JiaWen Posted June 11, 2011 ID:439504 Share Posted June 11, 2011 Vista Security is giving me troubles and it has taken over my computer, anyone here can offer me assistance on how to remove them? Link to post Share on other sites More sharing options...
JiaWen Posted June 11, 2011 Author ID:439543 Share Posted June 11, 2011 Vista Security Alerts keep poping up and the Spyware doctor i downloaded couldnt start scan.. can anyone assist me here? Link to post Share on other sites More sharing options...
kahdah Posted June 11, 2011 ID:439563 Share Posted June 11, 2011 Hello JiaWenWelcome to Malwarebytes.=====================Download OTL to your desktop.Double click on OTL to run it.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.Select all drives that are connected to your system to be scanned.Click the Scan button to begin. (Please be patient as it can take some time to complete)When the scan is finished, click Save to save the scan results to your Desktop.Save the file as Results.log and copy/paste the contents in your next reply.Exit the program and re-enable all active protection when done. Link to post Share on other sites More sharing options...
JiaWen Posted June 11, 2011 Author ID:439693 Share Posted June 11, 2011 OTL logfile created on: 12/6/2011 2:09:52 AM - Run 1OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Aaron\DesktopWindows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 7.0.6002.18005)Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy892.45 Mb Total Physical Memory | 152.91 Mb Available Physical Memory | 17.13% Memory free2.00 Gb Paging File | 0.73 Gb Available in Paging File | 36.63% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 139.63 Gb Total Space | 41.90 Gb Free Space | 30.01% Space Free | Partition Type: NTFSDrive D: | 9.42 Gb Total Space | 1.18 Gb Free Space | 12.52% Space Free | Partition Type: NTFSDrive E: | 54.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSComputer Name: KB | User Name: Aaron | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - C:\Users\Aaron\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe (Adobe Systems, Inc.)PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)PRC - C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe ()PRC - C:\Windows\explorer.exe (Microsoft Corporation)PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)PRC - C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe (Logitech Inc.)PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)========== Modules (SafeList) ==========MOD - C:\Users\Aaron\Desktop\OTL.exe (OldTimer Tools)MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)MOD - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)========== Win32 Services (SafeList) ==========SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)SRV - (Qvod Terminal) -- C:\Program Files\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)========== Driver Services (SafeList) ==========DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys ()DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)DRV - (smartNIC) -- C:\Windows\System32\drivers\smartnic.sys (CATC (Computer Access Technology Corp.))========== Standard Registry (All) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=84&bd=Pavilion&pf=cndtIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=84&bd=Pavilion&pf=cndtIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=84&bd=Pavilion&pf=cndtIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ds.koramgame.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF - prefs.js..browser.search.selectedEngine: "Search the Web"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://game.ds.koramgame.com/?sid=s1|http://www.facebook.com/media/set/?set=a.187244370170.245970.788565170#!/"FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13FF - prefs.js..extensions.enabledItems: {916ab64c-bc3e-471b-8e60-29551922a7ba}:1.300.222FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&ei=utf-8&yahoo_domain=search.yahoo.com&p="FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/13 07:41:17 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/02/25 23:51:28 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 02:47:23 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 00:11:51 | 000,000,000 | ---D | M][2009/02/25 18:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions[2009/02/25 18:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2011/06/11 20:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (MouseHunt Toolbar) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\vshare@toolbar[2009/04/27 20:11:54 | 000,001,768 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\searchplugins\search-the-web.xml[2011/04/07 02:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2011/05/01 02:47:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2009/04/23 14:19:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[2009/05/21 19:51:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}[2011/05/01 02:47:21 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll[2011/05/01 02:47:21 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll[2009/05/21 19:51:24 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll[2009/02/06 12:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll[2011/05/01 02:47:23 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll[2009/12/22 12:44:28 | 000,107,864 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npww.dll[2010/10/13 03:18:37 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml[2010/10/13 03:18:37 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml[2010/10/13 03:18:37 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml[2010/10/13 03:18:37 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml[2010/10/13 03:18:37 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml[2010/10/13 03:18:37 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml[2010/10/13 03:18:37 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xmlO1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: ::1 localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)O4 - HKLM..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)O4 - HKLM..\Run: [PCM_MUI] C:\Program Files\CyberLink\PowerCinema\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - HKCU..\Run: [Google Update] C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImationFlashDetect.lnk = C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe ()O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\??.lnk = C:\Program Files\Funshion Online\Funshion\Funshion.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O13 - gopher Prefix: missingO15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.1.58 202.156.1.68 202.156.1.78O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)O24 - Desktop WallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpgO24 - Desktop BackupWallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpgO29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2008/11/07 18:46:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2010/09/18 06:02:45 | 000,000,154 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]O33 - MountPoints2\{2e8239f3-d1c8-11de-ad69-00301a007166}\Shell - "" = AutorunO33 - MountPoints2\{2e8239f3-d1c8-11de-ad69-00301a007166}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe eO33 - MountPoints2\{2e8239f3-d1c8-11de-ad69-00301a007166}\Shell\Open\command - "" = Boot.exe eO33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell - "" = AutorunO33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe eO33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell\Open\command - "" = Boot.exe eO33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell - "" = AutorunO33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe eO33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell\Open\command - "" = Boot.exe eO33 - MountPoints2\{fc2a0878-9911-11de-9021-00301a007166}\Shell - "" = AutoRunO33 - MountPoints2\{fc2a0878-9911-11de-9021-00301a007166}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -aO33 - MountPoints2\{fca6173b-e764-11dd-baa6-806e6f6e6963}\Shell - "" = AutoRunO33 - MountPoints2\{fca6173b-e764-11dd-baa6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2010/09/18 05:57:30 | 022,862,464 | R--- | M] (Cisco Consumer Products LLC)O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2011/06/12 02:07:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe[2011/06/11 16:42:40 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\PCTools[2011/06/11 16:41:14 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\PC ToolFix[2011/06/11 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security[2011/06/11 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools[2011/06/11 16:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP[2011/06/11 16:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools[2011/06/11 05:18:36 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Malwarebytes[2011/06/11 05:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2011/06/11 05:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2011/06/10 20:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems[2011/06/10 19:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems[2010/08/21 17:22:21 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe3C45.dll[6 C:\Users\Aaron\Desktop\*.tmp files -> C:\Users\Aaron\Desktop\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2011/06/12 02:08:13 | 000,302,592 | ---- | M] () -- C:\Users\Aaron\Desktop\mppf510d.exe[2011/06/12 02:08:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe[2011/06/12 01:47:53 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2011/06/12 01:47:53 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2011/06/12 01:39:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000UA.job[2011/06/11 19:47:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2011/06/11 19:47:44 | 936,480,768 | -HS- | M] () -- C:\hiberfil.sys[2011/06/11 18:59:40 | 000,011,148 | -HS- | M] () -- C:\Users\Aaron\AppData\Local\417ya3snt1[2011/06/11 18:59:40 | 000,011,148 | -HS- | M] () -- C:\ProgramData\417ya3snt1[2011/06/11 16:39:32 | 002,936,953 | ---- | M] () -- C:\Users\Aaron\Desktop\pcttFixTool.zip[2011/06/11 05:08:10 | 000,000,128 | ---- | M] () -- C:\ProgramData\~33021688r[2011/06/11 05:08:10 | 000,000,112 | ---- | M] () -- C:\ProgramData\~33021688[2011/06/11 05:00:39 | 000,000,392 | ---- | M] () -- C:\ProgramData\33021688[2011/06/10 22:21:56 | 000,001,878 | ---- | M] () -- C:\Users\Aaron\funshion.ini[2011/06/10 04:49:37 | 000,002,044 | ---- | M] () -- C:\Users\Aaron\Desktop\Google Chrome.lnk[2011/06/10 04:49:37 | 000,002,006 | ---- | M] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[2011/06/10 04:04:09 | 000,000,392 | ---- | M] () -- C:\ProgramData\34332408[2011/06/10 04:01:43 | 000,000,112 | ---- | M] () -- C:\ProgramData\~34332408[2011/06/10 03:53:57 | 000,000,136 | ---- | M] () -- C:\ProgramData\~34332408r[2011/06/05 08:39:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000Core.job[2011/06/04 00:25:32 | 000,007,052 | ---- | M] () -- C:\Users\Aaron\AppData\Local\d3d9caps.dat[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe[2011/05/24 02:12:05 | 000,119,808 | ---- | M] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[6 C:\Users\Aaron\Desktop\*.tmp files -> C:\Users\Aaron\Desktop\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files Created - No Company Name ==========[2011/06/12 02:08:09 | 000,302,592 | ---- | C] () -- C:\Users\Aaron\Desktop\mppf510d.exe[2011/06/11 16:40:24 | 000,527,360 | ---- | C] () -- C:\Users\Aaron\Desktop\refdbe.dat[2011/06/11 16:40:24 | 000,035,384 | ---- | C] () -- C:\Users\Aaron\Desktop\tedbe.dat[2011/06/11 16:40:24 | 000,000,464 | ---- | C] () -- C:\Users\Aaron\Desktop\tedbwe.dat[2011/06/11 16:38:36 | 002,936,953 | ---- | C] () -- C:\Users\Aaron\Desktop\pcttFixTool.zip[2011/06/11 15:59:07 | 000,011,148 | -HS- | C] () -- C:\Users\Aaron\AppData\Local\417ya3snt1[2011/06/11 15:59:07 | 000,011,148 | -HS- | C] () -- C:\ProgramData\417ya3snt1[2011/06/11 07:03:56 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url[2011/06/11 04:58:19 | 000,000,128 | ---- | C] () -- C:\ProgramData\~33021688r[2011/06/11 04:58:18 | 000,000,112 | ---- | C] () -- C:\ProgramData\~33021688[2011/06/11 04:57:57 | 000,000,392 | ---- | C] () -- C:\ProgramData\33021688[2011/06/10 20:16:22 | 000,001,918 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk[2011/06/10 03:53:57 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34332408r[2011/06/10 03:53:51 | 000,000,112 | ---- | C] () -- C:\ProgramData\~34332408[2011/06/10 03:46:29 | 000,000,392 | ---- | C] () -- C:\ProgramData\34332408[2011/02/05 13:48:21 | 000,000,132 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\Adobe BMP Format CS5 Prefs[2010/08/25 18:28:06 | 000,001,054 | ---- | C] () -- C:\Windows\System32\funshion.ini[2010/05/15 15:07:47 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat[2009/10/20 18:34:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll[2009/10/20 18:34:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin[2009/07/29 14:15:25 | 000,000,008 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\NMM-MetaData.db[2009/07/13 20:13:24 | 000,011,355 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\SmarThruOptions.xml[2009/07/13 20:13:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe[2009/07/13 20:12:45 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll[2009/07/13 20:12:28 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini[2009/07/13 20:12:25 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll[2009/07/13 20:10:05 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe[2009/07/13 20:09:48 | 000,110,592 | ---- | C] () -- C:\Windows\Wiainst.exe[2009/07/13 20:09:01 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll[2009/07/13 20:09:01 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll[2009/07/13 20:09:01 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll[2009/07/13 20:09:00 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll[2009/07/13 20:07:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sse1ml3.dll[2009/06/07 17:20:10 | 000,002,562 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\wklnhst.dat[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini[2009/04/15 16:01:11 | 000,119,808 | ---- | C] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/03/12 14:32:10 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini[2009/02/26 13:26:59 | 000,007,052 | ---- | C] () -- C:\Users\Aaron\AppData\Local\d3d9caps.dat[2009/02/25 19:00:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin[2008/11/07 18:47:48 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat[2008/11/07 18:25:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll[2008/11/07 18:25:45 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll[2007/05/11 17:30:16 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys[2007/05/11 17:27:58 | 002,107,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys[2007/03/29 22:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll[2006/11/02 20:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat[2006/11/02 20:44:53 | 003,701,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT[2006/11/02 18:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat[2006/11/02 18:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat========== LOP Check ==========[2010/02/22 19:19:35 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\AnvSoft[2010/01/16 16:23:48 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\DAEMON Tools Lite[2011/06/12 11:42:50 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\GetRightToGo[2009/08/10 16:59:48 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\GrabPro[2010/01/24 02:37:28 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\LimeWire[2009/07/29 14:15:25 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Nokia[2009/04/23 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\OpenOffice.org[2011/03/30 02:02:22 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Orbit[2009/02/25 23:57:41 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\PC Suite[2011/06/11 16:42:40 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\PCTools[2011/06/12 11:42:52 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\PPStream[2009/07/13 20:13:26 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\SmarThru4[2011/05/30 22:10:59 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Sports Interactive[2010/06/12 22:19:24 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\StreamTorrent[2010/03/25 00:47:45 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Template[2009/06/04 03:44:59 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\The Creative Assembly[2011/06/12 11:42:52 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\uTorrent[2010/09/02 14:47:13 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Xilisoft Corporation[2011/06/10 04:33:08 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 64 bytes -> C:\Users\Aaron\Desktop\Beyond - Hai Guo Tian Kong @ Lunar.AVI:TOC.WMV@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84< End of report > Link to post Share on other sites More sharing options...
JiaWen Posted June 11, 2011 Author ID:439694 Share Posted June 11, 2011 OTL Extras logfile created on: 12/6/2011 2:09:53 AM - Run 1OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Aaron\DesktopWindows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 7.0.6002.18005)Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy892.45 Mb Total Physical Memory | 152.91 Mb Available Physical Memory | 17.13% Memory free2.00 Gb Paging File | 0.73 Gb Available in Paging File | 36.63% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 139.63 Gb Total Space | 41.90 Gb Free Space | 30.01% Space Free | Partition Type: NTFSDrive D: | 9.42 Gb Total Space | 1.18 Gb Free Space | 12.52% Space Free | Partition Type: NTFSDrive E: | 54.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSComputer Name: KB | User Name: Aaron | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation).hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation).url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %lpiffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"UacDisableNotify" = 0"InternetSettingsDisableNotify" = 0"AutoUpdateDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0"VistaSp1" = Reg Error: Unknown registry data type -- File not found"VistaSp2" = Reg Error: Unknown registry data type -- File not found[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS Link to post Share on other sites More sharing options...
JiaWen Posted June 11, 2011 Author ID:439712 Share Posted June 11, 2011 GMER 1.0.15.15640 - http://www.gmer.netRootkit scan 2011-06-12 03:27:10Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST3160815AS rev.3.CHJRunning: mppf510d.exe; Driver: C:\Users\Aaron\AppData\Local\Temp\pgldqpow.sys---- System - GMER 1.0.15 ----INT 0x51 ? 841F0BF8INT 0x51 ? 841F0BF8INT 0x51 ? 841F0BF8INT 0x52 ? 85E47F00INT 0x72 ? 85E47F00INT 0x82 ? 841F0BF8INT 0x92 ? 841F0BF8---- Kernel code sections - GMER 1.0.15 ----? System32\Drivers\spgy.sys The system cannot find the path specified. !.text USBPORT.SYS!DllUnload 86F7341B 5 Bytes JMP 85E474E0 .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8AA0B340, 0x3DA8C7, 0xE8000020].text aor9p4l1.SYS 8A900000 22 Bytes [82, C3, A1, 82, 6C, C2, A1, ...].text aor9p4l1.SYS 8A900017 137 Bytes [00, 32, 47, 78, 80, 3D, 45, ...].text aor9p4l1.SYS 8A9000A1 43 Bytes [10, AF, 82, 74, 06, A9, 82, ...].text aor9p4l1.SYS 8A9000CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}.text aor9p4l1.SYS 8A9000DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...].text ... ---- Kernel IAT/EAT - GMER 1.0.15 ----IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806886D6] \SystemRoot\System32\Drivers\spgy.sysIAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80688042] \SystemRoot\System32\Drivers\spgy.sysIAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80688800] \SystemRoot\System32\Drivers\spgy.sysIAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806880C0] \SystemRoot\System32\Drivers\spgy.sysIAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068813E] \SystemRoot\System32\Drivers\spgy.sysIAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80697B90] \SystemRoot\System32\Drivers\spgy.sysIAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortNotification] CC358B04IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortWritePortUchar] 838A926FIAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8A9240IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortStallExecution] 54771129IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5EIAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BECIAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918BIAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortMoveMemory] [8B108910] \SystemRoot\system32\DRIVERS\nvlddmkm.sys (NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.21 /NVIDIA Corporation)IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558BIAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortInitialize] B18D0502IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D---- User IAT/EAT - GMER 1.0.15 ----IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74527817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7457A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7452BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7451F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7451E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74558395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7452DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7451FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7451FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [745ACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7454C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7451D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74516853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7451687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74522AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00832F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00832D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00832CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00832CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01682F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01682D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01682CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01682CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\system32\Dwm.exe[1540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00412F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\system32\Dwm.exe[1540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00412D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\system32\Dwm.exe[1540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00412CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\system32\Dwm.exe[1540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00412CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\CyberLink\PowerCinema\PCMService.exe[2004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01642F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\CyberLink\PowerCinema\PCMService.exe[2004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01642D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\CyberLink\PowerCinema\PCMService.exe[2004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01642CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\CyberLink\PowerCinema\PCMService.exe[2004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01642CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01452F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01452D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01452CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01452CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe[2480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00902F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe[2480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00902D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe[2480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00902CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe[2480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00902CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00262F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00262D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00262CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00262CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\System32\rundll32.exe[3132] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\System32\rundll32.exe[3132] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\System32\rundll32.exe[3132] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\System32\rundll32.exe[3132] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\hp\support\hpsysdrv.exe[3148] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00292F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\hp\support\hpsysdrv.exe[3148] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00292D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\hp\support\hpsysdrv.exe[3148] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00292CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\hp\support\hpsysdrv.exe[3148] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00292CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Windows Defender\MSASCui.exe[3152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01532F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Windows Defender\MSASCui.exe[3152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01532D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Windows Defender\MSASCui.exe[3152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01532CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Windows Defender\MSASCui.exe[3152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01532CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\mppf510d.exe[3324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00952F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\mppf510d.exe[3324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00952D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\mppf510d.exe[3324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00952CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\mppf510d.exe[3324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00952CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3416] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3416] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [008F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3416] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3416] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3848] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3848] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3848] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3848] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\system32\taskeng.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00682F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\system32\taskeng.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00682D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\system32\taskeng.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00682CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\system32\taskeng.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00682CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Java\jre6\bin\jusched.exe[3936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Java\jre6\bin\jusched.exe[3936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Java\jre6\bin\jusched.exe[3936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Java\jre6\bin\jusched.exe[3936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00972F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00972D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00972CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00972CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\hp\kbd\kbd.exe[4252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\hp\kbd\kbd.exe[4252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\hp\kbd\kbd.exe[4252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\hp\kbd\kbd.exe[4252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\system32\wuauclt.exe[5612] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00872F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\system32\wuauclt.exe[5612] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00872D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\system32\wuauclt.exe[5612] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00872CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Windows\system32\wuauclt.exe[5612] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00872CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)---- Devices - GMER 1.0.15 ----Device \FileSystem\Ntfs \Ntfs 84F091F8Device \Driver\volmgr \Device\VolMgrControl 84F061F8Device \Driver\usbohci \Device\USBPDO-0 85E321F8Device \Driver\PCI_PNP5056 \Device\00000044 spgy.sysDevice \Driver\usbehci \Device\USBPDO-1 85E341F8Device \Driver\USBSTOR \Device\00000057 85F0B1F8Device \Driver\volmgr \Device\HarddiskVolume1 84F061F8Device \Driver\USBSTOR \Device\00000058 85F0B1F8Device \Driver\volmgr \Device\HarddiskVolume2 84F061F8Device \Driver\USBSTOR \Device\00000059 85F0B1F8Device \Driver\cdrom \Device\CdRom0 85E491F8Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 84F081F8Device \Driver\atapi \Device\Ide\IdePort0 84F081F8Device \Driver\atapi \Device\Ide\IdePort1 84F081F8Device \Driver\atapi \Device\Ide\IdePort2 84F081F8Device \Driver\atapi \Device\Ide\IdePort3 84F081F8Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-5 84F081F8Device \Driver\volmgr \Device\HarddiskVolume3 84F061F8Device \Driver\cdrom \Device\CdRom1 85E491F8Device \Driver\volmgr \Device\HarddiskVolume4 84F061F8Device \Driver\volmgr \Device\HarddiskVolume5 84F061F8Device \Driver\volmgr \Device\HarddiskVolume6 84F061F8Device \Driver\netbt \Device\NetBt_Wins_Export 8B5F2500Device \Driver\Smb \Device\NetbiosSmb 8B5F51F8Device \Driver\USBSTOR \Device\0000005a 85F0B1F8Device \Driver\USBSTOR \Device\0000005b 85F0B1F8Device \Driver\iScsiPrt \Device\RaidPort0 85F481F8Device \Driver\usbohci \Device\USBFDO-0 85E321F8Device \Driver\sptd \Device\1488007063 spgy.sysDevice \Driver\usbehci \Device\USBFDO-1 85E341F8Device \Driver\netbt \Device\NetBT_Tcpip_{EBC8DF4E-F823-4914-B7BC-5091D316D8E2} 8B5F2500Device \Driver\aor9p4l1 \Device\Scsi\aor9p4l11 85F491F8Device \Driver\aor9p4l1 \Device\Scsi\aor9p4l11Port5Path0Target0Lun0 85F491F8Device \FileSystem\cdfs \Cdfs 85F031F8---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCD 0xC7 0x3A 0x25 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x25 0xB0 0x9E ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x76 0xFD 0xD1 0x3F ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA0 0x5A 0x94 0xCA ...Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCD 0xC7 0x3A 0x25 ...Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x25 0xB0 0x9E ...Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x76 0xFD 0xD1 0x3F ...Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA0 0x5A 0x94 0xCA ...Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PPS Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PPS@InstallLocation D:\PPS.tv\PPSGame---- EOF - GMER 1.0.15 ---- Link to post Share on other sites More sharing options...
kahdah Posted June 11, 2011 ID:439730 Share Posted June 11, 2011 Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following:OTLO33 - MountPoints2\{2e8239f3-d1c8-11de-ad69-00301a007166}\Shell\Open\command - "" = Boot.exe [2011/06/11 18:59:40 | 000,011,148 | -HS- | M] () -- C:\Users\Aaron\AppData\Local\417ya3snt1[2011/06/11 18:59:40 | 000,011,148 | -HS- | M] () -- C:\ProgramData\417ya3snt1[2011/06/10 04:04:09 | 000,000,392 | ---- | M] () -- C:\ProgramData\34332408[2011/06/10 04:01:43 | 000,000,112 | ---- | M] () -- C:\ProgramData\~34332408[2011/06/10 03:53:57 | 000,000,136 | ---- | M] () -- C:\ProgramData\~34332408r[2011/06/11 04:58:19 | 000,000,128 | ---- | C] () -- C:\ProgramData\~33021688r[2011/06/11 04:58:18 | 000,000,112 | ---- | C] () -- C:\ProgramData\~33021688[2011/06/11 04:57:57 | 000,000,392 | ---- | C] () -- C:\ProgramData\33021688:Commands[emptytemp]Then click the Run Fix button at the topLet the program run unhindered, reboot when it is doneIt will produce a log for you on reboot, please post that log in your next reply.================================Malwarebytes' Anti-Malware=================================Please download Malwarebytes' Anti-Malware from Here.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.================================Online scan=================================* Go here to run an online scannner from ESET.Note: You will need to use Internet explorer for this scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartCheck next options: Remove found threats and Scan unwanted applications.Click ScanWait for the scan to finishUse notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
JiaWen Posted June 11, 2011 Author ID:439743 Share Posted June 11, 2011 Hi, im on a blue screen now and it gives a warning that application (OTL) cannot be used as my computer is affected... Link to post Share on other sites More sharing options...
kahdah Posted June 11, 2011 ID:439746 Share Posted June 11, 2011 Were you able to apply any fix yet?If not please boot into safe mode to do the steps.You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.Then do the OTL step then reboot into normal mode again and do the other steps. Link to post Share on other sites More sharing options...
JiaWen Posted June 11, 2011 Author ID:439750 Share Posted June 11, 2011 Hi, nope im not on any fix yet, alright doing OTL scan now Link to post Share on other sites More sharing options...
JiaWen Posted June 11, 2011 Author ID:439759 Share Posted June 11, 2011 All processes killed========== OTL ==========Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e8239f3-d1c8-11de-ad69-00301a007166}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e8239f3-d1c8-11de-ad69-00301a007166}\ not found.File Boot.exe not found.C:\Users\Aaron\AppData\Local\417ya3snt1 moved successfully.C:\ProgramData\417ya3snt1 moved successfully.C:\ProgramData\34332408 moved successfully.C:\ProgramData\~34332408 moved successfully.C:\ProgramData\~34332408r moved successfully.C:\ProgramData\~33021688r moved successfully.C:\ProgramData\~33021688 moved successfully.C:\ProgramData\33021688 moved successfully.========== COMMANDS ==========[EMPTYTEMP]User: Aaron->Temp folder emptied: 3077564588 bytes->Temporary Internet Files folder emptied: 76995941 bytes->Java cache emptied: 50788676 bytes->FireFox cache emptied: 50851065 bytes->Google Chrome cache emptied: 16404498 bytes->Apple Safari cache emptied: 26380288 bytes->Flash cache emptied: 2826471 bytesUser: All UsersUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes->Flash cache emptied: 41620 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: Public%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 5178170495 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 8,087.00 mbOTL by OldTimer - Version 3.2.24.0 log created on 06122011_051845Files\Folders moved on Reboot...Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
JiaWen Posted June 11, 2011 Author ID:439760 Share Posted June 11, 2011 Malwarebytes' Anti-Malware 1.51.0.1200www.malwarebytes.orgDatabase version: 6705Windows 6.0.6002 Service Pack 2 (Safe Mode)Internet Explorer 7.0.6002.1800512/6/2011 5:58:53 AMmbam-log-2011-06-12 (05-58-53).txtScan type: Quick scanObjects scanned: 152645Time elapsed: 3 minute(s), 2 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 7Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 5Files Infected: 37Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\fsp (Adware.Funshion) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Funshion Task (Adware.Funshion) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:c:\program files\funshion online (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\skin (Adware.Funshion) -> Quarantined and deleted successfully.c:\Users\Aaron\funshion (Adware.Funshion) -> Quarantined and deleted successfully.c:\Users\Aaron\funshion\ini (Adware.Funshion) -> Quarantined and deleted successfully.Files Infected:c:\Windows\System32\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\cook.dll (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\CoreAAC.ax (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\coreavc.ax (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\crashreport.exe (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\dbghelp.dll (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\drvc.dll (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\Dump.dll (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\Encrypt.dll (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\fpsrv.dll (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\fptassrv.dll (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\funshion-install.ico (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\Funshion.exe (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\funshiongame2.ico (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\funshionplugin2.dll (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\funshionservice.exe (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\funshionupgrade.exe (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\Funshop2.ico (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\getmacaddress.dll (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\langresenamerican.dll (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\pncrt.dll (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\pndx5032.dll (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\quality.dll (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\rmoc3260.dll (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\routersetting.dll (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\uninstall.exe (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\upnp.dll (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\skin\taskdown.ico (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\skin\taskpause.ico (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\skin\taskplaying.ico (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\skin\taskstop.ico (Adware.Funshion) -> Quarantined and deleted successfully.c:\program files\funshion online\Funshion\skin\taskupload.ico (Adware.Funshion) -> Quarantined and deleted successfully.c:\Users\Aaron\funshion\install.ini (Adware.Funshion) -> Quarantined and deleted successfully.c:\Users\Aaron\funshion\KB_info.ini (Adware.Funshion) -> Quarantined and deleted successfully.c:\Users\Aaron\funshion\ini\httpfile.ini (Adware.Funshion) -> Quarantined and deleted successfully.c:\Users\Aaron\funshion\ini\temp_config.ini (Adware.Funshion) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
JiaWen Posted June 12, 2011 Author ID:440022 Share Posted June 12, 2011 Also meanwhile im getting ''Hard Drive Failure'' : The system has detected a problem with one or more installed IDE / SATA hard disks & recommends me to restart my com. Link to post Share on other sites More sharing options...
kahdah Posted June 12, 2011 ID:440027 Share Posted June 12, 2011 Did you do the eset scan?I need to see the log instructions are in my previous post.For now though just open OTL and click the run scan button.Post the new OTL.txt that opens. Link to post Share on other sites More sharing options...
JiaWen Posted June 12, 2011 Author ID:440028 Share Posted June 12, 2011 once i restart my computer the virus seems to take over my desktop only leaving one icon, which is the windows vista restore icon Link to post Share on other sites More sharing options...
JiaWen Posted June 12, 2011 Author ID:440041 Share Posted June 12, 2011 OTL logfile created on: 13/6/2011 12:51:44 AM - Run 2OTL by OldTimer - Version 3.2.24.0 Folder = J:\Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 7.0.6002.18005)Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy892.45 Mb Total Physical Memory | 306.04 Mb Available Physical Memory | 34.29% Memory free2.00 Gb Paging File | 1.16 Gb Available in Paging File | 58.17% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 139.63 Gb Total Space | 49.09 Gb Free Space | 35.16% Space Free | Partition Type: NTFSDrive D: | 9.42 Gb Total Space | 1.18 Gb Free Space | 12.52% Space Free | Partition Type: NTFSDrive E: | 54.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive J: | 3.74 Gb Total Space | 3.69 Gb Free Space | 98.63% Space Free | Partition Type: FAT32Computer Name: KB | User Name: Aaron | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - J:\OTL.exe (OldTimer Tools)PRC - C:\ProgramData\35905272.exe (Microsoft Corporation)PRC - C:\ProgramData\SwPGvtLdJxoV.exe (Microsoft Corporation)PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()PRC - C:\Windows\explorer.exe (Microsoft Corporation)PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)PRC - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)PRC - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()PRC - C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe (Logitech Inc.)PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation)========== Modules (SafeList) ==========MOD - J:\OTL.exe (OldTimer Tools)MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)MOD - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)========== Win32 Services (SafeList) ==========SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)SRV - (Qvod Terminal) -- C:\Program Files\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)========== Driver Services (SafeList) ==========DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys ()DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)DRV - (smartNIC) -- C:\Windows\System32\drivers\smartnic.sys (CATC (Computer Access Technology Corp.))========== Standard Registry (All) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=84&bd=Pavilion&pf=cndtIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=84&bd=Pavilion&pf=cndtIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=84&bd=Pavilion&pf=cndtIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ds.koramgame.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF - prefs.js..browser.search.selectedEngine: "Search the Web"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://game.ds.koramgame.com/?sid=s1|http://www.facebook.com/media/set/?set=a.187244370170.245970.788565170#!/"FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13FF - prefs.js..extensions.enabledItems: {916ab64c-bc3e-471b-8e60-29551922a7ba}:1.300.222FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&ei=utf-8&yahoo_domain=search.yahoo.com&p="FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/13 07:41:17 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/02/25 23:51:28 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 02:47:23 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 00:11:51 | 000,000,000 | ---D | M][2009/02/25 18:38:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions[2009/02/25 18:38:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2011/06/12 06:03:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] (TradeManager-Plugin) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] (MouseHunt Toolbar) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] (vShare Plugin) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\vshare@toolbar[2009/04/27 20:11:54 | 000,001,768 | -H-- | M] () -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\searchplugins\search-the-web.xml[2011/04/07 02:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2011/05/01 02:47:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2009/04/23 14:19:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[2009/05/21 19:51:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}[2011/05/01 02:47:21 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll[2011/05/01 02:47:21 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll[2009/05/21 19:51:24 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll[2009/02/06 12:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll[2011/05/01 02:47:23 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll[2009/12/22 12:44:28 | 000,107,864 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npww.dll[2010/10/13 03:18:37 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml[2010/10/13 03:18:37 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml[2010/10/13 03:18:37 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml[2010/10/13 03:18:37 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml[2010/10/13 03:18:37 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml[2010/10/13 03:18:37 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml[2010/10/13 03:18:37 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xmlO1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: ::1 localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)O4 - HKLM..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)O4 - HKLM..\Run: [PCM_MUI] C:\Program Files\CyberLink\PowerCinema\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - HKCU..\Run: [Google Update] C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)O4 - HKCU..\Run: [swPGvtLdJxoV] C:\ProgramData\SwPGvtLdJxoV.exe (Microsoft Corporation)O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImationFlashDetect.lnk = File not foundO4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\??.lnk = File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O13 - gopher Prefix: missingO15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.1.58 202.156.1.68 202.156.1.78O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)O24 - Desktop WallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpgO24 - Desktop BackupWallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpgO29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2008/11/07 18:46:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2010/09/18 06:02:45 | 000,000,154 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]O33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell - "" = AutorunO33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe eO33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell\Open\command - "" = Boot.exe eO33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell - "" = AutorunO33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe eO33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell\Open\command - "" = Boot.exe eO33 - MountPoints2\{fc2a0878-9911-11de-9021-00301a007166}\Shell - "" = AutoRunO33 - MountPoints2\{fc2a0878-9911-11de-9021-00301a007166}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -aO33 - MountPoints2\{fca6173b-e764-11dd-baa6-806e6f6e6963}\Shell - "" = AutoRunO33 - MountPoints2\{fca6173b-e764-11dd-baa6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2010/09/18 05:57:30 | 022,862,464 | R--- | M] (Cisco Consumer Products LLC)O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2011/06/13 00:23:45 | 000,000,000 | -H-D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Restore[2011/06/13 00:23:17 | 000,386,048 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\35905272.exe[2011/06/13 00:14:03 | 000,492,544 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\SwPGvtLdJxoV.exe[2011/06/12 05:54:47 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys[2011/06/12 05:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2011/06/12 05:54:42 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2011/06/12 05:51:27 | 009,435,312 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Aaron\Desktop\mbam-setup-1.51.0.1200.exe[2011/06/12 05:18:45 | 000,000,000 | ---D | C] -- C:\_OTL[2011/06/12 04:04:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\lB08200NoDkD08200[2011/06/12 02:07:36 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe[2011/06/11 16:42:40 | 000,000,000 | -H-D | C] -- C:\Users\Aaron\AppData\Roaming\PCTools[2011/06/11 16:41:14 | 000,000,000 | -H-D | C] -- C:\Users\Aaron\Desktop\PC ToolFix[2011/06/11 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security[2011/06/11 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools[2011/06/11 16:35:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\TEMP[2011/06/11 16:34:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\PC Tools[2011/06/11 05:18:36 | 000,000,000 | -H-D | C] -- C:\Users\Aaron\AppData\Roaming\Malwarebytes[2011/06/11 05:18:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes[2011/06/11 05:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2011/06/10 20:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems[2011/06/10 19:29:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Cisco Systems[2010/08/21 17:22:21 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe3C45.dll[6 C:\Users\Aaron\Desktop\*.tmp files -> C:\Users\Aaron\Desktop\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2011/06/13 00:53:21 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2011/06/13 00:53:21 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2011/06/13 00:49:45 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~35905272r[2011/06/13 00:49:45 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~35905272[2011/06/13 00:48:08 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2011/06/13 00:48:08 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2011/06/13 00:48:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2011/06/13 00:48:00 | 936,517,632 | -HS- | M] () -- C:\hiberfil.sys[2011/06/13 00:23:46 | 000,000,595 | -H-- | M] () -- C:\Users\Aaron\Desktop\Windows Vista Restore.lnk[2011/06/13 00:23:32 | 000,000,336 | -H-- | M] () -- C:\ProgramData\35905272[2011/06/13 00:23:19 | 000,386,048 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\35905272.exe[2011/06/13 00:14:01 | 000,492,544 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\SwPGvtLdJxoV.exe[2011/06/12 23:39:00 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000UA.job[2011/06/12 08:39:00 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000Core.job[2011/06/12 05:49:40 | 009,435,312 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\Aaron\Desktop\mbam-setup-1.51.0.1200.exe[2011/06/12 05:46:37 | 000,002,587 | -H-- | M] () -- C:\Users\Aaron\Desktop\Microsoft Office Word 2007.lnk[2011/06/12 03:27:10 | 000,000,452 | -H-- | M] () -- C:\Users\Aaron\Desktop\Results.lnk[2011/06/12 02:08:13 | 000,302,592 | ---- | M] () -- C:\mppf510d.exe[2011/06/12 02:08:09 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe[2011/06/11 16:39:32 | 002,936,953 | -H-- | M] () -- C:\Users\Aaron\Desktop\pcttFixTool.zip[2011/06/10 22:21:56 | 000,001,878 | -H-- | M] () -- C:\Users\Aaron\funshion.ini[2011/06/10 04:49:37 | 000,002,044 | -H-- | M] () -- C:\Users\Aaron\Desktop\Google Chrome.lnk[2011/06/04 00:25:32 | 000,007,052 | -H-- | M] () -- C:\Users\Aaron\AppData\Local\d3d9caps.dat[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe[2011/05/24 02:12:05 | 000,119,808 | -H-- | M] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[6 C:\Users\Aaron\Desktop\*.tmp files -> C:\Users\Aaron\Desktop\*.tmp -> ]========== Files Created - No Company Name ==========[2011/06/13 00:48:00 | 936,517,632 | -HS- | C] () -- C:\hiberfil.sys[2011/06/13 00:36:10 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~35905272r[2011/06/13 00:36:10 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~35905272[2011/06/13 00:23:46 | 000,000,595 | -H-- | C] () -- C:\Users\Aaron\Desktop\Windows Vista Restore.lnk[2011/06/13 00:23:32 | 000,000,336 | -H-- | C] () -- C:\ProgramData\35905272[2011/06/12 03:27:10 | 000,000,452 | -H-- | C] () -- C:\Users\Aaron\Desktop\Results.lnk[2011/06/12 02:08:09 | 000,302,592 | ---- | C] () -- C:\mppf510d.exe[2011/06/11 16:40:24 | 000,527,360 | -H-- | C] () -- C:\Users\Aaron\Desktop\refdbe.dat[2011/06/11 16:40:24 | 000,035,384 | -H-- | C] () -- C:\Users\Aaron\Desktop\tedbe.dat[2011/06/11 16:40:24 | 000,000,464 | -H-- | C] () -- C:\Users\Aaron\Desktop\tedbwe.dat[2011/06/11 16:38:36 | 002,936,953 | -H-- | C] () -- C:\Users\Aaron\Desktop\pcttFixTool.zip[2011/06/10 20:16:22 | 000,001,918 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk[2011/02/05 13:48:21 | 000,000,132 | -H-- | C] () -- C:\Users\Aaron\AppData\Roaming\Adobe BMP Format CS5 Prefs[2010/05/15 15:07:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat[2009/10/20 18:34:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll[2009/10/20 18:34:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin[2009/07/29 14:15:25 | 000,000,008 | -H-- | C] () -- C:\Users\Aaron\AppData\Roaming\NMM-MetaData.db[2009/07/13 20:13:24 | 000,011,355 | -H-- | C] () -- C:\Users\Aaron\AppData\Roaming\SmarThruOptions.xml[2009/07/13 20:13:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe[2009/07/13 20:12:45 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll[2009/07/13 20:12:28 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini[2009/07/13 20:12:25 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll[2009/07/13 20:10:05 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe[2009/07/13 20:09:48 | 000,110,592 | ---- | C] () -- C:\Windows\Wiainst.exe[2009/07/13 20:09:01 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll[2009/07/13 20:09:01 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll[2009/07/13 20:09:01 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll[2009/07/13 20:09:00 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll[2009/07/13 20:07:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sse1ml3.dll[2009/06/07 17:20:10 | 000,002,562 | -H-- | C] () -- C:\Users\Aaron\AppData\Roaming\wklnhst.dat[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini[2009/04/15 16:01:11 | 000,119,808 | -H-- | C] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/03/12 14:32:10 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini[2009/02/26 13:26:59 | 000,007,052 | -H-- | C] () -- C:\Users\Aaron\AppData\Local\d3d9caps.dat[2009/02/25 19:00:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin[2008/11/07 18:47:48 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat[2008/11/07 18:25:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll[2008/11/07 18:25:45 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll[2007/05/11 17:30:16 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys[2007/05/11 17:27:58 | 002,107,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys[2007/03/29 22:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll[2006/11/02 20:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat[2006/11/02 20:44:53 | 003,701,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT[2006/11/02 18:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat[2006/11/02 18:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat========== LOP Check ==========[2010/02/22 19:19:35 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\AnvSoft[2010/01/16 16:23:48 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\DAEMON Tools Lite[2011/06/12 11:42:50 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\GetRightToGo[2009/08/10 16:59:48 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\GrabPro[2010/01/24 02:37:28 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\LimeWire[2009/07/29 14:15:25 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\Nokia[2009/04/23 14:22:48 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\OpenOffice.org[2011/03/30 02:02:22 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\Orbit[2009/02/25 23:57:41 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\PC Suite[2011/06/11 16:42:40 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\PCTools[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\PPStream[2009/07/13 20:13:26 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\SmarThru4[2011/05/30 22:10:59 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\Sports Interactive[2010/06/12 22:19:24 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\StreamTorrent[2010/03/25 00:47:45 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\Template[2009/06/04 03:44:59 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\The Creative Assembly[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\uTorrent[2010/09/02 14:47:13 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\Xilisoft Corporation[2011/06/13 00:44:25 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 64 bytes -> C:\Users\Aaron\Desktop\Beyond - Hai Guo Tian Kong @ Lunar.AVI:TOC.WMV@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84< End of report > Link to post Share on other sites More sharing options...
kahdah Posted June 12, 2011 ID:440044 Share Posted June 12, 2011 Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following:OTLPRC - C:\ProgramData\35905272.exe (Microsoft Corporation)PRC - C:\ProgramData\SwPGvtLdJxoV.exe (Microsoft Corporation)O4 - HKCU..\Run: [SwPGvtLdJxoV] C:\ProgramData\SwPGvtLdJxoV.exe (Microsoft Corporation)O33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell\Open\command - "" = Boot.exe O33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell\Open\command - "" = Boot.exe [2011/06/13 00:23:45 | 000,000,000 | -H-D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Restore[2011/06/13 00:23:17 | 000,386,048 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\35905272.exe[2011/06/13 00:14:03 | 000,492,544 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\SwPGvtLdJxoV.exe[2011/06/12 04:04:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\lB08200NoDkD08200[2011/06/13 00:49:45 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~35905272r[2011/06/13 00:49:45 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~35905272[2011/06/13 00:23:46 | 000,000,595 | -H-- | M] () -- C:\Users\Aaron\Desktop\Windows Vista Restore.lnk[2011/06/13 00:23:32 | 000,000,336 | -H-- | C] () -- C:\ProgramData\35905272:Commands[reboot]Then click the Run Fix button at the topLet the program run unhindered, reboot when it is doneIt will produce a log for you on reboot, please post that log in your next reply.=================Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your C:\Drive if you cannot save it there then choose Documents instead.Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Link to post Share on other sites More sharing options...
JiaWen Posted June 12, 2011 Author ID:440066 Share Posted June 12, 2011 hmm the OTL scan didnt give me a log am doing the ComboFix now, is it in chinese words? Link to post Share on other sites More sharing options...
JiaWen Posted June 12, 2011 Author ID:440067 Share Posted June 12, 2011 ComboFix 11-06-11.01 - Aaron 6/2011 Mon 2:28.1.2 - x86????: C:\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( ?????? )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\hpe3C45.dllc:\programdata\lB08200NoDkD08200c:\programdata\lB08200NoDkD08200\lB08200NoDkD08200c:\programdata\lB08200NoDkD08200\lB08200NoDkD08200.exec:\windows\system32\jusched.exe..((((((((((((((((((((((((( 2011-05-12 ? 2011-06-12 ????? )))))))))))))))))))))))))))))))..2011-06-12 18:41 . 2011-06-12 18:41 -------- d-----w- c:\users\Aaron\AppData\Local\temp2011-06-12 18:41 . 2011-06-12 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp2011-06-12 18:21 . 2011-06-12 18:21 -------- d-----w- C:\32788R22FWJFW2011-06-12 17:22 . 2011-06-12 17:22 -------- d-----w- c:\users\Aaron\AppData\Roaming\SUPERAntiSpyware.com2011-06-12 17:22 . 2011-06-12 17:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2011-06-12 17:22 . 2011-06-12 17:26 -------- d-----w- c:\program files\SUPERAntiSpyware2011-06-10 12:15 . 2011-06-10 12:44 -------- d-----w- c:\program files\Cisco Systems2011-06-10 11:29 . 2011-06-10 11:29 -------- d--h--w- c:\programdata\Cisco Systems...(((((((((((((((((((((((((((((((((((((((( ??????????? )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-05-24 11:14 . 2009-10-03 00:16 222080 ------w- c:\windows\system32\MpSigStub.exe..((((((((((((((((((((((((((((((((((((( ????? ))))))))))))))))))))))))))))))))))))))))))))))))))..*??* ??????????????? REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-06-11 90112]"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2008-03-20 151552]"PCM_MUI"="c:\program files\CyberLink\PowerCinema\MUITransfer\MUIStartMenu.exe" [2008-03-20 222504]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368]"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 780312]"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656].c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImationFlashDetect.lnk - c:\users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe [N/A]??.lnk - c:\program files\Funshion Online\Funshion\Funshion.exe [N/A].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkbackup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartupbackupExtension=.CommonStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\???6]c:\program files\? Link to post Share on other sites More sharing options...
kahdah Posted June 12, 2011 ID:440070 Share Posted June 12, 2011 Great now please do the following:ESET OnlineScanClick on the following link to open ESET OnlineScan in a new window.ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Under scan settings, check and check Remove found threats Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technology[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.[*]When the scan completes, push [*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.[*]Push the button.[*]Push Link to post Share on other sites More sharing options...
JiaWen Posted June 12, 2011 Author ID:440116 Share Posted June 12, 2011 C:\Qoobox\Quarantine\C\ProgramData\lB08200NoDkD08200\lB08200NoDkD08200.exe.vir a variant of Win32/Kryptik.OXF trojan cleaned by deleting - quarantined Link to post Share on other sites More sharing options...
kahdah Posted June 13, 2011 ID:440323 Share Posted June 13, 2011 Great open OTL and click the run scan button and posy the new OTL.txt that opens please.Let me know how it is running as well. Link to post Share on other sites More sharing options...
JiaWen Posted June 13, 2011 Author ID:440337 Share Posted June 13, 2011 Hi, the scan was done fast...OTL logfile created on: 13/6/2011 6:58:47 PM - Run 3OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Aaron\DesktopWindows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 7.0.6002.18005)Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy892.45 Mb Total Physical Memory | 396.56 Mb Available Physical Memory | 44.43% Memory free2.00 Gb Paging File | 1.06 Gb Available in Paging File | 53.12% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 139.63 Gb Total Space | 49.67 Gb Free Space | 35.57% Space Free | Partition Type: NTFSDrive D: | 9.42 Gb Total Space | 1.18 Gb Free Space | 12.52% Space Free | Partition Type: NTFSDrive E: | 54.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive J: | 3.74 Gb Total Space | 3.67 Gb Free Space | 98.20% Space Free | Partition Type: FAT32Computer Name: KB | User Name: Aaron | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - C:\Users\Aaron\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)PRC - C:\Windows\explorer.exe (Microsoft Corporation)PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)PRC - C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe (Logitech Inc.)PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)========== Modules (SafeList) ==========MOD - C:\Users\Aaron\Desktop\OTL.exe (OldTimer Tools)MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)MOD - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)========== Win32 Services (SafeList) ==========SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)SRV - (Qvod Terminal) -- C:\Program Files\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)========== Driver Services (SafeList) ==========DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys ()DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)DRV - (smartNIC) -- C:\Windows\System32\drivers\smartnic.sys (CATC (Computer Access Technology Corp.))========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=84&bd=Pavilion&pf=cndtIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ds.koramgame.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF - prefs.js..browser.search.selectedEngine: "Search the Web"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://game.ds.koramgame.com/?sid=s1|http://www.facebook.com/media/set/?set=a.187244370170.245970.788565170#!/"FF - prefs.js..extensions.enabledItems: {916ab64c-bc3e-471b-8e60-29551922a7ba}:1.300.222FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&ei=utf-8&yahoo_domain=search.yahoo.com&p="FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/02/25 23:51:28 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 02:47:23 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 00:11:51 | 000,000,000 | ---D | M][2009/02/25 18:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions[2011/06/13 03:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (MouseHunt Toolbar) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\vshare@toolbar[2009/04/27 20:11:54 | 000,001,768 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\searchplugins\search-the-web.xml[2011/04/07 02:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2009/12/22 12:44:28 | 000,107,864 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npww.dllO1 HOSTS File: ([2011/06/13 02:41:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)O4 - HKLM..\Run: [PCM_MUI] C:\Program Files\CyberLink\PowerCinema\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImationFlashDetect.lnk = File not foundO4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\??.lnk = File not foundO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O24 - Desktop WallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpgO24 - Desktop BackupWallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpgO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2008/11/07 18:46:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2010/09/18 06:02:45 | 000,000,154 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2011/06/13 03:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET[2011/06/13 03:15:45 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Aaron\Desktop\esetsmartinstaller_enu.exe[2011/06/13 02:59:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2011/06/13 02:59:06 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\temp[2011/06/13 02:21:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2011/06/13 02:21:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2011/06/13 02:21:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2011/06/13 02:21:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT[2011/06/13 02:21:46 | 000,000,000 | ---D | C] -- C:\ComboFix[2011/06/13 02:21:42 | 000,000,000 | ---D | C] -- C:\Qoobox[2011/06/13 02:21:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW[2011/06/13 02:19:48 | 004,120,119 | R--- | C] (Swearware) -- C:\ComboFix.exe[2011/06/13 01:22:55 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\SUPERAntiSpyware.com[2011/06/13 01:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com[2011/06/13 01:22:47 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware[2011/06/13 01:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware[2011/06/12 05:54:47 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys[2011/06/12 05:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2011/06/12 05:54:42 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2011/06/12 05:51:27 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Aaron\Desktop\mbam-setup-1.51.0.1200.exe[2011/06/12 05:18:45 | 000,000,000 | ---D | C] -- C:\_OTL[2011/06/12 02:07:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe[2011/06/11 16:42:40 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\PCTools[2011/06/11 16:41:14 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\PC ToolFix[2011/06/11 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security[2011/06/11 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools[2011/06/11 16:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP[2011/06/11 16:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools[2011/06/11 05:18:36 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Malwarebytes[2011/06/11 05:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2011/06/11 05:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2011/06/10 20:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems[2011/06/10 19:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems[6 C:\Users\Aaron\Desktop\*.tmp files -> C:\Users\Aaron\Desktop\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2011/06/13 18:39:12 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000UA.job[2011/06/13 17:09:34 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2011/06/13 17:09:34 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2011/06/13 08:39:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000Core.job[2011/06/13 03:15:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Aaron\Desktop\esetsmartinstaller_enu.exe[2011/06/13 03:09:46 | 000,007,052 | ---- | M] () -- C:\Users\Aaron\AppData\Local\d3d9caps.dat[2011/06/13 03:09:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2011/06/13 03:09:08 | 936,472,576 | -HS- | M] () -- C:\hiberfil.sys[2011/06/13 02:41:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts[2011/06/13 02:19:55 | 004,120,119 | R--- | M] (Swearware) -- C:\ComboFix.exe[2011/06/13 01:22:48 | 000,001,762 | ---- | M] () -- C:\Users\Aaron\Desktop\SUPERAntiSpyware Professional.lnk[2011/06/13 00:53:21 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2011/06/13 00:53:21 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2011/06/12 05:49:40 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Aaron\Desktop\mbam-setup-1.51.0.1200.exe[2011/06/12 05:46:37 | 000,002,587 | ---- | M] () -- C:\Users\Aaron\Desktop\Microsoft Office Word 2007.lnk[2011/06/12 03:27:10 | 000,000,452 | ---- | M] () -- C:\Users\Aaron\Desktop\Results.lnk[2011/06/12 02:08:13 | 000,302,592 | ---- | M] () -- C:\mppf510d.exe[2011/06/12 02:08:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe[2011/06/11 16:39:32 | 002,936,953 | ---- | M] () -- C:\Users\Aaron\Desktop\pcttFixTool.zip[2011/06/10 22:21:56 | 000,001,878 | ---- | M] () -- C:\Users\Aaron\funshion.ini[2011/06/10 04:49:37 | 000,002,044 | ---- | M] () -- C:\Users\Aaron\Desktop\Google Chrome.lnk[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe[2011/05/24 02:12:05 | 000,119,808 | ---- | M] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[6 C:\Users\Aaron\Desktop\*.tmp files -> C:\Users\Aaron\Desktop\*.tmp -> ]========== Files Created - No Company Name ==========[2011/06/13 02:21:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe[2011/06/13 02:21:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2011/06/13 02:21:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2011/06/13 02:21:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2011/06/13 02:21:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2011/06/13 01:55:49 | 936,472,576 | -HS- | C] () -- C:\hiberfil.sys[2011/06/13 01:22:48 | 000,001,762 | ---- | C] () -- C:\Users\Aaron\Desktop\SUPERAntiSpyware Professional.lnk[2011/06/12 03:27:10 | 000,000,452 | ---- | C] () -- C:\Users\Aaron\Desktop\Results.lnk[2011/06/12 02:08:09 | 000,302,592 | ---- | C] () -- C:\mppf510d.exe[2011/06/11 16:40:24 | 000,527,360 | ---- | C] () -- C:\Users\Aaron\Desktop\refdbe.dat[2011/06/11 16:40:24 | 000,035,384 | ---- | C] () -- C:\Users\Aaron\Desktop\tedbe.dat[2011/06/11 16:40:24 | 000,000,464 | ---- | C] () -- C:\Users\Aaron\Desktop\tedbwe.dat[2011/06/11 16:38:36 | 002,936,953 | ---- | C] () -- C:\Users\Aaron\Desktop\pcttFixTool.zip[2011/06/10 20:16:22 | 000,001,918 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk[2011/02/05 13:48:21 | 000,000,132 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\Adobe BMP Format CS5 Prefs[2010/05/15 15:07:47 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat[2009/10/20 18:34:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll[2009/10/20 18:34:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin[2009/07/29 14:15:25 | 000,000,008 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\NMM-MetaData.db[2009/07/13 20:13:24 | 000,011,355 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\SmarThruOptions.xml[2009/07/13 20:13:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe[2009/07/13 20:12:45 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll[2009/07/13 20:12:28 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini[2009/07/13 20:12:25 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll[2009/07/13 20:10:05 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe[2009/07/13 20:09:48 | 000,110,592 | ---- | C] () -- C:\Windows\Wiainst.exe[2009/07/13 20:09:01 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll[2009/07/13 20:09:01 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll[2009/07/13 20:09:01 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll[2009/07/13 20:09:00 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll[2009/07/13 20:07:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sse1ml3.dll[2009/06/07 17:20:10 | 000,002,562 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\wklnhst.dat[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini[2009/04/15 16:01:11 | 000,119,808 | ---- | C] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/03/12 14:32:10 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini[2009/02/26 13:26:59 | 000,007,052 | ---- | C] () -- C:\Users\Aaron\AppData\Local\d3d9caps.dat[2009/02/25 19:00:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin[2008/11/07 18:47:48 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat[2008/11/07 18:25:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll[2008/11/07 18:25:45 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll[2007/05/11 17:30:16 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys[2007/05/11 17:27:58 | 002,107,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys[2007/03/29 22:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll[2006/11/02 20:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat[2006/11/02 20:44:53 | 003,701,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT[2006/11/02 18:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat[2006/11/02 18:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat========== Alternate Data Streams ==========@Alternate Data Stream - 64 bytes -> C:\Users\Aaron\Desktop\Beyond - Hai Guo Tian Kong @ Lunar.AVI:TOC.WMV@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84< End of report > Link to post Share on other sites More sharing options...
kahdah Posted June 13, 2011 ID:440349 Share Posted June 13, 2011 Looks good how are things running? Link to post Share on other sites More sharing options...
JiaWen Posted June 13, 2011 Author ID:440350 Share Posted June 13, 2011 hmm it looks ok other then some of my desktop icons disappeared like mozzila and the shortcut above the ''All programs'' when i click start also disappeared, other then that i think it looks cool! Link to post Share on other sites More sharing options...
Recommended Posts