010 - 11:05 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
:)
  • 0

#28
terencemag
Posted 29 May 2010 - 01:41 PM

terencemag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
The following served as Item 4.

C:\Qoobox\Quarantine\C\Users\TERENC~1\FAVORI~1\¾«Æ·ÍøÖ·µ¼º½.url.vir Win32/TrojanClicker.BHO.NBH trojan
C:\Users\terencemagpie\AppData\Roaming\Microsoft\Windows\Start Menu\Æô¶¯ Internet Explorer ä¯ÀÀÆ÷.url Win32/TrojanClicker.BHO.NBH trojan
C:\Users\terencemagpie\Desktop\Internet Explorer.url Win32/TrojanClicker.BHO.NBH trojan
  • 0

#29
terencemag
Posted 29 May 2010 - 01:49 PM

terencemag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
The following served as Item 5:

OTL logfile created on: 30/5/2010 3:42:11 AM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\terencemagpie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 22.56 Gb Free Space | 38.50% Space Free | Partition Type: NTFS
Drive D: | 229.63 Gb Total Space | 209.23 Gb Free Space | 91.12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 9.77 Gb Total Space | 4.53 Gb Free Space | 46.35% Space Free | Partition Type: NTFS

Computer Name: TERENCEMAGPI-PC
Current User Name: terencemagpie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/28 10:36:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\terencemagpie\Desktop\OTL.exe
PRC - [2010/05/25 17:25:56 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/04/21 08:11:42 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/02 13:31:08 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/02 01:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/17 08:29:27 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/17 08:29:21 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 08:28:14 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/17 08:28:14 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/05/12 19:24:00 | 000,450,652 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/05/12 19:20:00 | 000,217,170 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a1ffb3e6\stacsv.exe
PRC - [2009/05/12 19:13:00 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a1ffb3e6\AEstSrv.exe
PRC - [2009/04/28 03:32:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/04/28 03:32:28 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/04/16 06:21:58 | 000,550,184 | ---- | M] (Dell) -- C:\Program Files\Wireless Select Switch\WLSS.exe
PRC - [2009/04/09 16:29:00 | 001,762,032 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2008/12/19 04:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe
PRC - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe
PRC - [2008/11/05 12:47:38 | 000,623,912 | ---- | M] (Dell) -- C:\Program Files\Battery Meter\BTMeter.exe
PRC - [2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/21 10:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007/02/13 07:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe


========== Modules (SafeList) ==========

MOD - [2010/05/28 10:36:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\terencemagpie\Desktop\OTL.exe
MOD - [2008/01/21 10:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/21 10:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/17 08:29:21 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/17 08:28:14 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/03/06 17:26:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/13 22:43:50 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/20 18:35:59 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/05/12 19:20:00 | 000,217,170 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a1ffb3e6\stacsv.exe -- (STacSV)
SRV - [2009/05/12 19:13:00 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a1ffb3e6\AEstSrv.exe -- (AESTFilters)
SRV - [2009/04/28 03:32:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/01/30 15:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- c:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/12/19 04:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/13 07:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)


========== Driver Services (SafeList) ==========

DRV - [2010/04/21 08:11:42 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/17 08:29:27 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/17 08:28:14 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/02 03:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/07 17:03:00 | 000,272,256 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA012Vid.sys -- (OA012Vid)
DRV - [2009/05/23 08:15:54 | 000,058,016 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2009/05/12 19:25:00 | 000,400,896 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/05/08 08:45:40 | 000,041,504 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2009/05/07 16:14:42 | 004,740,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/04/28 03:03:42 | 000,329,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/03/20 07:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/03/13 02:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/03/06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA012Ufd.sys -- (OA012Ufd)
DRV - [2008/12/30 11:57:52 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/12/13 11:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/12/05 08:25:38 | 000,112,640 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/11/17 06:29:14 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/11/17 06:29:08 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/11/12 20:23:42 | 000,084,008 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/11/12 20:23:40 | 000,109,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/11/12 20:23:36 | 000,018,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/07/25 14:41:10 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008/01/21 10:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 10:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 10:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 10:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 10:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 10:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 10:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 10:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 10:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 10:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 10:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 10:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 10:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 10:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 10:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 10:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 10:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 10:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 10:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 10:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 10:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 10:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 10:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 10:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 10:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/26 07:06:04 | 000,017,192 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\EMSC.SYS -- (EMSC)
DRV - [2007/04/13 17:42:16 | 000,068,096 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2006/11/02 17:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 17:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 17:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 17:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 17:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 17:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 17:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 17:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 17:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 17:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 17:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 16:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 16:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 16:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 16:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 16:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 16:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 15:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.3
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.5.9
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:5.7
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4
FF - prefs.js..extensions.enabledItems: {e26ba8db-a646-a44e-997c-2fafeadb50f2}:1.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/22 12:43:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/25 17:26:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/26 13:49:41 | 000,000,000 | ---D | M]

[2010/04/27 20:04:04 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Extensions
[2010/05/26 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions
[2010/04/27 21:47:09 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/04/27 20:12:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 21:47:08 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/04/27 21:47:09 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/28 00:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/04/29 14:13:54 | 000,000,000 | ---D | M] (OnlyWire) -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{e26ba8db-a646-a44e-997c-2fafeadb50f2}
[2010/04/27 21:47:08 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/04/27 21:47:12 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\[email protected]
[2010/04/27 21:47:08 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\[email protected]
[2010/04/28 00:50:34 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\[email protected]
[2010/04/29 01:53:37 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\[email protected]
[2010/05/21 20:24:45 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\[email protected]
[2010/05/26 23:09:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/26 13:49:25 | 000,064,384 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll

O1 HOSTS File: ([2010/05/30 00:35:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (CBBrowerBuddy Class) - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL (Copyright © Kingsoft Corporation Limited. All rights reserved.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exe (Dell)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: ½ðɽ´Ê°Ôä¯ÀÀÆ÷À¸ - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL (Copyright © Kingsoft Corporation Limited. All rights reserved.)
O9 - Extra 'Tools' menuitem : ½ðɽ´Ê°Ôä¯ÀÀÆ÷À¸ - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL (Copyright © Kingsoft Corporation Limited. All rights reserved.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\terencemagpie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\terencemagpie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 10:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/05/30 01:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/30 00:42:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/05/30 00:36:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/30 00:34:09 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Local\temp
[2010/05/30 00:27:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/05/30 00:27:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/29 23:21:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/29 23:21:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/29 23:21:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/29 23:21:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/29 23:21:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/29 23:15:21 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Users\terencemagpie\Desktop\TDSSKiller.exe
[2010/05/29 23:02:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/29 13:59:27 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\Desktop\tem
[2010/05/28 12:46:12 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/28 10:35:59 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\terencemagpie\Desktop\OTL.exe
[2010/05/27 23:21:22 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\Desktop\HostsXpert
[2010/05/27 20:01:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/26 14:06:52 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\Documents\Course Material-Google Analytics & AdWords for Beginners(572610300)
[2010/05/26 14:00:26 | 000,000,000 | -HSD | C] -- C:\Users\terencemagpie\Documents\cache
[2010/05/26 14:00:26 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Roaming\webex
[2010/05/26 13:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2010/05/25 17:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/05/25 17:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/05/25 17:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/05/25 17:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/05/24 00:28:54 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Roaming\DivX
[2010/05/24 00:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/05/24 00:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/05/24 00:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/05/19 20:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadToolz
[2010/05/17 16:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/05/13 16:41:05 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Roaming\Malwarebytes
[2010/05/13 16:40:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/13 16:40:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/13 16:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/13 16:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/13 01:35:11 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/05/13 01:35:06 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/05/13 01:33:06 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/05/13 01:33:04 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/05/13 01:33:04 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/05/13 01:33:04 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/05/13 01:33:03 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/05/13 01:33:03 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/05/13 01:33:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/05/13 01:33:03 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/05/13 01:33:02 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/05/13 01:33:02 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/05/13 01:33:01 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/05/13 01:31:30 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/05/13 01:31:28 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/05/13 01:31:28 | 003,548,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/05/13 01:31:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/05/13 01:31:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/05/13 01:31:14 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/05/13 01:24:22 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/05/13 01:24:20 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/05/13 01:24:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/05/13 01:24:20 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/05/13 01:24:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/05/13 01:24:00 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/05/13 01:24:00 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/05/06 02:34:29 | 000,898,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys.do
[2010/05/05 20:58:19 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Roaming\Real
[2010/05/03 09:36:23 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Roaming\Octoshape
[2010/05/03 01:34:14 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/05/01 06:05:29 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Roaming\Acapela Group
[2010/05/01 06:05:26 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Local\Xtranormal
[2010/05/01 06:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Xtranormal
[2010/05/01 06:02:03 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Roaming\Xtranormal
[2010/04/30 22:40:20 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Roaming\ScrapeBox Link Checker Free Edition

========== Files - Modified Within 30 Days ==========

[2010/05/30 03:42:08 | 003,670,016 | -HS- | M] () -- C:\Users\terencemagpie\ntuser.dat
[2010/05/30 03:07:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/30 03:07:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/30 02:51:03 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/30 01:11:42 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/30 01:11:42 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/30 01:11:42 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/30 01:07:21 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/30 01:07:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/30 01:07:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/30 01:07:01 | 2106,535,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/30 01:06:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/30 01:06:18 | 000,524,288 | -HS- | M] () -- C:\Users\terencemagpie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/30 01:06:18 | 000,065,536 | -HS- | M] () -- C:\Users\terencemagpie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/30 01:06:16 | 001,831,399 | -H-- | M] () -- C:\Users\terencemagpie\AppData\Local\IconCache.db
[2010/05/30 01:05:40 | 002,672,312 | ---- | M] () -- C:\Users\terencemagpie\Desktop\esetsmartinstaller_enu.exe
[2010/05/30 00:35:45 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/30 00:35:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/29 23:18:20 | 003,700,568 | R--- | M] () -- C:\Users\terencemagpie\Desktop\ComboFix.exe
[2010/05/29 23:15:23 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Users\terencemagpie\Desktop\TDSSKiller.exe
[2010/05/29 23:15:09 | 000,966,423 | ---- | M] () -- C:\Users\terencemagpie\Desktop\tdsskiller.zip
[2010/05/29 15:37:06 | 000,002,289 | ---- | M] () -- C:\Users\terencemagpie\Desktop\AppLocale.lnk
[2010/05/29 15:31:52 | 060,486,014 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/29 13:58:05 | 000,001,970 | ---- | M] () -- C:\Users\terencemagpie\funshion.ini
[2010/05/29 12:41:50 | 331,602,710 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/29 10:43:19 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{50924E06-01AF-492E-9855-FFE4755D3521}.job
[2010/05/28 12:20:12 | 018,467,260 | ---- | M] () -- C:\Users\terencemagpie\Desktop\gf.jpg
[2010/05/28 11:04:16 | 000,293,376 | ---- | M] () -- C:\Users\terencemagpie\Desktop\xkstz1d2.exe
[2010/05/28 10:36:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\terencemagpie\Desktop\OTL.exe
[2010/05/27 23:26:35 | 000,000,896 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.msn
[2010/05/27 20:50:55 | 000,000,411 | ---- | M] () -- C:\Users\terencemagpie\Desktop\regfix.reg
[2010/05/27 20:19:39 | 000,026,112 | ---- | M] () -- C:\Users\terencemagpie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/26 23:21:54 | 000,016,896 | ---- | M] () -- C:\Users\terencemagpie\Desktop\DomainStryker.xls
[2010/05/26 15:14:48 | 000,124,614 | ---- | M] () -- C:\Users\terencemagpie\Desktop\connection problem.jpg
[2010/05/26 14:42:00 | 000,192,747 | ---- | M] () -- C:\Users\terencemagpie\Desktop\failed.jpg
[2010/05/25 17:26:56 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/05/25 17:26:45 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/05/25 17:26:45 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/05/25 17:26:00 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010/05/25 17:25:59 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/05/22 18:01:13 | 000,057,216 | ---- | M] () -- C:\Users\terencemagpie\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/22 11:56:02 | 000,057,216 | ---- | M] () -- C:\Users\terencemagpie\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010/05/21 20:15:35 | 000,705,346 | ---- | M] () -- C:\Users\terencemagpie\Documents\Megaporn.com - hot tutor [bleep]ed.flv_
[2010/05/19 20:23:17 | 000,460,346 | ---- | M] () -- C:\Users\terencemagpie\Documents\Megaporn.com - http3A2F2Fsex520.net2F-323.flv_
[2010/05/13 16:40:55 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/11 13:43:22 | 000,000,162 | -H-- | M] () -- C:\Users\terencemagpie\Desktop\~$m-max draft.doc
[2010/05/08 18:09:53 | 000,002,469 | ---- | M] () -- C:\Users\terencemagpie\Desktop\Mass Article Creator.lnk
[2010/05/05 20:59:21 | 000,000,794 | ---- | M] () -- C:\Users\terencemagpie\Desktop\KMPlayer.lnk

========== Files Created - No Company Name ==========

[2010/05/30 01:03:42 | 002,672,312 | ---- | C] () -- C:\Users\terencemagpie\Desktop\esetsmartinstaller_enu.exe
[2010/05/29 23:21:57 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/29 23:21:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/29 23:21:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/29 23:21:57 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/29 23:21:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/29 23:17:39 | 003,700,568 | R--- | C] () -- C:\Users\terencemagpie\Desktop\ComboFix.exe
[2010/05/29 23:14:44 | 000,966,423 | ---- | C] () -- C:\Users\terencemagpie\Desktop\tdsskiller.zip
[2010/05/29 15:23:00 | 2106,535,936 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/28 12:45:47 | 331,602,710 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/28 12:20:12 | 018,467,260 | ---- | C] () -- C:\Users\terencemagpie\Desktop\gf.jpg
[2010/05/28 11:04:07 | 000,293,376 | ---- | C] () -- C:\Users\terencemagpie\Desktop\xkstz1d2.exe
[2010/05/27 20:50:55 | 000,000,411 | ---- | C] () -- C:\Users\terencemagpie\Desktop\regfix.reg
[2010/05/26 19:06:01 | 000,016,896 | ---- | C] () -- C:\Users\terencemagpie\Desktop\DomainStryker.xls
[2010/05/26 15:14:47 | 000,124,614 | ---- | C] () -- C:\Users\terencemagpie\Desktop\connection problem.jpg
[2010/05/26 14:41:59 | 000,192,747 | ---- | C] () -- C:\Users\terencemagpie\Desktop\failed.jpg
[2010/05/21 20:13:24 | 000,705,346 | ---- | C] () -- C:\Users\terencemagpie\Documents\Megaporn.com - hot tutor [bleep]ed.flv_
[2010/05/19 20:03:30 | 000,460,346 | ---- | C] () -- C:\Users\terencemagpie\Documents\Megaporn.com - http3A2F2Fsex520.net2F-323.flv_
[2010/05/13 16:40:55 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/11 13:43:22 | 000,000,162 | -H-- | C] () -- C:\Users\terencemagpie\Desktop\~$m-max draft.doc
[2010/05/05 20:59:21 | 000,000,794 | ---- | C] () -- C:\Users\terencemagpie\Desktop\KMPlayer.lnk
[2010/03/27 22:03:29 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LAME_MP3.dll
[2009/12/23 17:45:39 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/10/12 11:41:41 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/17 09:26:17 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/09/17 09:21:21 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/09/17 09:21:21 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/07/20 18:38:23 | 000,577,536 | ---- | C] () -- C:\Windows\System32\EMSC.DLL
[2009/07/20 18:34:53 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/07/20 18:34:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/12/20 11:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2001/11/15 03:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/03/05 18:12:39 | 000,003,072 | ---- | M] () -- C:\ads_err.adi
[2010/03/05 18:11:38 | 000,002,048 | ---- | M] () -- C:\ads_err.adm
[2010/03/05 18:23:53 | 000,005,656 | ---- | M] () -- C:\ads_err.adt
[2006/09/19 05:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 10:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/07/20 19:04:27 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/05/30 00:42:42 | 000,025,904 | ---- | M] () -- C:\ComboFix.txt
[2006/09/19 05:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/09/16 19:08:36 | 000,002,971 | RH-- | M] () -- C:\dell.sdr
[2010/05/30 01:07:01 | 2106,535,936 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/07 21:58:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/22 00:54:52 | 000,000,360 | -H-- | M] () -- C:\IPH.PH
[2009/12/07 21:58:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/30 01:07:00 | 2420,330,496 | -HS- | M] () -- C:\pagefile.sys
[2010/03/27 22:09:43 | 000,000,040 | ---- | M] () -- C:\SYSTEM.VER
[2010/05/29 23:16:14 | 000,055,912 | ---- | M] () -- C:\TDSSKiller.2.3.1.0_29.05.2010_23.16.00_log.txt
[2010/03/27 22:09:43 | 000,011,032 | ---- | M] () -- C:\YP-U3.LOG

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/11/17 06:29:10 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2008/01/21 10:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 10:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 11:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 11:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 11:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 18:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 18:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /180 >
[2010/03/17 08:28:14 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/17 08:29:27 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/21 08:11:42 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/02/21 05:18:40 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 19:32:31 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 19:32:36 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 19:32:33 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/12/11 20:07:30 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/12/11 20:07:11 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2010/02/18 22:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 19:52:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Files - Unicode (All) ==========
[2010/05/05 16:54:18 | 000,000,870 | ---- | M] ()(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\?????????.lnk) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\谷歌金山词霸合作版.lnk
[2010/05/05 16:54:18 | 000,000,870 | ---- | C] ()(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\?????????.lnk) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\谷歌金山词霸合作版.lnk
[2010/03/01 20:04:09 | 000,000,000 | ---D | M](C:\Users\terencemagpie\Documents\????) -- C:\Users\terencemagpie\Documents\美图图库
[2010/03/01 20:04:09 | 000,000,000 | ---D | C](C:\Users\terencemagpie\Documents\????) -- C:\Users\terencemagpie\Documents\美图图库
[2009/09/29 00:26:31 | 000,000,956 | ---- | M] ()(C:\Users\Public\Desktop\?????????.lnk) -- C:\Users\Public\Desktop\谷歌金山词霸合作版.lnk
[2009/09/29 00:26:31 | 000,000,956 | ---- | C] ()(C:\Users\Public\Desktop\?????????.lnk) -- C:\Users\Public\Desktop\谷歌金山词霸合作版.lnk
[2009/09/24 22:51:31 | 000,001,726 | ---- | M] ()(C:\Users\terencemagpie\Desktop\????.lnk) -- C:\Users\terencemagpie\Desktop\千千静听.lnk
[2009/09/24 22:51:31 | 000,001,726 | ---- | C] ()(C:\Users\terencemagpie\Desktop\????.lnk) -- C:\Users\terencemagpie\Desktop\千千静听.lnk
< End of report >
  • 0

#30
SweetTech
Posted 29 May 2010 - 01:55 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
:OTL
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/05/30 01:05:40 | 002,672,312 | ---- | M] () -- C:\Users\terencemagpie\Desktop\esetsmartinstaller_enu.exe
[2010/05/29 23:15:09 | 000,966,423 | ---- | M] () -- C:\Users\terencemagpie\Desktop\tdsskiller.zip
[2010/05/28 11:04:16 | 000,293,376 | ---- | M] () -- C:\Users\terencemagpie\Desktop\xkstz1d2.exe
[2010/05/29 23:16:14 | 000,055,912 | ---- | M] () -- C:\TDSSKiller.2.3.1.0_29.05.2010_23.16.00_log.txt

:Reg

:Files
C:\Users\terencemagpie\Desktop\Internet Explorer.url
C:\Users\terencemagpie\AppData\Roaming\Microsoft\Windows\Start Menu\Æô¶¯ Internet Explorer ä¯ÀÀÆ÷.url
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


Java Outdated
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note:
The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.


NEXT



Clean Java Cache & Temporary Files
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files
  • Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP