Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Links on Google searches redirect to other sites


  • This topic is locked This topic is locked
15 replies to this topic

#1 Rigen

Rigen

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 25 June 2010 - 05:10 PM

Hi Everyone. I'm new here, and this is my first time posting a topic. I use Mozilla Firefox 3.6.4 on Windows 7, and when I click on links from Google search, it redirects me to other sites. This happens about 25% of the time, and I have to click on the same link 4-7 times before it directs me to the right site. Occasionally, ads pop up even though I didn't click on anything. I ran a scan with BitDefender, but it didn't detect anything. If anyone can help me with this, it would be great. I've pasted a HijackThis log below. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:45 PM, on 6/25/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFCA.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [EPSON NX410 Series] C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE /FU "C:\windows\TEMP\E_SA269.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ryan_yu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ryan_yu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cisco.webex.com/client/T27L10NSP11E...ex/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 8350 bytes


BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:20 AM

Posted 30 June 2010 - 03:29 PM

Hi Rigen,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

STEP 1 - Preparation Guide

Please follow the instructions in the Preparation Guide until you have reached step 6. You may stop once you have finished step 6 and continue with the instructions here.

STEP 2 - MBAM

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 4 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    safebootminimal
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 5 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:20 AM

Posted 04 July 2010 - 12:10 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:20 AM

Posted 05 July 2010 - 05:46 PM

Hi there,

Were you able to get all the tools to run?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 Rigen

Rigen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 05 July 2010 - 05:57 PM

Thank you so much for the help, and thanks for reopening the post!

This is the log file for the MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4281

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/5/2010 2:58:53 PM
mbam-log-2010-07-05 (14-58-53).txt

Scan type: Quick scan
Objects scanned: 129055
Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Ryan_yu\Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.


This is the GMER Log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-05 15:25:54
Windows 6.1.7600
Running: 9cop8cw2.exe; Driver: C:\Users\Ryan_yu\AppData\Local\Temp\pwrdafod.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82221AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82221104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822213F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8220A2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82209898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822211DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82221958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822216F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82221F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822221A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82281599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822A5F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text autochk.exe 004211D1 21 Bytes [51, 8B, 57, 04, 23, 55, F8, ...]
.text autochk.exe 004211E7 3 Bytes CALL 00423B00 \Windows\System32\autochk.exe (Auto Check Utility/Microsoft Corporation)
.text autochk.exe 004211EC 3 Bytes [66, 3D, 08]
.text autochk.exe 004211F0 18 Bytes [76, 31, 8D, 46, FF, 8A, 08, ...]
.text autochk.exe 00421203 60 Bytes [30, 48, EB, EE, 3B, 45, 0C, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\svchost.exe[792] ntdll.dll!NtProtectVirtualMemory 77975360 5 Bytes JMP 007F000A
.text C:\windows\system32\svchost.exe[792] ntdll.dll!NtWriteVirtualMemory 77975EE0 5 Bytes JMP 0080000A
.text C:\windows\system32\svchost.exe[792] ntdll.dll!KiUserExceptionDispatcher 77976448 5 Bytes JMP 007E000A
.text C:\windows\system32\svchost.exe[792] ole32.dll!CoCreateInstance 770F57FC 5 Bytes JMP 0089000A
.text C:\windows\Explorer.EXE[1084] ntdll.dll!NtProtectVirtualMemory 77975360 5 Bytes JMP 002B000A
.text C:\windows\Explorer.EXE[1084] ntdll.dll!NtWriteVirtualMemory 77975EE0 5 Bytes JMP 002C000A
.text C:\windows\Explorer.EXE[1084] ntdll.dll!KiUserExceptionDispatcher 77976448 5 Bytes JMP 002A000A

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 858D1EC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002421d23ff5
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002421d23ff5 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


This is the OTL Log:

OTL logfile created on: 7/5/2010 3:32:52 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\Ryan_yu\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 172.79 Gb Total Space | 95.58 Gb Free Space | 55.31% Space Free | Partition Type: NTFS
Drive D: | 115.20 Gb Total Space | 113.66 Gb Free Space | 98.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYAN_YU-MSI
Current User Name: Ryan_yu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Ryan_yu\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Users\Ryan_yu\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (LMS) Intel® -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (EUCR) -- C:\windows\system32\DRIVERS\EUCR6SK.SYS (ENE Technology Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcDAud) Intel® -- C:\Windows\System32\drivers\IntcDAud.sys (Intel® Corporation)
DRV - (Impcd) -- C:\windows\system32\DRIVERS\Impcd.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (HECI) Intel® -- C:\windows\system32\DRIVERS\HECI.sys (Intel Corporation)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "YouTube Video Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/27 03:32:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/01 17:13:20 | 000,000,000 | ---D | M]

[2010/06/11 03:36:01 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\Mozilla\Extensions
[2010/06/11 03:36:01 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/05 14:18:13 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\Mozilla\Firefox\Profiles\d8x6mye7.default\extensions
[2010/05/01 13:34:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan_yu\AppData\Roaming\Mozilla\Firefox\Profiles\d8x6mye7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/06/26 04:01:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ryan_yu\AppData\Roaming\Mozilla\Firefox\Profiles\d8x6mye7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/03 01:59:40 | 000,002,057 | ---- | M] () -- C:\Users\Ryan_yu\AppData\Roaming\Mozilla\Firefox\Profiles\d8x6mye7.default\searchplugins\youtube-video-search.xml
[2010/06/21 20:05:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 17:27:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/17 17:27:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EPSON NX410 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ryan_yu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ryan_yu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://cisco.webex.com/client/T27L10NSP11E...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{725d0c09-5ebb-11df-b81a-002421f5f2ac}\Shell - "" = AutoRun
O33 - MountPoints2\{725d0c09-5ebb-11df-b81a-002421f5f2ac}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

========== Files/Folders - Created Within 30 Days ==========

[2010/07/05 15:29:53 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan_yu\Desktop\OTL.exe
[2010/07/05 14:51:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\Malwarebytes
[2010/07/05 14:51:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/07/05 14:51:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/07/05 14:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/05 14:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/05 14:48:30 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ryan_yu\Desktop\mbam-setup.exe
[2010/06/29 11:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\HJT
[2010/06/26 22:21:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Local\LogMeIn Hamachi
[2010/06/26 22:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/06/26 04:03:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\dwhelper
[2010/06/25 23:29:31 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\Bang!_2nd_ed_rules
[2010/06/25 14:39:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/21 19:59:07 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2010/06/19 14:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/19 14:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/19 14:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/16 14:56:23 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2010/06/12 00:18:51 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_7.dll
[2010/06/12 00:18:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_5.dll
[2010/06/12 00:18:50 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_43.dll
[2010/06/12 00:18:50 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_43.dll
[2010/06/12 00:18:50 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dcsx_43.dll
[2010/06/12 00:18:50 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_43.dll
[2010/06/12 00:18:50 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx11_43.dll
[2010/06/12 00:18:50 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_7.dll
[2010/06/12 00:18:49 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_6.dll
[2010/06/12 00:18:49 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_6.dll
[2010/06/12 00:18:49 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_4.dll
[2010/06/12 00:18:49 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_7.dll
[2010/06/12 00:18:48 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_42.dll
[2010/06/12 00:18:48 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_5.dll
[2010/06/12 00:18:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_5.dll
[2010/06/12 00:18:47 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dcsx_42.dll
[2010/06/12 00:18:47 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_41.dll
[2010/06/12 00:18:47 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_42.dll
[2010/06/12 00:18:47 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_41.dll
[2010/06/12 00:18:47 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_42.dll
[2010/06/12 00:18:47 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_41.dll
[2010/06/12 00:18:47 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx11_42.dll
[2010/06/12 00:18:46 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_40.dll
[2010/06/12 00:18:46 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_40.dll
[2010/06/12 00:18:46 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_4.dll
[2010/06/12 00:18:46 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_4.dll
[2010/06/12 00:18:46 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_3.dll
[2010/06/12 00:18:46 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_6.dll
[2010/06/12 00:18:45 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_39.dll
[2010/06/12 00:18:45 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_3.dll
[2010/06/12 00:18:45 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_2.dll
[2010/06/12 00:18:45 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_39.dll
[2010/06/12 00:18:45 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_2.dll
[2010/06/12 00:18:45 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_3.dll
[2010/06/12 00:18:45 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_2.dll
[2010/06/12 00:18:45 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_1.dll
[2010/06/12 00:18:45 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_5.dll
[2010/06/12 00:18:44 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_39.dll
[2010/06/12 00:18:44 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_1.dll
[2010/06/12 00:18:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_1.dll
[2010/06/12 00:18:44 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_0.dll
[2010/06/12 00:18:43 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_38.dll
[2010/06/12 00:18:43 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_38.dll
[2010/06/12 00:18:43 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_37.dll
[2010/06/12 00:18:43 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_0.dll
[2010/06/12 00:18:43 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_38.dll
[2010/06/12 00:18:43 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_37.dll
[2010/06/12 00:18:43 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_0.dll
[2010/06/12 00:18:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_4.dll
[2010/06/12 00:18:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_3.dll
[2010/06/12 00:18:42 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_37.dll
[2010/06/12 00:18:42 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_36.dll
[2010/06/12 00:18:42 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_36.dll
[2010/06/12 00:18:42 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_36.dll
[2010/06/12 00:18:42 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_10.dll
[2010/06/12 00:18:41 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_35.dll
[2010/06/12 00:18:41 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_34.dll
[2010/06/12 00:18:41 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_35.dll
[2010/06/12 00:18:41 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_34.dll
[2010/06/12 00:18:41 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_35.dll
[2010/06/12 00:18:41 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_34.dll
[2010/06/12 00:18:41 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_9.dll
[2010/06/12 00:18:41 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_8.dll
[2010/06/12 00:18:41 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_2.dll
[2010/06/12 00:18:40 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_33.dll
[2010/06/12 00:18:40 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_33.dll
[2010/06/12 00:18:40 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_33.dll
[2010/06/12 00:18:40 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10.dll
[2010/06/12 00:18:40 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_7.dll
[2010/06/12 00:18:40 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_6.dll
[2010/06/12 00:18:40 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_5.dll
[2010/06/12 00:18:40 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_3.dll
[2010/06/12 00:18:39 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_31.dll
[2010/06/12 00:18:39 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_4.dll
[2010/06/12 00:18:39 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_3.dll
[2010/06/12 00:18:39 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_2.dll
[2010/06/12 00:18:39 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_2.dll
[2010/06/12 00:18:39 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_1.dll
[2010/06/12 00:18:39 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\x3daudio1_1.dll
[2010/06/12 00:18:38 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_1.dll
[2010/06/12 00:18:36 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_30.dll
[2010/06/12 00:18:35 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_29.dll
[2010/06/12 00:18:35 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_28.dll
[2010/06/12 00:18:35 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_27.dll
[2010/06/12 00:18:35 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_26.dll
[2010/06/12 00:18:35 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_0.dll
[2010/06/12 00:18:35 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\x3daudio1_0.dll
[2010/06/12 00:18:33 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_25.dll
[2010/06/12 00:18:33 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_24.dll
[2010/06/12 00:15:20 | 000,000,000 | -H-D | C] -- C:\windows\msdownld.tmp
[2010/06/12 00:15:17 | 000,000,000 | ---D | C] -- C:\windows\System32\directx
[2010/06/11 23:55:57 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010/06/11 00:26:41 | 000,158,032 | ---- | C] (Microsoft Corporation) -- C:\Users\Ryan_yu\bitdefender_antivirus_2010.exe
[2010/06/10 23:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/06/10 22:10:26 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\BitDefender
[2010/06/10 22:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010/06/10 22:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2010/06/08 19:17:12 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010/06/08 19:17:12 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010/06/08 19:17:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010/06/08 19:17:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010/06/08 19:17:09 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010/06/08 19:17:09 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll
[2010/06/08 19:16:52 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010/06/08 19:16:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2009/12/22 12:15:36 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/05 15:29:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan_yu\Desktop\OTL.exe
[2010/07/05 15:27:14 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/07/05 15:26:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/07/05 15:26:37 | 2301,124,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/05 15:26:07 | 002,621,440 | -HS- | M] () -- C:\Users\Ryan_yu\NTUSER.DAT
[2010/07/05 15:08:47 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 15:08:47 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 15:03:14 | 000,293,376 | ---- | M] () -- C:\Users\Ryan_yu\Desktop\9cop8cw2.exe
[2010/07/05 14:51:46 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/05 14:49:02 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ryan_yu\Desktop\mbam-setup.exe
[2010/07/05 14:43:28 | 000,000,000 | ---- | M] () -- C:\Users\Ryan_yu\defogger_reenable
[2010/07/05 14:39:36 | 000,050,477 | ---- | M] () -- C:\Users\Ryan_yu\Desktop\Defogger.exe
[2010/07/05 14:26:56 | 000,717,892 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/07/05 14:26:56 | 000,618,264 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/07/05 14:26:56 | 000,104,546 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/06/29 16:53:19 | 000,078,491 | ---- | M] () -- C:\Users\Ryan_yu\6-29-10 HS PGel 1.JPG
[2010/06/29 16:40:59 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/06/27 01:07:30 | 000,026,112 | ---- | M] () -- C:\Users\Ryan_yu\nainai.doc
[2010/06/25 23:44:26 | 000,001,490 | ---- | M] () -- C:\Users\Ryan_yu\Desktop\th105 - Shortcut.lnk
[2010/06/24 13:52:19 | 001,132,202 | ---- | M] () -- C:\Users\Ryan_yu\fulltext1.pdf
[2010/06/22 12:04:20 | 001,989,007 | ---- | M] () -- C:\Users\Ryan_yu\Yildiz.Ahmet_kinesin cell.pdf
[2010/06/21 20:05:25 | 000,001,915 | ---- | M] () -- C:\Users\Ryan_yu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/21 19:55:42 | 000,000,052 | ---- | M] () -- C:\windows\System32\ashttpstats.csv
[2010/06/21 11:49:56 | 005,794,738 | ---- | M] () -- C:\Users\Ryan_yu\Articles 2.rar
[2010/06/20 20:41:17 | 000,001,391 | ---- | M] () -- C:\Users\Ryan_yu\Desktop\th123 - Shortcut.lnk
[2010/06/20 16:57:21 | 000,027,265 | ---- | M] () -- C:\Users\Ryan_yu\supu.jpg
[2010/06/20 00:51:07 | 000,018,418 | ---- | M] () -- C:\Users\Ryan_yu\supu07.jpg
[2010/06/20 00:45:13 | 000,035,558 | ---- | M] () -- C:\Users\Ryan_yu\img_976182_20390863_1.gif
[2010/06/19 14:59:48 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/18 01:45:19 | 000,039,424 | ---- | M] () -- C:\Users\Ryan_yu\Animes.doc
[2010/06/16 20:15:42 | 000,032,768 | ---- | M] () -- C:\Users\Ryan_yu\2ch.doc
[2010/06/16 18:58:02 | 000,445,117 | ---- | M] () -- C:\Users\Ryan_yu\1276739189664.jpg
[2010/06/15 12:48:15 | 009,240,236 | ---- | M] () -- C:\Users\Ryan_yu\Articles.rar
[2010/06/14 23:22:31 | 000,027,136 | ---- | M] () -- C:\Users\Ryan_yu\articles.doc
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pcwords2.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pcwords.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_webproxy.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_video.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_tabloids.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_socialnetworks.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_sign.slf
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_searchengines.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_regionaltlds.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_pornography.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_onlineshop.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_onlinepay.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_onlinedating.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_news.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_im.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_illegal.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_hate.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_games.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_gambling.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_drugs.dat
[2010/06/11 02:03:27 | 000,000,385 | ---- | M] () -- C:\windows\System32\user_gensett.xml
[2010/06/11 00:28:08 | 000,013,599 | ---- | M] () -- C:\Users\Ryan_yu\BitDefender.docx
[2010/06/11 00:26:42 | 000,158,032 | ---- | M] (Microsoft Corporation) -- C:\Users\Ryan_yu\bitdefender_antivirus_2010.exe
[2010/06/10 22:20:34 | 000,000,016 | ---- | M] () -- C:\windows\System32\asdict.dat
[2010/06/10 22:20:34 | 000,000,004 | ---- | M] () -- C:\windows\System32\aspdict-en.dat
[2010/06/09 15:48:17 | 002,345,632 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/05 15:03:11 | 000,293,376 | ---- | C] () -- C:\Users\Ryan_yu\Desktop\9cop8cw2.exe
[2010/07/05 14:51:46 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/05 14:43:28 | 000,000,000 | ---- | C] () -- C:\Users\Ryan_yu\defogger_reenable
[2010/07/05 14:39:22 | 000,050,477 | ---- | C] () -- C:\Users\Ryan_yu\Desktop\Defogger.exe
[2010/06/29 16:44:49 | 000,078,491 | ---- | C] () -- C:\Users\Ryan_yu\6-29-10 HS PGel 1.JPG
[2010/06/27 01:07:29 | 000,026,112 | ---- | C] () -- C:\Users\Ryan_yu\nainai.doc
[2010/06/25 23:44:26 | 000,001,490 | ---- | C] () -- C:\Users\Ryan_yu\Desktop\th105 - Shortcut.lnk
[2010/06/24 13:52:19 | 001,132,202 | ---- | C] () -- C:\Users\Ryan_yu\fulltext1.pdf
[2010/06/22 12:04:20 | 001,989,007 | ---- | C] () -- C:\Users\Ryan_yu\Yildiz.Ahmet_kinesin cell.pdf
[2010/06/21 20:05:25 | 000,001,915 | ---- | C] () -- C:\Users\Ryan_yu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/21 11:49:54 | 005,794,738 | ---- | C] () -- C:\Users\Ryan_yu\Articles 2.rar
[2010/06/20 20:41:17 | 000,001,391 | ---- | C] () -- C:\Users\Ryan_yu\Desktop\th123 - Shortcut.lnk
[2010/06/20 16:57:21 | 000,027,265 | ---- | C] () -- C:\Users\Ryan_yu\supu.jpg
[2010/06/20 00:51:07 | 000,018,418 | ---- | C] () -- C:\Users\Ryan_yu\supu07.jpg
[2010/06/20 00:45:13 | 000,035,558 | ---- | C] () -- C:\Users\Ryan_yu\img_976182_20390863_1.gif
[2010/06/19 14:59:48 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/16 18:58:02 | 000,445,117 | ---- | C] () -- C:\Users\Ryan_yu\1276739189664.jpg
[2010/06/16 16:35:10 | 000,032,768 | ---- | C] () -- C:\Users\Ryan_yu\2ch.doc
[2010/06/15 12:48:11 | 009,240,236 | ---- | C] () -- C:\Users\Ryan_yu\Articles.rar
[2010/06/14 23:05:59 | 000,027,136 | ---- | C] () -- C:\Users\Ryan_yu\articles.doc
[2010/06/13 22:50:57 | 000,039,424 | ---- | C] () -- C:\Users\Ryan_yu\Animes.doc
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pcwords2.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pcwords.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_webproxy.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_video.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_tabloids.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_socialnetworks.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_sign.slf
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_searchengines.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_regionaltlds.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_pornography.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlineshop.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlinepay.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlinedating.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_news.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_im.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_illegal.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_hate.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_games.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_gambling.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_drugs.dat
[2010/06/11 02:03:27 | 000,000,385 | ---- | C] () -- C:\windows\System32\user_gensett.xml
[2010/06/11 00:28:07 | 000,013,599 | ---- | C] () -- C:\Users\Ryan_yu\BitDefender.docx
[2010/06/10 23:22:13 | 000,000,052 | ---- | C] () -- C:\windows\System32\ashttpstats.csv
[2010/06/10 22:20:34 | 000,000,016 | ---- | C] () -- C:\windows\System32\asdict.dat
[2010/06/10 22:20:34 | 000,000,004 | ---- | C] () -- C:\windows\System32\aspdict-en.dat
[2010/05/19 17:28:19 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2010/05/19 17:27:00 | 000,000,044 | ---- | C] () -- C:\windows\EPNX410.ini
[2010/04/08 15:23:47 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/12/22 12:15:43 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2009/12/22 12:15:43 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2009/12/22 11:54:04 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/12/22 11:51:57 | 000,361,808 | ---- | C] () -- C:\windows\EMCRI_E.dll
[2009/12/22 11:50:05 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 14:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/06/21 19:55:42 | 000,017,460 | ---- | M] () -- C:\bdlog.txt
[2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/28 17:44:14 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 14:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/07/05 15:26:37 | 2301,124,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/22 00:18:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/22 00:18:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/05 15:26:43 | 3068,166,144 | -HS- | M] () -- C:\pagefile.sys
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\pcversion.txt
[2010/05/11 05:07:41 | 000,042,279 | ---- | M] () -- C:\scramble.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 18:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/13 18:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/19 20:47:42 | 000,041,984 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys

========== Files - Unicode (All) ==========
[2010/05/10 14:37:05 | 001,061,376 | ---- | M] ()(C:\Users\Ryan_yu\2001-2010????????????(????).doc) -- C:\Users\Ryan_yu\2001-2010年考研英语真题及答案详解(免费下载).doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


And this is the OTL Extras Log:

OTL Extras logfile created on: 7/5/2010 3:32:52 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\Ryan_yu\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 172.79 Gb Total Space | 95.58 Gb Free Space | 55.31% Space Free | Partition Type: NTFS
Drive D: | 115.20 Gb Total Space | 113.66 Gb Free Space | 98.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYAN_YU-MSI
Current User Name: Ryan_yu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.8
"{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28F8F8F0-C278-454A-9507-46B344AAD188}" = Corel Painter 11
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11 - ICA
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}" = Corel Painter 11 - IPM
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{840BF2FE-033D-437C-89D1-AAA206BA13B6}" = Langauge
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E90189A-A5D4-4C0E-A908-06C4236F98EE}" = ArcSoft Magic-i Visual Effects 2
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B369483E-0728-405C-8F8C-3427B263B01F}" = Content
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5D7039E-0803-4FE8-976D-156DE1147E4F}" = ArcSoft Print Creations
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = SkypeÖ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"7F523D4F8E191139525DC0260B06BF68E4E581EE" = Windows Driver Package - ENE (EUCR) USB (12/04/2009 5.89.0.64)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 4.3
"Free YouTube Download_is1" = Free YouTube Download 2.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LimeWire" = LimeWire 5.5.9
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"PyMOL" = PyMOL
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Swiff Player_is1" = Swiff Player 1.5
"TVWiz" = Intel® TV Wizard
"ULTIMATER" = Microsoft Office Ultimate 2007
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"uTorrent" = ÁTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/26/2010 12:54:29 AM | Computer Name = Ryan_yu-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2044

Error - 6/26/2010 12:54:29 AM | Computer Name = Ryan_yu-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2044

Error - 6/26/2010 12:54:30 AM | Computer Name = Ryan_yu-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/26/2010 12:54:30 AM | Computer Name = Ryan_yu-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3042

Error - 6/26/2010 12:54:30 AM | Computer Name = Ryan_yu-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3042

Error - 6/26/2010 1:43:23 AM | Computer Name = Ryan_yu-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/26/2010 1:43:23 AM | Computer Name = Ryan_yu-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2936547

Error - 6/26/2010 1:43:23 AM | Computer Name = Ryan_yu-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2936547

Error - 6/26/2010 4:30:00 AM | Computer Name = Ryan_yu-msi | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdaae Exception code: 0xe06d7363 Fault offset: 0x00009617 Faulting
process id: 0x3d8 Faulting application start time: 0x01cb149b55964413 Faulting application
path: C:\windows\system32\svchost.exe Faulting module path: C:\windows\system32\KERNELBASE.dll
Report
Id: 01cf0a45-80fd-11df-9a6d-002421f5f2ac

Error - 6/27/2010 1:20:21 AM | Computer Name = Ryan_yu-msi | Source = VSS | ID = 8193
Description =

[ OSession Events ]
Error - 4/23/2010 5:39:09 AM | Computer Name = Ryan_yu-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5215
seconds with 2160 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/26/2010 4:35:35 AM | Computer Name = Ryan_yu-msi | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 6/26/2010 4:39:20 PM | Computer Name = Ryan_yu-msi | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 6/27/2010 1:21:05 AM | Computer Name = Ryan_yu-msi | Source = Service Control Manager | ID = 7030
Description = The LogMeIn Hamachi 2.0 Tunneling Engine service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.

Error - 6/27/2010 1:21:08 AM | Computer Name = Ryan_yu-msi | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the LogMeIn
Hamachi 2.0 Tunneling Engine service to connect.

Error - 6/27/2010 1:21:08 AM | Computer Name = Ryan_yu-msi | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi 2.0 Tunneling Engine service failed to start due
to the following error: %%1053

Error - 6/27/2010 5:47:51 PM | Computer Name = Ryan_yu-msi | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 6/28/2010 6:14:54 PM | Computer Name = Ryan_yu-msi | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 6/28/2010 6:30:22 PM | Computer Name = Ryan_yu-msi | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.118. The computer with the IP address 192.168.1.112 did
not allow the name to be claimed by this computer.

Error - 6/29/2010 1:40:28 AM | Computer Name = Ryan_yu-msi | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 6/29/2010 1:52:24 PM | Computer Name = Ryan_yu-msi | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2


< End of report >


#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:20 AM

Posted 05 July 2010 - 05:59 PM

Hi there,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#7 Rigen

Rigen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 05 July 2010 - 06:52 PM

Here is the ComboFix Log:

ComboFix 10-07-04.04 - Ryan_yu 07/05/2010 16:40:29.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2926.2151 [GMT -7:00]
Running from: c:\users\Ryan_yu\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\blbdrive.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 )))))))))))))))))))))))))))))))
.

2010-07-05 23:19 . 2010-07-05 23:20 -------- d-----w- C:\32788R22FWJFW
2010-07-05 21:51 . 2010-07-05 21:51 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\Malwarebytes
2010-07-05 21:51 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 21:51 . 2010-07-05 21:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 21:51 . 2010-07-05 21:51 -------- d-----w- c:\programdata\Malwarebytes
2010-07-05 21:51 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-29 18:37 . 2010-06-29 18:37 -------- d-----w- c:\program files\HJT
2010-06-27 05:21 . 2010-07-05 23:19 -------- d-----w- c:\users\Ryan_yu\AppData\Local\LogMeIn Hamachi
2010-06-27 05:20 . 2010-06-27 05:20 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-06-26 11:03 . 2010-06-26 11:05 -------- d-----w- c:\users\Ryan_yu\dwhelper
2010-06-26 06:29 . 2010-06-26 06:29 -------- d-----w- c:\users\Ryan_yu\Bang!_2nd_ed_rules
2010-06-25 21:39 . 2010-06-25 21:39 -------- d-----w- c:\program files\Trend Micro
2010-06-19 21:59 . 2010-06-19 21:59 -------- d-----w- c:\program files\iPod
2010-06-19 21:59 . 2010-06-19 21:59 -------- d-----w- c:\program files\iTunes
2010-06-19 21:57 . 2010-06-19 21:57 -------- d-----w- c:\program files\Bonjour
2010-06-19 21:55 . 2010-06-19 21:55 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-16 21:56 . 2010-06-16 21:56 -------- d-----w- c:\windows\Downloaded Installations
2010-06-12 07:15 . 2010-06-12 07:17 -------- d--h--w- c:\windows\msdownld.tmp
2010-06-12 06:55 . 2010-06-12 06:55 -------- d-----w- c:\windows\Sun
2010-06-11 09:16 . 2010-06-11 09:16 0 ----a-w- c:\windows\system32\pcwords2.dat
2010-06-11 07:26 . 2010-06-11 07:26 158032 ----a-w- c:\users\Ryan_yu\bitdefender_antivirus_2010.exe
2010-06-11 05:20 . 2010-06-11 05:20 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-06-11 05:20 . 2010-06-11 05:20 16 ----a-w- c:\windows\system32\asdict.dat
2010-06-11 05:10 . 2010-06-22 02:57 -------- d-----w- c:\programdata\BitDefender
2010-06-11 05:10 . 2010-06-11 05:10 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\BitDefender
2010-06-11 05:09 . 2010-06-22 02:57 -------- d-----w- c:\program files\Common Files\BitDefender
2010-06-09 02:17 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 02:17 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 02:17 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 02:16 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 02:16 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 05:31 . 2010-04-07 22:57 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\Skype
2010-07-03 02:17 . 2010-04-07 23:01 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\skypePM
2010-07-02 05:05 . 2010-04-17 23:42 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\uTorrent
2010-07-01 01:27 . 2010-04-18 06:22 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\Media Player Classic
2010-06-29 23:40 . 2010-04-30 10:30 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-06-29 23:40 . 2010-04-30 10:30 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-06-20 03:15 . 2010-04-18 00:11 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\Apple Computer
2010-06-19 21:59 . 2010-04-18 00:08 -------- d-----w- c:\program files\Common Files\Apple
2010-06-14 01:22 . 2009-12-22 18:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-11 10:39 . 2010-04-18 06:36 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\LimeWire
2010-06-11 09:16 . 2010-06-11 09:16 0 ----a-w- c:\windows\system32\pcwords.dat
2010-06-04 22:17 . 2010-06-04 22:17 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\DNA Baser
2010-06-02 23:50 . 2010-06-02 23:50 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-06-02 23:23 . 2010-06-01 06:20 -------- d-----w- c:\program files\Gabest
2010-06-02 11:55 . 2010-06-12 07:18 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 11:55 . 2010-06-12 07:18 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 11:55 . 2010-06-12 07:18 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 18:41 . 2010-06-12 07:18 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 18:41 . 2010-06-12 07:18 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 18:41 . 2010-06-12 07:18 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 18:41 . 2010-06-12 07:18 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 18:41 . 2010-06-12 07:18 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-20 00:33 . 2010-05-20 00:33 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\Leader Technologies
2010-05-20 00:30 . 2010-05-20 00:30 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\Leadertech
2010-05-20 00:28 . 2010-05-20 00:27 -------- d-----w- c:\program files\epson
2010-05-20 00:28 . 2010-05-20 00:27 -------- d-----w- c:\programdata\EPSON
2010-05-20 00:28 . 2010-05-20 00:28 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\InstallShield
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-17 00:36 . 2010-05-17 00:32 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\ooVoo Details
2010-05-14 06:58 . 2010-05-01 20:34 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\DVDVideoSoftIEHelpers
2010-05-14 06:58 . 2010-04-18 00:24 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-14 06:57 . 2010-04-18 00:24 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-14 05:19 . 2010-05-14 05:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-12 23:33 . 2010-05-12 23:33 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\UDC Profiles
2010-05-12 23:33 . 2010-05-12 23:33 -------- d-----w- c:\program files\Universal Document Converter
2010-05-12 18:21 . 2010-04-07 17:47 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 10:00 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-11 12:13 . 2010-05-11 12:13 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\vlc
2010-05-11 12:08 . 2010-05-11 12:08 -------- d-----w- c:\program files\Atrinsic
2010-05-11 12:08 . 2010-05-11 12:08 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\WeatherBug
2010-05-11 12:08 . 2010-05-11 12:08 18944 ----a-r- c:\users\Ryan_yu\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-05-11 10:52 . 2010-05-11 10:52 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\Windows Live Writer
2010-05-09 11:59 . 2010-04-20 02:33 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\Aegisub
2010-04-30 10:30 . 2010-04-30 10:30 8 --sh--r- c:\programdata\15C33068EA.sys
2010-04-30 10:30 . 2010-04-30 10:30 8 --sh--r- c:\programdata\15C33068EA.sys
2010-04-30 04:38 . 2010-04-07 17:37 111208 ----a-w- c:\users\Ryan_yu\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-23 07:13 . 2010-05-25 21:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-20 03:47 . 2010-04-20 03:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 03:47 . 2010-04-20 03:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-18 00:27 . 2010-04-18 00:27 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-07 23:02 . 2010-04-07 23:02 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-04-07 18:11 . 2010-04-07 18:11 2485883 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-04-07 17:36 . 2010-04-07 17:36 6 ----a-w- c:\windows\silentOnce.tmp
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-24 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-24 166936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-02 7596576]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-05 2072576]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 82128]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 209920]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msi.msn.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Ryan_yu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Ryan_yu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\users\Ryan_yu\AppData\Roaming\Mozilla\Firefox\Profiles\d8x6mye7.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Ryan_yu\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-07-05 16:46:46
ComboFix-quarantined-files.txt 2010-07-05 23:46

Pre-Run: 102,650,777,600 bytes free
Post-Run: 102,443,081,728 bytes free

- - End Of File - - 3AA45E245387B70C0E4337BE3523B8A0


#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:20 AM

Posted 05 July 2010 - 07:11 PM

Hi there,

Close any open browsers, and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

CODE
File::
c:\programdata\15C33068EA.sys
  • Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 Rigen

Rigen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 05 July 2010 - 07:25 PM

Here is the log:

ComboFix 10-07-04.04 - Ryan_yu 07/05/2010 17:17:04.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2926.2049 [GMT -7:00]
Running from: c:\users\Ryan_yu\Desktop\ComboFix.exe
Command switches used :: c:\users\Ryan_yu\Desktop\CFScript.txt

FILE ::
"c:\programdata\15C33068EA.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\15C33068EA.sys

.
((((((((((((((((((((((((( Files Created from 2010-06-06 to 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-06 00:21 . 2010-07-06 00:21 -------- d-----w- c:\users\Ryan_yu\AppData\Local\temp
2010-07-06 00:21 . 2010-07-06 00:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-06 00:21 . 2010-07-06 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-05 21:51 . 2010-07-05 21:51 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\Malwarebytes
2010-07-05 21:51 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 21:51 . 2010-07-05 21:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 21:51 . 2010-07-05 21:51 -------- d-----w- c:\programdata\Malwarebytes
2010-07-05 21:51 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-29 18:37 . 2010-06-29 18:37 -------- d-----w- c:\program files\HJT
2010-06-27 05:21 . 2010-07-05 23:19 -------- d-----w- c:\users\Ryan_yu\AppData\Local\LogMeIn Hamachi
2010-06-27 05:20 . 2010-06-27 05:20 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-06-26 11:03 . 2010-06-26 11:05 -------- d-----w- c:\users\Ryan_yu\dwhelper
2010-06-26 06:29 . 2010-06-26 06:29 -------- d-----w- c:\users\Ryan_yu\Bang!_2nd_ed_rules
2010-06-25 21:39 . 2010-06-25 21:39 -------- d-----w- c:\program files\Trend Micro
2010-06-19 21:59 . 2010-06-19 21:59 -------- d-----w- c:\program files\iPod
2010-06-19 21:59 . 2010-06-19 21:59 -------- d-----w- c:\program files\iTunes
2010-06-19 21:57 . 2010-06-19 21:57 -------- d-----w- c:\program files\Bonjour
2010-06-19 21:55 . 2010-06-19 21:55 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-16 21:56 . 2010-06-16 21:56 -------- d-----w- c:\windows\Downloaded Installations
2010-06-12 07:15 . 2010-06-12 07:17 -------- d--h--w- c:\windows\msdownld.tmp
2010-06-12 06:55 . 2010-06-12 06:55 -------- d-----w- c:\windows\Sun
2010-06-11 09:16 . 2010-06-11 09:16 0 ----a-w- c:\windows\system32\pcwords2.dat
2010-06-11 07:26 . 2010-06-11 07:26 158032 ----a-w- c:\users\Ryan_yu\bitdefender_antivirus_2010.exe
2010-06-11 05:20 . 2010-06-11 05:20 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-06-11 05:20 . 2010-06-11 05:20 16 ----a-w- c:\windows\system32\asdict.dat
2010-06-11 05:10 . 2010-06-22 02:57 -------- d-----w- c:\programdata\BitDefender
2010-06-11 05:10 . 2010-06-11 05:10 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\BitDefender
2010-06-11 05:09 . 2010-06-22 02:57 -------- d-----w- c:\program files\Common Files\BitDefender
2010-06-09 02:17 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 02:17 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 02:17 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 02:16 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 02:16 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 05:31 . 2010-04-07 22:57 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\Skype
2010-07-03 02:17 . 2010-04-07 23:01 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\skypePM
2010-07-02 05:05 . 2010-04-17 23:42 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\uTorrent
2010-07-01 01:27 . 2010-04-18 06:22 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\Media Player Classic
2010-06-29 23:40 . 2010-04-30 10:30 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-06-29 23:40 . 2010-04-30 10:30 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-06-20 03:15 . 2010-04-18 00:11 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\Apple Computer
2010-06-19 21:59 . 2010-04-18 00:08 -------- d-----w- c:\program files\Common Files\Apple
2010-06-14 01:22 . 2009-12-22 18:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-11 10:39 . 2010-04-18 06:36 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\LimeWire
2010-06-11 09:16 . 2010-06-11 09:16 0 ----a-w- c:\windows\system32\pcwords.dat
2010-06-04 22:17 . 2010-06-04 22:17 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\DNA Baser
2010-06-02 23:50 . 2010-06-02 23:50 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-06-02 23:23 . 2010-06-01 06:20 -------- d-----w- c:\program files\Gabest
2010-06-02 11:55 . 2010-06-12 07:18 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 11:55 . 2010-06-12 07:18 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 11:55 . 2010-06-12 07:18 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 18:41 . 2010-06-12 07:18 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 18:41 . 2010-06-12 07:18 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 18:41 . 2010-06-12 07:18 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 18:41 . 2010-06-12 07:18 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 18:41 . 2010-06-12 07:18 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-20 00:33 . 2010-05-20 00:33 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\Leader Technologies
2010-05-20 00:30 . 2010-05-20 00:30 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\Leadertech
2010-05-20 00:28 . 2010-05-20 00:27 -------- d-----w- c:\program files\epson
2010-05-20 00:28 . 2010-05-20 00:27 -------- d-----w- c:\programdata\EPSON
2010-05-20 00:28 . 2010-05-20 00:28 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\InstallShield
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-17 00:36 . 2010-05-17 00:32 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\ooVoo Details
2010-05-14 06:58 . 2010-05-01 20:34 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\DVDVideoSoftIEHelpers
2010-05-14 06:58 . 2010-04-18 00:24 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-14 06:57 . 2010-04-18 00:24 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-14 05:19 . 2010-05-14 05:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-12 23:33 . 2010-05-12 23:33 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\UDC Profiles
2010-05-12 23:33 . 2010-05-12 23:33 -------- d-----w- c:\program files\Universal Document Converter
2010-05-12 18:21 . 2010-04-07 17:47 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 10:00 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-11 12:13 . 2010-05-11 12:13 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\vlc
2010-05-11 12:08 . 2010-05-11 12:08 -------- d-----w- c:\program files\Atrinsic
2010-05-11 12:08 . 2010-05-11 12:08 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\WeatherBug
2010-05-11 12:08 . 2010-05-11 12:08 18944 ----a-r- c:\users\Ryan_yu\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-05-11 10:52 . 2010-05-11 10:52 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\Windows Live Writer
2010-05-09 11:59 . 2010-04-20 02:33 -------- d-----w- c:\users\Ryan_yu\AppData\Roaming\Aegisub
2010-04-30 04:38 . 2010-04-07 17:37 111208 ----a-w- c:\users\Ryan_yu\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-23 07:13 . 2010-05-25 21:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-20 03:47 . 2010-04-20 03:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 03:47 . 2010-04-20 03:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-18 00:27 . 2010-04-18 00:27 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-07 23:02 . 2010-04-07 23:02 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-04-07 18:11 . 2010-04-07 18:11 2485883 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-04-07 17:36 . 2010-04-07 17:36 6 ----a-w- c:\windows\silentOnce.tmp
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-07-05_23.45.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-08 15:41 . 2010-07-06 00:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-08 15:41 . 2010-07-05 23:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-08 15:41 . 2010-07-06 00:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-04-08 15:41 . 2010-07-05 23:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-04-08 15:41 . 2010-07-06 00:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-04-08 15:41 . 2010-07-05 23:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-04-07 22:50 . 2010-07-05 23:33 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-07 22:50 . 2010-07-06 00:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 02:05 . 2010-07-06 00:04 618264 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-07-05 23:35 618264 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-07-05 23:35 104546 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-07-06 00:04 104546 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-24 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-24 166936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-02 7596576]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-05 2072576]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]
S3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 82128]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 209920]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msi.msn.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Ryan_yu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Ryan_yu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\users\Ryan_yu\AppData\Roaming\Mozilla\Firefox\Profiles\d8x6mye7.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Ryan_yu\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-07-05 17:22:48
ComboFix-quarantined-files.txt 2010-07-06 00:22
ComboFix2.txt 2010-07-05 23:46

Pre-Run: 101,701,488,640 bytes free
Post-Run: 101,644,689,408 bytes free

- - End Of File - - 60737F96C9D535E4FB40E2D5E777A256


#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:20 AM

Posted 05 July 2010 - 07:41 PM

Hi there,

Try searching on Google and see if it gives you any redirects.

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 Rigen

Rigen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 05 July 2010 - 10:51 PM

Hi
So far, the links haven't been redirecting.
Here is the MBAM Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4281

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/5/2010 6:46:08 PM
mbam-log-2010-07-05 (18-46-08).txt

Scan type: Quick scan
Objects scanned: 130923
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

and here is the Kaspersky Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, July 5, 2010
Operating system: Microsoft Home Edition (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, July 05, 2010 23:12:27
Records in database: 4244216
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 96371
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 01:32:48


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\windows\system32\Drivers\blbdrive.sys.vir Infected: Rootkit.Win32.TDSS.ap 1

Selected area has been scanned.


#12 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:20 AM

Posted 05 July 2010 - 11:02 PM

Hi there,

Everything looks good so far, are you still having any other problems?

Open up OTL and push the Quickscan button. Post the resulting log here.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#13 Rigen

Rigen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 05 July 2010 - 11:11 PM

It doesn't seem like I'm having problems. The internet is working fine. Here is the OTL Log:

OTL logfile created on: 7/5/2010 9:04:20 PM - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\Ryan_yu\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 172.79 Gb Total Space | 95.55 Gb Free Space | 55.30% Space Free | Partition Type: NTFS
Drive D: | 115.20 Gb Total Space | 113.66 Gb Free Space | 98.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYAN_YU-MSI
Current User Name: Ryan_yu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Ryan_yu\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Users\Ryan_yu\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (LMS) Intel® -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\Ryan_yu\AppData\Local\Temp\catchme.sys File not found
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (EUCR) -- C:\windows\system32\DRIVERS\EUCR6SK.SYS (ENE Technology Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcDAud) Intel® -- C:\Windows\System32\drivers\IntcDAud.sys (Intel® Corporation)
DRV - (Impcd) -- C:\windows\system32\DRIVERS\Impcd.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (HECI) Intel® -- C:\windows\system32\DRIVERS\HECI.sys (Intel Corporation)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "YouTube Video Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/27 03:32:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/01 17:13:20 | 000,000,000 | ---D | M]

[2010/06/11 03:36:01 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\Mozilla\Extensions
[2010/06/11 03:36:01 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/05 14:18:13 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\Mozilla\Firefox\Profiles\d8x6mye7.default\extensions
[2010/05/01 13:34:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan_yu\AppData\Roaming\Mozilla\Firefox\Profiles\d8x6mye7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/06/26 04:01:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ryan_yu\AppData\Roaming\Mozilla\Firefox\Profiles\d8x6mye7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/03 01:59:40 | 000,002,057 | ---- | M] () -- C:\Users\Ryan_yu\AppData\Roaming\Mozilla\Firefox\Profiles\d8x6mye7.default\searchplugins\youtube-video-search.xml
[2010/06/21 20:05:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 17:27:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/17 17:27:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/05 17:21:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ryan_yu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ryan_yu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://cisco.webex.com/client/T27L10NSP11E...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/05 18:41:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\Desktop\Logs
[2010/07/05 17:46:33 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan_yu\Desktop\TFC.exe
[2010/07/05 17:22:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/05 17:22:50 | 000,000,000 | ---D | C] -- C:\windows\temp
[2010/07/05 17:22:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Local\temp
[2010/07/05 17:16:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2010/07/05 17:16:01 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/05 16:20:42 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2010/07/05 16:20:42 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2010/07/05 16:20:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2010/07/05 16:20:36 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2010/07/05 16:20:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/05 15:29:53 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan_yu\Desktop\OTL.exe
[2010/07/05 14:51:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\Malwarebytes
[2010/07/05 14:51:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/07/05 14:51:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/07/05 14:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/05 14:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/05 14:48:30 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ryan_yu\Desktop\mbam-setup.exe
[2010/06/29 11:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\HJT
[2010/06/26 22:21:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Local\LogMeIn Hamachi
[2010/06/26 22:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/06/26 04:03:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\dwhelper
[2010/06/25 23:29:31 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\Bang!_2nd_ed_rules
[2010/06/25 14:39:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/21 19:59:07 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2010/06/19 14:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/19 14:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/19 14:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/16 14:56:23 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2010/06/12 00:15:17 | 000,000,000 | ---D | C] -- C:\windows\System32\directx
[2010/06/11 23:55:57 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010/06/11 00:26:41 | 000,158,032 | ---- | C] (Microsoft Corporation) -- C:\Users\Ryan_yu\bitdefender_antivirus_2010.exe
[2010/06/10 23:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/06/10 22:10:26 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\BitDefender
[2010/06/10 22:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010/06/10 22:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2010/06/04 15:17:31 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\DNA Baser
[2010/06/02 16:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/05/31 23:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest
[2010/05/25 21:54:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Local\Yahoo!
[2010/05/19 17:33:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\Leader Technologies
[2010/05/19 17:30:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\Leadertech
[2010/05/19 17:28:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\InstallShield
[2010/05/19 17:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010/05/19 17:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2010/05/16 17:44:53 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\Documents\My ooVoo
[2010/05/16 17:32:26 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\ooVoo Details
[2010/05/12 16:33:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\UDC Profiles
[2010/05/12 16:33:44 | 000,024,440 | ---- | C] (fCoder Group, Inc.) -- C:\windows\System32\udcpm.dll
[2010/05/12 16:33:43 | 000,000,000 | R--D | C] -- C:\Users\Ryan_yu\Documents\UDC Output Files
[2010/05/12 16:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Universal Document Converter
[2010/05/11 05:13:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\vlc
[2010/05/11 05:08:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Local\WeatherBug
[2010/05/11 05:08:26 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\WeatherBug
[2010/05/11 05:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Atrinsic
[2010/05/11 03:52:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\Windows Live Writer
[2010/05/11 03:52:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Local\Windows Live Writer
[2010/05/11 03:52:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\Documents\My Weblog Posts
[2010/05/10 00:51:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\Documents\My Received Files
[2010/05/01 13:34:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/04/30 03:30:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\Corel
[2010/04/30 03:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2010/04/30 03:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2010/04/30 03:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2010/04/30 03:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2010/04/30 03:14:03 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\Corel Painter v11 [2009] [CORE.Keygen] [ENG] [Arx]
[2010/04/29 00:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\GlobFX
[2010/04/23 02:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/04/23 00:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/04/22 04:00:20 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\Pymol
[2010/04/22 00:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\DeLano Scientific
[2010/04/19 22:19:03 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\Tracing
[2010/04/19 19:33:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\Aegisub
[2010/04/18 22:26:20 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Local\Microsoft Games
[2010/04/17 23:37:46 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\Incomplete
[2010/04/17 23:37:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\Documents\LimeWire
[2010/04/17 23:36:11 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\LimeWire
[2010/04/17 23:22:28 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\Media Player Classic
[2010/04/17 17:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/04/17 17:52:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Local\Microsoft Help
[2010/04/17 17:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Power Tab Software
[2010/04/17 17:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/17 17:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/17 17:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\Project64 v1.5
[2010/04/17 17:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/17 17:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/04/17 17:24:53 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\Documents\DVDVideoSoft
[2010/04/17 17:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/04/17 17:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/04/17 17:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Aegisub
[2010/04/17 17:13:31 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\NJStar
[2010/04/17 17:11:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\Apple Computer
[2010/04/17 17:11:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Local\Apple Computer
[2010/04/17 17:11:39 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE
[2010/04/17 17:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/17 17:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/17 17:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/04/17 17:09:14 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Local\Apple
[2010/04/17 17:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/17 17:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/04/17 17:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/17 16:55:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\Ryan
[2010/04/17 16:55:28 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\Ruixuan
[2010/04/17 16:55:26 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\NJStar Japanese WP
[2010/04/17 16:55:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\NJStar Chinese WP
[2010/04/17 16:55:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\vGundam
[2010/04/17 16:54:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\items
[2010/04/17 16:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/04/17 16:42:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\uTorrent
[2010/04/17 16:38:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\Mozilla
[2010/04/17 16:38:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Local\Mozilla
[2010/04/17 16:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/16 20:08:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\webex
[2010/04/16 20:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2010/04/10 11:00:48 | 000,000,000 | ---D | C] -- C:\windows\System32\Wat
[2010/04/08 15:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/04/07 21:08:35 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Local\Diagnostics
[2010/04/07 16:52:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\Documents\WebCam Media
[2010/04/07 16:01:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\skypePM
[2010/04/07 15:57:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\Skype
[2010/04/07 15:56:23 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/04/07 15:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/04/07 15:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/04/07 11:11:36 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Local\Programs
[2010/04/07 11:11:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Local\ArcSoft
[2010/04/07 11:11:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Local\Adobe
[2010/04/07 11:11:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\ArcSoft
[2010/04/07 11:11:06 | 000,000,000 | R--D | C] -- C:\Users\Ryan_yu\Searches
[2010/04/07 11:11:06 | 000,000,000 | -H-D | C] -- C:\Users\Ryan_yu\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/04/07 11:10:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\Identities
[2010/04/07 11:10:56 | 000,000,000 | R--D | C] -- C:\Users\Ryan_yu\Contacts
[2010/04/07 10:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/04/07 10:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/04/07 10:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/04/07 10:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/04/07 10:39:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/04/07 10:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/04/07 10:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/04/07 10:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/04/07 10:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/07 10:37:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\Macromedia
[2010/04/07 10:37:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\Adobe
[2010/04/07 10:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/04/07 10:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/07 10:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/07 10:33:46 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Local\VirtualStore
[2010/04/07 10:33:44 | 000,000,000 | --SD | C] -- C:\Users\Ryan_yu\AppData\Roaming\Microsoft
[2010/04/07 10:33:44 | 000,000,000 | R--D | C] -- C:\Users\Ryan_yu\Videos
[2010/04/07 10:33:44 | 000,000,000 | R--D | C] -- C:\Users\Ryan_yu\Saved Games
[2010/04/07 10:33:44 | 000,000,000 | R--D | C] -- C:\Users\Ryan_yu\Pictures
[2010/04/07 10:33:44 | 000,000,000 | R--D | C] -- C:\Users\Ryan_yu\Music
[2010/04/07 10:33:44 | 000,000,000 | R--D | C] -- C:\Users\Ryan_yu\Links
[2010/04/07 10:33:44 | 000,000,000 | R--D | C] -- C:\Users\Ryan_yu\Favorites
[2010/04/07 10:33:44 | 000,000,000 | R--D | C] -- C:\Users\Ryan_yu\My Documents
[2010/04/07 10:33:44 | 000,000,000 | R--D | C] -- C:\Users\Ryan_yu\Desktop
[2010/04/07 10:33:44 | 000,000,000 | -HSD | C] -- C:\Users\Ryan_yu\AppData\Local\Temporary Internet Files
[2010/04/07 10:33:44 | 000,000,000 | -HSD | C] -- C:\Users\Ryan_yu\Templates
[2010/04/07 10:33:44 | 000,000,000 | -HSD | C] -- C:\Users\Ryan_yu\Start Menu
[2010/04/07 10:33:44 | 000,000,000 | -HSD | C] -- C:\Users\Ryan_yu\SendTo
[2010/04/07 10:33:44 | 000,000,000 | -HSD | C] -- C:\Users\Ryan_yu\Recent
[2010/04/07 10:33:44 | 000,000,000 | -HSD | C] -- C:\Users\Ryan_yu\PrintHood
[2010/04/07 10:33:44 | 000,000,000 | -HSD | C] -- C:\Users\Ryan_yu\NetHood
[2010/04/07 10:33:44 | 000,000,000 | -HSD | C] -- C:\Users\Ryan_yu\Documents\My Videos
[2010/04/07 10:33:44 | 000,000,000 | -HSD | C] -- C:\Users\Ryan_yu\Documents\My Pictures
[2010/04/07 10:33:44 | 000,000,000 | -HSD | C] -- C:\Users\Ryan_yu\Documents\My Music
[2010/04/07 10:33:44 | 000,000,000 | -HSD | C] -- C:\Users\Ryan_yu\My Documents
[2010/04/07 10:33:44 | 000,000,000 | -HSD | C] -- C:\Users\Ryan_yu\Local Settings
[2010/04/07 10:33:44 | 000,000,000 | -HSD | C] -- C:\Users\Ryan_yu\AppData\Local\History
[2010/04/07 10:33:44 | 000,000,000 | -HSD | C] -- C:\Users\Ryan_yu\Cookies
[2010/04/07 10:33:44 | 000,000,000 | -HSD | C] -- C:\Users\Ryan_yu\Application Data
[2010/04/07 10:33:44 | 000,000,000 | -HSD | C] -- C:\Users\Ryan_yu\AppData\Local\Application Data
[2010/04/07 10:33:44 | 000,000,000 | -H-D | C] -- C:\Users\Ryan_yu\AppData
[2010/04/07 10:33:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Local\Microsoft
[2010/04/07 10:33:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\AppData\Roaming\Media Center Programs
[2010/04/07 10:33:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan_yu\Downloads
[2010/04/07 10:33:16 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2009/12/22 12:15:36 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 90 Days ==========

[2010/07/05 21:05:05 | 002,621,440 | -HS- | M] () -- C:\Users\Ryan_yu\NTUSER.DAT
[2010/07/05 18:51:17 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 18:51:17 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 18:45:01 | 000,717,892 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/07/05 18:45:01 | 000,618,264 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/07/05 18:45:01 | 000,104,546 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/07/05 18:38:52 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/07/05 18:38:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/07/05 18:38:44 | 2301,124,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/05 18:38:08 | 000,784,820 | -H-- | M] () -- C:\Users\Ryan_yu\AppData\Local\IconCache.db
[2010/07/05 17:46:34 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan_yu\Desktop\TFC.exe
[2010/07/05 17:21:09 | 000,000,215 | ---- | M] () -- C:\windows\system.ini
[2010/07/05 17:21:04 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2010/07/05 16:16:17 | 003,726,382 | R--- | M] () -- C:\Users\Ryan_yu\Desktop\ComboFix.exe
[2010/07/05 15:29:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan_yu\Desktop\OTL.exe
[2010/07/05 15:03:14 | 000,293,376 | ---- | M] () -- C:\Users\Ryan_yu\Desktop\9cop8cw2.exe
[2010/07/05 14:51:46 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/05 14:49:02 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ryan_yu\Desktop\mbam-setup.exe
[2010/07/05 14:43:28 | 000,000,000 | ---- | M] () -- C:\Users\Ryan_yu\defogger_reenable
[2010/07/05 14:39:36 | 000,050,477 | ---- | M] () -- C:\Users\Ryan_yu\Desktop\Defogger.exe
[2010/06/29 16:53:19 | 000,078,491 | ---- | M] () -- C:\Users\Ryan_yu\6-29-10 HS PGel 1.JPG
[2010/06/29 16:40:59 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/06/27 01:07:30 | 000,026,112 | ---- | M] () -- C:\Users\Ryan_yu\nainai.doc
[2010/06/25 23:44:26 | 000,001,490 | ---- | M] () -- C:\Users\Ryan_yu\Desktop\th105 - Shortcut.lnk
[2010/06/24 13:52:19 | 001,132,202 | ---- | M] () -- C:\Users\Ryan_yu\fulltext1.pdf
[2010/06/22 12:04:20 | 001,989,007 | ---- | M] () -- C:\Users\Ryan_yu\Yildiz.Ahmet_kinesin cell.pdf
[2010/06/21 20:05:25 | 000,001,915 | ---- | M] () -- C:\Users\Ryan_yu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/21 19:55:42 | 000,000,052 | ---- | M] () -- C:\windows\System32\ashttpstats.csv
[2010/06/21 11:49:56 | 005,794,738 | ---- | M] () -- C:\Users\Ryan_yu\Articles 2.rar
[2010/06/20 20:41:17 | 000,001,391 | ---- | M] () -- C:\Users\Ryan_yu\Desktop\th123 - Shortcut.lnk
[2010/06/20 16:57:21 | 000,027,265 | ---- | M] () -- C:\Users\Ryan_yu\supu.jpg
[2010/06/20 00:51:07 | 000,018,418 | ---- | M] () -- C:\Users\Ryan_yu\supu07.jpg
[2010/06/20 00:45:13 | 000,035,558 | ---- | M] () -- C:\Users\Ryan_yu\img_976182_20390863_1.gif
[2010/06/19 14:59:48 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/18 01:45:19 | 000,039,424 | ---- | M] () -- C:\Users\Ryan_yu\Animes.doc
[2010/06/16 20:15:42 | 000,032,768 | ---- | M] () -- C:\Users\Ryan_yu\2ch.doc
[2010/06/16 18:58:02 | 000,445,117 | ---- | M] () -- C:\Users\Ryan_yu\1276739189664.jpg
[2010/06/15 12:48:15 | 009,240,236 | ---- | M] () -- C:\Users\Ryan_yu\Articles.rar
[2010/06/14 23:22:31 | 000,027,136 | ---- | M] () -- C:\Users\Ryan_yu\articles.doc
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pcwords2.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pcwords.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_webproxy.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_video.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_tabloids.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_socialnetworks.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_sign.slf
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_searchengines.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_regionaltlds.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_pornography.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_onlineshop.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_onlinepay.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_onlinedating.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_news.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_im.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_illegal.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_hate.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_games.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_gambling.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_drugs.dat
[2010/06/11 02:03:27 | 000,000,385 | ---- | M] () -- C:\windows\System32\user_gensett.xml
[2010/06/11 00:28:08 | 000,013,599 | ---- | M] () -- C:\Users\Ryan_yu\BitDefender.docx
[2010/06/10 22:20:34 | 000,000,016 | ---- | M] () -- C:\windows\System32\asdict.dat
[2010/06/10 22:20:34 | 000,000,004 | ---- | M] () -- C:\windows\System32\aspdict-en.dat
[2010/06/09 15:48:17 | 002,345,632 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/05/19 17:30:27 | 000,000,044 | ---- | M] () -- C:\windows\EPNX410.ini
[2010/05/19 17:27:37 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/05/15 12:02:30 | 000,226,382 | ---- | M] () -- C:\Users\Ryan_yu\graduation 2010.docx
[2010/05/13 23:58:05 | 000,001,203 | ---- | M] () -- C:\Users\Ryan_yu\Desktop\DVDVideoSoft Free Studio.lnk
[2010/05/13 22:42:07 | 000,051,737 | -HS- | M] () -- C:\Users\Ryan_yu\Desktop\Folder.jpg
[2010/05/13 22:42:07 | 000,009,604 | -HS- | M] () -- C:\Users\Ryan_yu\Desktop\AlbumArtSmall.jpg
[2010/05/13 22:19:04 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/05/11 05:08:29 | 000,000,205 | ---- | M] () -- C:\Users\Ryan_yu\Application Data\Microsoft\Internet Explorer\Quick Launch\1000 Free Songs!.url
[2010/05/11 05:08:28 | 000,000,209 | ---- | M] () -- C:\Users\Ryan_yu\Application Data\Microsoft\Internet Explorer\Quick Launch\FREE GAMES!.url
[2010/05/10 16:02:25 | 000,024,576 | ---- | M] () -- C:\Users\Ryan_yu\Sample Chinese Exam.doc
[2010/04/30 23:18:27 | 000,001,610 | ---- | M] () -- C:\Users\Ryan_yu\Painter 11 - Shortcut.lnk
[2010/04/29 21:38:12 | 000,111,208 | ---- | M] () -- C:\Users\Ryan_yu\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/29 17:11:46 | 000,000,889 | ---- | M] () -- C:\Users\Ryan_yu\Desktop\Downloads - Shortcut.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\windows\PEV.exe
[2010/04/22 00:18:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/22 00:18:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/19 19:32:49 | 000,002,292 | ---- | M] () -- C:\Users\Ryan_yu\AppData\Roaming\ASSDraw3.cfg
[2010/04/17 17:58:59 | 000,000,499 | ---- | M] () -- C:\windows\win.ini
[2010/04/17 17:33:45 | 000,001,265 | ---- | M] () -- C:\Users\Ryan_yu\VisualBoyAdvance - Shortcut.lnk
[2010/04/17 17:33:37 | 000,001,173 | ---- | M] () -- C:\Users\Ryan_yu\snes9x - Shortcut.lnk
[2010/04/17 17:27:34 | 000,001,100 | ---- | M] () -- C:\Users\Ryan_yu\Project64.lnk
[2010/04/17 17:20:14 | 000,001,265 | ---- | M] () -- C:\Users\Ryan_yu\Desktop\Copy of i_view32 - Shortcut.lnk
[2010/04/17 17:13:41 | 000,001,285 | ---- | M] () -- C:\Users\Ryan_yu\Desktop\Njstar Chinese.lnk
[2010/04/08 15:23:48 | 000,000,376 | ---- | M] () -- C:\windows\ODBC.INI
[2010/04/08 02:31:30 | 000,039,252 | ---- | M] () -- C:\windows\System32\license.rtf
[2010/04/07 16:02:00 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/04/07 15:56:23 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/04/07 15:40:45 | 000,524,288 | -HS- | M] () -- C:\Users\Ryan_yu\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/04/07 15:40:45 | 000,524,288 | -HS- | M] () -- C:\Users\Ryan_yu\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/04/07 15:40:45 | 000,065,536 | -HS- | M] () -- C:\Users\Ryan_yu\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/04/07 15:40:22 | 000,001,413 | ---- | M] () -- C:\Users\Ryan_yu\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/04/07 10:40:50 | 000,000,020 | ---- | M] () -- C:\windows\╚§ľ
[2010/04/07 10:33:44 | 000,000,020 | -HS- | M] () -- C:\Users\Ryan_yu\ntuser.ini

========== Files Created - No Company Name ==========

[2010/07/05 16:20:42 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2010/07/05 16:20:42 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2010/07/05 16:20:42 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2010/07/05 16:20:42 | 000,077,312 | ---- | C] () -- C:\windows\MBR.exe
[2010/07/05 16:20:42 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010/07/05 16:15:48 | 003,726,382 | R--- | C] () -- C:\Users\Ryan_yu\Desktop\ComboFix.exe
[2010/07/05 15:03:11 | 000,293,376 | ---- | C] () -- C:\Users\Ryan_yu\Desktop\9cop8cw2.exe
[2010/07/05 14:51:46 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/05 14:43:28 | 000,000,000 | ---- | C] () -- C:\Users\Ryan_yu\defogger_reenable
[2010/07/05 14:39:22 | 000,050,477 | ---- | C] () -- C:\Users\Ryan_yu\Desktop\Defogger.exe
[2010/06/29 16:44:49 | 000,078,491 | ---- | C] () -- C:\Users\Ryan_yu\6-29-10 HS PGel 1.JPG
[2010/06/27 01:07:29 | 000,026,112 | ---- | C] () -- C:\Users\Ryan_yu\nainai.doc
[2010/06/25 23:44:26 | 000,001,490 | ---- | C] () -- C:\Users\Ryan_yu\Desktop\th105 - Shortcut.lnk
[2010/06/24 13:52:19 | 001,132,202 | ---- | C] () -- C:\Users\Ryan_yu\fulltext1.pdf
[2010/06/22 12:04:20 | 001,989,007 | ---- | C] () -- C:\Users\Ryan_yu\Yildiz.Ahmet_kinesin cell.pdf
[2010/06/21 20:05:25 | 000,001,915 | ---- | C] () -- C:\Users\Ryan_yu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/21 11:49:54 | 005,794,738 | ---- | C] () -- C:\Users\Ryan_yu\Articles 2.rar
[2010/06/20 20:41:17 | 000,001,391 | ---- | C] () -- C:\Users\Ryan_yu\Desktop\th123 - Shortcut.lnk
[2010/06/20 16:57:21 | 000,027,265 | ---- | C] () -- C:\Users\Ryan_yu\supu.jpg
[2010/06/20 00:51:07 | 000,018,418 | ---- | C] () -- C:\Users\Ryan_yu\supu07.jpg
[2010/06/20 00:45:13 | 000,035,558 | ---- | C] () -- C:\Users\Ryan_yu\img_976182_20390863_1.gif
[2010/06/19 14:59:48 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/16 18:58:02 | 000,445,117 | ---- | C] () -- C:\Users\Ryan_yu\1276739189664.jpg
[2010/06/16 16:35:10 | 000,032,768 | ---- | C] () -- C:\Users\Ryan_yu\2ch.doc
[2010/06/15 12:48:11 | 009,240,236 | ---- | C] () -- C:\Users\Ryan_yu\Articles.rar
[2010/06/14 23:05:59 | 000,027,136 | ---- | C] () -- C:\Users\Ryan_yu\articles.doc
[2010/06/13 22:50:57 | 000,039,424 | ---- | C] () -- C:\Users\Ryan_yu\Animes.doc
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pcwords2.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pcwords.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_webproxy.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_video.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_tabloids.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_socialnetworks.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_sign.slf
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_searchengines.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_regionaltlds.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_pornography.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlineshop.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlinepay.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlinedating.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_news.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_im.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_illegal.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_hate.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_games.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_gambling.dat
[2010/06/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_drugs.dat
[2010/06/11 02:03:27 | 000,000,385 | ---- | C] () -- C:\windows\System32\user_gensett.xml
[2010/06/11 00:28:07 | 000,013,599 | ---- | C] () -- C:\Users\Ryan_yu\BitDefender.docx
[2010/06/10 23:22:13 | 000,000,052 | ---- | C] () -- C:\windows\System32\ashttpstats.csv
[2010/06/10 22:20:34 | 000,000,016 | ---- | C] () -- C:\windows\System32\asdict.dat
[2010/06/10 22:20:34 | 000,000,004 | ---- | C] () -- C:\windows\System32\aspdict-en.dat
[2010/05/19 17:28:19 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2010/05/19 17:28:18 | 000,073,220 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
[2010/05/19 17:28:18 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat
[2010/05/19 17:28:18 | 000,029,114 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat
[2010/05/19 17:28:18 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat
[2010/05/19 17:28:18 | 000,021,021 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat
[2010/05/19 17:28:18 | 000,015,670 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat
[2010/05/19 17:28:18 | 000,013,280 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat
[2010/05/19 17:28:18 | 000,012,669 | ---- | C] () -- C:\windows\System32\EPPICLocal_EN.cfg
[2010/05/19 17:28:18 | 000,010,673 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat
[2010/05/19 17:28:18 | 000,006,478 | ---- | C] () -- C:\windows\System32\EPPICLocal_PT.cfg
[2010/05/19 17:28:18 | 000,006,478 | ---- | C] () -- C:\windows\System32\EPPICLocal_BP.cfg
[2010/05/19 17:28:18 | 000,006,366 | ---- | C] () -- C:\windows\System32\EPPICLocal_FR.cfg
[2010/05/19 17:28:18 | 000,006,366 | ---- | C] () -- C:\windows\System32\EPPICLocal_CF.cfg
[2010/05/19 17:28:18 | 000,006,226 | ---- | C] () -- C:\windows\System32\EPPICLocal_ES.cfg
[2010/05/19 17:28:18 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat
[2010/05/19 17:28:18 | 000,001,140 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat
[2010/05/19 17:28:18 | 000,001,140 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat
[2010/05/19 17:28:18 | 000,001,137 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat
[2010/05/19 17:28:18 | 000,001,130 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat
[2010/05/19 17:28:18 | 000,001,130 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat
[2010/05/19 17:28:18 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat
[2010/05/19 17:27:37 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/05/19 17:27:00 | 000,000,044 | ---- | C] () -- C:\windows\EPNX410.ini
[2010/05/15 12:02:30 | 000,226,382 | ---- | C] () -- C:\Users\Ryan_yu\graduation 2010.docx
[2010/05/13 22:19:48 | 000,051,737 | -HS- | C] () -- C:\Users\Ryan_yu\Desktop\Folder.jpg
[2010/05/13 22:19:47 | 000,009,604 | -HS- | C] () -- C:\Users\Ryan_yu\Desktop\AlbumArtSmall.jpg
[2010/05/13 22:19:04 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/05/13 11:15:42 | 000,154,112 | -HS- | C] () -- C:\Users\Ryan_yu\Thumbs.db
[2010/05/11 05:08:29 | 000,000,205 | ---- | C] () -- C:\Users\Ryan_yu\Application Data\Microsoft\Internet Explorer\Quick Launch\1000 Free Songs!.url
[2010/05/11 05:08:28 | 000,000,209 | ---- | C] () -- C:\Users\Ryan_yu\Application Data\Microsoft\Internet Explorer\Quick Launch\FREE GAMES!.url
[2010/05/10 15:21:45 | 000,024,576 | ---- | C] () -- C:\Users\Ryan_yu\Sample Chinese Exam.doc
[2010/04/30 23:18:27 | 000,001,610 | ---- | C] () -- C:\Users\Ryan_yu\Painter 11 - Shortcut.lnk
[2010/04/30 03:30:25 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/04/29 17:11:46 | 000,000,889 | ---- | C] () -- C:\Users\Ryan_yu\Desktop\Downloads - Shortcut.lnk
[2010/04/22 00:18:46 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/04/22 00:18:46 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/04/19 19:32:25 | 000,002,292 | ---- | C] () -- C:\Users\Ryan_yu\AppData\Roaming\ASSDraw3.cfg
[2010/04/17 17:33:45 | 000,001,265 | ---- | C] () -- C:\Users\Ryan_yu\VisualBoyAdvance - Shortcut.lnk
[2010/04/17 17:33:37 | 000,001,173 | ---- | C] () -- C:\Users\Ryan_yu\snes9x - Shortcut.lnk
[2010/04/17 17:27:34 | 000,001,100 | ---- | C] () -- C:\Users\Ryan_yu\Project64.lnk
[2010/04/17 17:24:53 | 000,001,203 | ---- | C] () -- C:\Users\Ryan_yu\Desktop\DVDVideoSoft Free Studio.lnk
[2010/04/17 17:20:14 | 000,001,265 | ---- | C] () -- C:\Users\Ryan_yu\Desktop\Copy of i_view32 - Shortcut.lnk
[2010/04/17 17:13:41 | 000,001,285 | ---- | C] () -- C:\Users\Ryan_yu\Desktop\Njstar Chinese.lnk
[2010/04/17 16:58:36 | 000,019,456 | ---- | C] () -- C:\Users\Ryan_yu\Product Key MS2007.doc
[2010/04/17 16:58:36 | 000,000,000 | ---- | C] () -- C:\Users\Ryan_yu\.metadata_never_index
[2010/04/17 16:54:51 | 000,581,063 | ---- | C] () -- C:\Users\Ryan_yu\1268680735304.jpg
[2010/04/08 15:23:47 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2010/04/08 02:22:38 | 2301,124,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/07 16:02:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/07 15:56:23 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/04/07 15:40:22 | 000,001,413 | ---- | C] () -- C:\Users\Ryan_yu\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/04/07 10:40:50 | 000,000,020 | ---- | C] () -- C:\windows\╚§ľ
[2010/04/07 10:33:44 | 002,621,440 | -HS- | C] () -- C:\Users\Ryan_yu\NTUSER.DAT
[2010/04/07 10:33:44 | 000,524,288 | -HS- | C] () -- C:\Users\Ryan_yu\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/04/07 10:33:44 | 000,524,288 | -HS- | C] () -- C:\Users\Ryan_yu\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/04/07 10:33:44 | 000,262,144 | -HS- | C] () -- C:\Users\Ryan_yu\ntuser.dat.LOG1
[2010/04/07 10:33:44 | 000,065,536 | -HS- | C] () -- C:\Users\Ryan_yu\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/04/07 10:33:44 | 000,000,290 | ---- | C] () -- C:\Users\Ryan_yu\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/04/07 10:33:44 | 000,000,272 | ---- | C] () -- C:\Users\Ryan_yu\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/04/07 10:33:44 | 000,000,020 | -HS- | C] () -- C:\Users\Ryan_yu\ntuser.ini
[2010/04/07 10:33:44 | 000,000,000 | -HS- | C] () -- C:\Users\Ryan_yu\ntuser.dat.LOG2
[2009/12/22 12:15:43 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2009/12/22 12:15:43 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2009/12/22 11:54:04 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/12/22 11:51:57 | 000,361,808 | ---- | C] () -- C:\windows\EMCRI_E.dll
[2009/12/22 11:50:05 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/05/09 04:59:13 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\Aegisub
[2010/06/10 22:10:53 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\BitDefender
[2010/06/04 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\DNA Baser
[2010/05/13 23:58:08 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/05/19 17:33:33 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\Leader Technologies
[2010/05/19 17:30:41 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\Leadertech
[2010/06/11 03:39:55 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\LimeWire
[2010/04/20 17:21:24 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\NJStar
[2010/05/16 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\ooVoo Details
[2010/05/12 16:33:55 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\UDC Profiles
[2010/07/01 22:05:11 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\uTorrent
[2010/05/11 05:08:26 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\WeatherBug
[2010/04/16 20:08:55 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\webex
[2010/05/11 03:52:50 | 000,000,000 | ---D | M] -- C:\Users\Ryan_yu\AppData\Roaming\Windows Live Writer
[2010/07/03 07:14:22 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/05/10 14:37:05 | 001,061,376 | ---- | M] ()(C:\Users\Ryan_yu\2001-2010????????????(????).doc) -- C:\Users\Ryan_yu\2001-2010年考研英语真题及答案详解(免费下载).doc
[2010/05/10 14:37:04 | 001,061,376 | ---- | C] ()(C:\Users\Ryan_yu\2001-2010????????????(????).doc) -- C:\Users\Ryan_yu\2001-2010年考研英语真题及答案详解(免费下载).doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >


#14 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:20 AM

Posted 05 July 2010 - 11:23 PM

Hi there,

In that case everything looks good. smile.gif

Now that your system appears to be clean, I'll give you some instructions to remove the tools we have used and I'll offer some advice to help prevent future infection.

STEP 1 - Clear Restore Points

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :Commands
    [CLEARALLRESTOREPOINTS]

  • Then click the Run Fix button at the top.
STEP 2 - Uninstall ComboFix
  • Rename the Combo-Fix file on your desktop to Uninstall.
  • Double click on Uninstall to uninstall the program.
STEP 3 - Remove Tools

Run OTL
  • Click Clean Up in the upper right corner.
  • This will remove most if not all the tools we used while we were fixing your computer. Feel free to delete any others it leaves behind.
Now that you have a clean system, I would like to share with you some advice to help reduce the risk of future infection.

+++++++++++++++++++++++++++++++++++++++++++++++

I recommend that you install both of the following free programs if you haven''t already, as they can greatly increase the security of your system. It is not essential that you have these programs installed, but they do a very good job at preventing infection if your system is scanned regularly.+++++++++++++++++++++++++++++++++++++++++++++++

A good firewall is also useful for keeping a system infection free. You should only have ONE firewall installed on your computer - having more than one will not increase the security of your system. Here is a small list of some free firewallsAn antivirus program is also a program that should be installed on all computers. These will help reduce the risk that your computer gets infected by viruses or trojans in the future. Keep in mind that you only need ONE antivirus program installed on your computer. If you have more than one installed, they can often conflict and leave your system unprotected.Having up to date Antivirus and Firewall software is vital to keeping a healthy, infection free system

+++++++++++++++++++++++++++++++++++++++++++++++

To find out more information on how your system got infected, or how to protect yourself on the internet in the future, this article by Tony Klein provides some great information.

Good luck and safe surfing!

-mpascal

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#15 Rigen

Rigen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 05 July 2010 - 11:40 PM

Thank you so much for the help! Not only is my redirecting problem gone, but my computer also seems to start up faster. Thank you also for the very prompt replies. I didn't expect the problem to be solved in a day. I really appreciate your help! Have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users