Help needed

[JiaWen]

Vista Security is giving me troubles and it has taken over my computer, anyone here can offer me assistance on how to remove them?

[JiaWen]

Vista Security Alerts keep poping up and the Spyware doctor i downloaded couldnt start scan.. can anyone assist me here?

[kahdah]

Hello JiaWen

Welcome to Malwarebytes.

=====================

• Download OTL to your desktop.
  
• Double click on OTL to run it.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

====================

Download This file. Note its name and save it to your root folder, such as C:\.

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  
• Click on this link to see a list of programs that should be disabled.
  
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  
• Allow the driver to load if asked.
  
• You may be prompted to scan immediately if it detects rootkit activity.
  
• If you are prompted to scan your system click "Yes" to begin the scan.
  
• If not prompted, click the "Rootkit/Malware" tab.
  
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  
• Select all drives that are connected to your system to be scanned.
  
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
  
• When the scan is finished, click Save to save the scan results to your Desktop.
  
• Save the file as Results.log and copy/paste the contents in your next reply.
  
• Exit the program and re-enable all active protection when done.
  

[JiaWen]

OTL logfile created on: 12/6/2011 2:09:52 AM - Run 1

OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Aaron\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

892.45 Mb Total Physical Memory | 152.91 Mb Available Physical Memory | 17.13% Memory free

2.00 Gb Paging File | 0.73 Gb Available in Paging File | 36.63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139.63 Gb Total Space | 41.90 Gb Free Space | 30.01% Space Free | Partition Type: NTFS

Drive D: | 9.42 Gb Total Space | 1.18 Gb Free Space | 12.52% Space Free | Partition Type: NTFS

Drive E: | 54.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KB | User Name: Aaron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Aaron\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe (Adobe Systems, Inc.)

PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe ()

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()

PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()

PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)

PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

========== Modules (SafeList) ==========

MOD - C:\Users\Aaron\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)

========== Win32 Services (SafeList) ==========

SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (Qvod Terminal) -- C:\Program Files\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()

SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()

SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

========== Driver Services (SafeList) ==========

DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)

DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)

DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()

DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)

DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys ()

DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)

DRV - (smartNIC) -- C:\Windows\System32\drivers\smartnic.sys (CATC (Computer Access Technology Corp.))

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=84&bd=Pavilion&pf=cndt

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=84&bd=Pavilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=84&bd=Pavilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ds.koramgame.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://game.ds.koramgame.com/?sid=s1|http://www.facebook.com/media/set/?set=a.187244370170.245970.788565170#!/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {916ab64c-bc3e-471b-8e60-29551922a7ba}:1.300.222

FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17

FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&ei=utf-8&yahoo_domain=search.yahoo.com&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/13 07:41:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/02/25 23:51:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 02:47:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 00:11:51 | 000,000,000 | ---D | M]

[2009/02/25 18:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions

[2009/02/25 18:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/06/11 20:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions

[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}

[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (MouseHunt Toolbar) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}

[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\vshare@toolbar

[2009/04/27 20:11:54 | 000,001,768 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\searchplugins\search-the-web.xml

[2011/04/07 02:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/05/01 02:47:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/04/23 14:19:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/05/21 19:51:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2011/05/01 02:47:21 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2011/05/01 02:47:21 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

[2009/05/21 19:51:24 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2009/02/06 12:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

[2011/05/01 02:47:23 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2009/12/22 12:44:28 | 000,107,864 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npww.dll

[2010/10/13 03:18:37 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/10/13 03:18:37 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/10/13 03:18:37 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/10/13 03:18:37 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/10/13 03:18:37 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/10/13 03:18:37 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/10/13 03:18:37 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PCM_MUI] C:\Program Files\CyberLink\PowerCinema\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Google Update] C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImationFlashDetect.lnk = C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe ()

O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\??.lnk = C:\Program Files\Funshion Online\Funshion\Funshion.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()

O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()

O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()

O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.1.58 202.156.1.68 202.156.1.78

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/11/07 18:46:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/09/18 06:02:45 | 000,000,154 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{2e8239f3-d1c8-11de-ad69-00301a007166}\Shell - "" = Autorun

O33 - MountPoints2\{2e8239f3-d1c8-11de-ad69-00301a007166}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e

O33 - MountPoints2\{2e8239f3-d1c8-11de-ad69-00301a007166}\Shell\Open\command - "" = Boot.exe e

O33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell - "" = Autorun

O33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e

O33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell\Open\command - "" = Boot.exe e

O33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell - "" = Autorun

O33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e

O33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell\Open\command - "" = Boot.exe e

O33 - MountPoints2\{fc2a0878-9911-11de-9021-00301a007166}\Shell - "" = AutoRun

O33 - MountPoints2\{fc2a0878-9911-11de-9021-00301a007166}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O33 - MountPoints2\{fca6173b-e764-11dd-baa6-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{fca6173b-e764-11dd-baa6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2010/09/18 05:57:30 | 022,862,464 | R--- | M] (Cisco Consumer Products LLC)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/12 02:07:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe

[2011/06/11 16:42:40 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\PCTools

[2011/06/11 16:41:14 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\PC ToolFix

[2011/06/11 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security

[2011/06/11 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2011/06/11 16:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2011/06/11 16:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2011/06/11 05:18:36 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Malwarebytes

[2011/06/11 05:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/06/11 05:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/06/10 20:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems

[2011/06/10 19:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems

[2010/08/21 17:22:21 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe3C45.dll

[6 C:\Users\Aaron\Desktop\*.tmp files -> C:\Users\Aaron\Desktop\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/12 02:08:13 | 000,302,592 | ---- | M] () -- C:\Users\Aaron\Desktop\mppf510d.exe

[2011/06/12 02:08:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe

[2011/06/12 01:47:53 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/06/12 01:47:53 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/06/12 01:39:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000UA.job

[2011/06/11 19:47:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/06/11 19:47:44 | 936,480,768 | -HS- | M] () -- C:\hiberfil.sys

[2011/06/11 18:59:40 | 000,011,148 | -HS- | M] () -- C:\Users\Aaron\AppData\Local\417ya3snt1

[2011/06/11 18:59:40 | 000,011,148 | -HS- | M] () -- C:\ProgramData\417ya3snt1

[2011/06/11 16:39:32 | 002,936,953 | ---- | M] () -- C:\Users\Aaron\Desktop\pcttFixTool.zip

[2011/06/11 05:08:10 | 000,000,128 | ---- | M] () -- C:\ProgramData\~33021688r

[2011/06/11 05:08:10 | 000,000,112 | ---- | M] () -- C:\ProgramData\~33021688

[2011/06/11 05:00:39 | 000,000,392 | ---- | M] () -- C:\ProgramData\33021688

[2011/06/10 22:21:56 | 000,001,878 | ---- | M] () -- C:\Users\Aaron\funshion.ini

[2011/06/10 04:49:37 | 000,002,044 | ---- | M] () -- C:\Users\Aaron\Desktop\Google Chrome.lnk

[2011/06/10 04:49:37 | 000,002,006 | ---- | M] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/06/10 04:04:09 | 000,000,392 | ---- | M] () -- C:\ProgramData\34332408

[2011/06/10 04:01:43 | 000,000,112 | ---- | M] () -- C:\ProgramData\~34332408

[2011/06/10 03:53:57 | 000,000,136 | ---- | M] () -- C:\ProgramData\~34332408r

[2011/06/05 08:39:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000Core.job

[2011/06/04 00:25:32 | 000,007,052 | ---- | M] () -- C:\Users\Aaron\AppData\Local\d3d9caps.dat

[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2011/05/24 02:12:05 | 000,119,808 | ---- | M] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[6 C:\Users\Aaron\Desktop\*.tmp files -> C:\Users\Aaron\Desktop\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/12 02:08:09 | 000,302,592 | ---- | C] () -- C:\Users\Aaron\Desktop\mppf510d.exe

[2011/06/11 16:40:24 | 000,527,360 | ---- | C] () -- C:\Users\Aaron\Desktop\refdbe.dat

[2011/06/11 16:40:24 | 000,035,384 | ---- | C] () -- C:\Users\Aaron\Desktop\tedbe.dat

[2011/06/11 16:40:24 | 000,000,464 | ---- | C] () -- C:\Users\Aaron\Desktop\tedbwe.dat

[2011/06/11 16:38:36 | 002,936,953 | ---- | C] () -- C:\Users\Aaron\Desktop\pcttFixTool.zip

[2011/06/11 15:59:07 | 000,011,148 | -HS- | C] () -- C:\Users\Aaron\AppData\Local\417ya3snt1

[2011/06/11 15:59:07 | 000,011,148 | -HS- | C] () -- C:\ProgramData\417ya3snt1

[2011/06/11 07:03:56 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url

[2011/06/11 04:58:19 | 000,000,128 | ---- | C] () -- C:\ProgramData\~33021688r

[2011/06/11 04:58:18 | 000,000,112 | ---- | C] () -- C:\ProgramData\~33021688

[2011/06/11 04:57:57 | 000,000,392 | ---- | C] () -- C:\ProgramData\33021688

[2011/06/10 20:16:22 | 000,001,918 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk

[2011/06/10 03:53:57 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34332408r

[2011/06/10 03:53:51 | 000,000,112 | ---- | C] () -- C:\ProgramData\~34332408

[2011/06/10 03:46:29 | 000,000,392 | ---- | C] () -- C:\ProgramData\34332408

[2011/02/05 13:48:21 | 000,000,132 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\Adobe BMP Format CS5 Prefs

[2010/08/25 18:28:06 | 000,001,054 | ---- | C] () -- C:\Windows\System32\funshion.ini

[2010/05/15 15:07:47 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/10/20 18:34:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/10/20 18:34:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/07/29 14:15:25 | 000,000,008 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\NMM-MetaData.db

[2009/07/13 20:13:24 | 000,011,355 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\SmarThruOptions.xml

[2009/07/13 20:13:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe

[2009/07/13 20:12:45 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll

[2009/07/13 20:12:28 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini

[2009/07/13 20:12:25 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll

[2009/07/13 20:10:05 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe

[2009/07/13 20:09:48 | 000,110,592 | ---- | C] () -- C:\Windows\Wiainst.exe

[2009/07/13 20:09:01 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll

[2009/07/13 20:09:01 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll

[2009/07/13 20:09:01 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll

[2009/07/13 20:09:00 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll

[2009/07/13 20:07:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sse1ml3.dll

[2009/06/07 17:20:10 | 000,002,562 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\wklnhst.dat

[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2009/04/15 16:01:11 | 000,119,808 | ---- | C] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/12 14:32:10 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini

[2009/02/26 13:26:59 | 000,007,052 | ---- | C] () -- C:\Users\Aaron\AppData\Local\d3d9caps.dat

[2009/02/25 19:00:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/11/07 18:47:48 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat

[2008/11/07 18:25:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll

[2008/11/07 18:25:45 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll

[2007/05/11 17:30:16 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

[2007/05/11 17:27:58 | 002,107,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys

[2007/03/29 22:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll

[2006/11/02 20:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 20:44:53 | 003,701,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 18:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 18:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/02/22 19:19:35 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\AnvSoft

[2010/01/16 16:23:48 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\DAEMON Tools Lite

[2011/06/12 11:42:50 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\GetRightToGo

[2009/08/10 16:59:48 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\GrabPro

[2010/01/24 02:37:28 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\LimeWire

[2009/07/29 14:15:25 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Nokia

[2009/04/23 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\OpenOffice.org

[2011/03/30 02:02:22 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Orbit

[2009/02/25 23:57:41 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\PC Suite

[2011/06/11 16:42:40 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\PCTools

[2011/06/12 11:42:52 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\PPStream

[2009/07/13 20:13:26 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\SmarThru4

[2011/05/30 22:10:59 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Sports Interactive

[2010/06/12 22:19:24 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\StreamTorrent

[2010/03/25 00:47:45 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Template

[2009/06/04 03:44:59 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\The Creative Assembly

[2011/06/12 11:42:52 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\uTorrent

[2010/09/02 14:47:13 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Xilisoft Corporation

[2011/06/10 04:33:08 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Aaron\Desktop\Beyond - Hai Guo Tian Kong @ Lunar.AVI:TOC.WMV

@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

[JiaWen]

OTL Extras logfile created on: 12/6/2011 2:09:53 AM - Run 1

OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Aaron\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

892.45 Mb Total Physical Memory | 152.91 Mb Available Physical Memory | 17.13% Memory free

2.00 Gb Paging File | 0.73 Gb Available in Paging File | 36.63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139.63 Gb Total Space | 41.90 Gb Free Space | 30.01% Space Free | Partition Type: NTFS

Drive D: | 9.42 Gb Total Space | 1.18 Gb Free Space | 12.52% Space Free | Partition Type: NTFS

Drive E: | 54.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KB | User Name: Aaron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS

[JiaWen]

GMER 1.0.15.15640 - http://www.gmer.net

Rootkit scan 2011-06-12 03:27:10

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST3160815AS rev.3.CHJ

Running: mppf510d.exe; Driver: C:\Users\Aaron\AppData\Local\Temp\pgldqpow.sys

---- System - GMER 1.0.15 ----

INT 0x51 ? 841F0BF8

INT 0x51 ? 841F0BF8

INT 0x51 ? 841F0BF8

INT 0x52 ? 85E47F00

INT 0x72 ? 85E47F00

INT 0x82 ? 841F0BF8

INT 0x92 ? 841F0BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spgy.sys The system cannot find the path specified. !

.text USBPORT.SYS!DllUnload 86F7341B 5 Bytes JMP 85E474E0

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8AA0B340, 0x3DA8C7, 0xE8000020]

.text aor9p4l1.SYS 8A900000 22 Bytes [82, C3, A1, 82, 6C, C2, A1, ...]

.text aor9p4l1.SYS 8A900017 137 Bytes [00, 32, 47, 78, 80, 3D, 45, ...]

.text aor9p4l1.SYS 8A9000A1 43 Bytes [10, AF, 82, 74, 06, A9, 82, ...]

.text aor9p4l1.SYS 8A9000CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}

.text aor9p4l1.SYS 8A9000DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]

.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806886D6] \SystemRoot\System32\Drivers\spgy.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80688042] \SystemRoot\System32\Drivers\spgy.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80688800] \SystemRoot\System32\Drivers\spgy.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806880C0] \SystemRoot\System32\Drivers\spgy.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068813E] \SystemRoot\System32\Drivers\spgy.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80697B90] \SystemRoot\System32\Drivers\spgy.sys

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortNotification] CC358B04

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortWritePortUchar] 838A926F

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8A9240

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortStallExecution] 54771129

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortMoveMemory] [8B108910] \SystemRoot\system32\DRIVERS\nvlddmkm.sys (NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.21 /NVIDIA Corporation)

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortInitialize] B18D0502

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8

IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74527817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7457A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7452BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7451F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7451E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74558395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7452DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7451FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7451FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [745ACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7454C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7451D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74516853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7451687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74522AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00832F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00832D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00832CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00832CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01682F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01682D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01682CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01682CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\system32\Dwm.exe[1540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00412F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\system32\Dwm.exe[1540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00412D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\system32\Dwm.exe[1540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00412CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\system32\Dwm.exe[1540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00412CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\CyberLink\PowerCinema\PCMService.exe[2004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01642F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\CyberLink\PowerCinema\PCMService.exe[2004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01642D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\CyberLink\PowerCinema\PCMService.exe[2004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01642CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\CyberLink\PowerCinema\PCMService.exe[2004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01642CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01452F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01452D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01452CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01452CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe[2480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00902F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe[2480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00902D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe[2480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00902CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe[2480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00902CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00262F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00262D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00262CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00262CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\System32\rundll32.exe[3132] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\System32\rundll32.exe[3132] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\System32\rundll32.exe[3132] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\System32\rundll32.exe[3132] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\hp\support\hpsysdrv.exe[3148] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00292F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\hp\support\hpsysdrv.exe[3148] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00292D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\hp\support\hpsysdrv.exe[3148] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00292CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\hp\support\hpsysdrv.exe[3148] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00292CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Windows Defender\MSASCui.exe[3152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01532F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Windows Defender\MSASCui.exe[3152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01532D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Windows Defender\MSASCui.exe[3152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01532CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Windows Defender\MSASCui.exe[3152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01532CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\mppf510d.exe[3324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00952F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\mppf510d.exe[3324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00952D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\mppf510d.exe[3324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00952CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\mppf510d.exe[3324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00952CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3416] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3416] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [008F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3416] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3416] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3848] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3848] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3848] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3848] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\system32\taskeng.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00682F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\system32\taskeng.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00682D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\system32\taskeng.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00682CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\system32\taskeng.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00682CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Java\jre6\bin\jusched.exe[3936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Java\jre6\bin\jusched.exe[3936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Java\jre6\bin\jusched.exe[3936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\Java\jre6\bin\jusched.exe[3936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00972F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00972D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00972CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00972CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\hp\kbd\kbd.exe[4252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\hp\kbd\kbd.exe[4252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\hp\kbd\kbd.exe[4252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\hp\kbd\kbd.exe[4252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\system32\wuauclt.exe[5612] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00872F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\system32\wuauclt.exe[5612] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00872D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\system32\wuauclt.exe[5612] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00872CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Windows\system32\wuauclt.exe[5612] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00872CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84F091F8

Device \Driver\volmgr \Device\VolMgrControl 84F061F8

Device \Driver\usbohci \Device\USBPDO-0 85E321F8

Device \Driver\PCI_PNP5056 \Device\00000044 spgy.sys

Device \Driver\usbehci \Device\USBPDO-1 85E341F8

Device \Driver\USBSTOR \Device\00000057 85F0B1F8

Device \Driver\volmgr \Device\HarddiskVolume1 84F061F8

Device \Driver\USBSTOR \Device\00000058 85F0B1F8

Device \Driver\volmgr \Device\HarddiskVolume2 84F061F8

Device \Driver\USBSTOR \Device\00000059 85F0B1F8

Device \Driver\cdrom \Device\CdRom0 85E491F8

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 84F081F8

Device \Driver\atapi \Device\Ide\IdePort0 84F081F8

Device \Driver\atapi \Device\Ide\IdePort1 84F081F8

Device \Driver\atapi \Device\Ide\IdePort2 84F081F8

Device \Driver\atapi \Device\Ide\IdePort3 84F081F8

Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-5 84F081F8

Device \Driver\volmgr \Device\HarddiskVolume3 84F061F8

Device \Driver\cdrom \Device\CdRom1 85E491F8

Device \Driver\volmgr \Device\HarddiskVolume4 84F061F8

Device \Driver\volmgr \Device\HarddiskVolume5 84F061F8

Device \Driver\volmgr \Device\HarddiskVolume6 84F061F8

Device \Driver\netbt \Device\NetBt_Wins_Export 8B5F2500

Device \Driver\Smb \Device\NetbiosSmb 8B5F51F8

Device \Driver\USBSTOR \Device\0000005a 85F0B1F8

Device \Driver\USBSTOR \Device\0000005b 85F0B1F8

Device \Driver\iScsiPrt \Device\RaidPort0 85F481F8

Device \Driver\usbohci \Device\USBFDO-0 85E321F8

Device \Driver\sptd \Device\1488007063 spgy.sys

Device \Driver\usbehci \Device\USBFDO-1 85E341F8

Device \Driver\netbt \Device\NetBT_Tcpip_{EBC8DF4E-F823-4914-B7BC-5091D316D8E2} 8B5F2500

Device \Driver\aor9p4l1 \Device\Scsi\aor9p4l11 85F491F8

Device \Driver\aor9p4l1 \Device\Scsi\aor9p4l11Port5Path0Target0Lun0 85F491F8

Device \FileSystem\cdfs \Cdfs 85F031F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCD 0xC7 0x3A 0x25 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x25 0xB0 0x9E ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x76 0xFD 0xD1 0x3F ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA0 0x5A 0x94 0xCA ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCD 0xC7 0x3A 0x25 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x25 0xB0 0x9E ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x76 0xFD 0xD1 0x3F ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA0 0x5A 0x94 0xCA ...

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PPS

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PPS@InstallLocation D:\PPS.tv\PPSGame

---- EOF - GMER 1.0.15 ----

[kahdah]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  O33 - MountPoints2\{2e8239f3-d1c8-11de-ad69-00301a007166}\Shell\Open\command - "" = Boot.exe 
  [2011/06/11 18:59:40 | 000,011,148 | -HS- | M] () -- C:\Users\Aaron\AppData\Local\417ya3snt1
  [2011/06/11 18:59:40 | 000,011,148 | -HS- | M] () -- C:\ProgramData\417ya3snt1
  [2011/06/10 04:04:09 | 000,000,392 | ---- | M] () -- C:\ProgramData\34332408
  [2011/06/10 04:01:43 | 000,000,112 | ---- | M] () -- C:\ProgramData\~34332408
  [2011/06/10 03:53:57 | 000,000,136 | ---- | M] () -- C:\ProgramData\~34332408r
  [2011/06/11 04:58:19 | 000,000,128 | ---- | C] () -- C:\ProgramData\~33021688r
  [2011/06/11 04:58:18 | 000,000,112 | ---- | C] () -- C:\ProgramData\~33021688
  [2011/06/11 04:57:57 | 000,000,392 | ---- | C] () -- C:\ProgramData\33021688
  
  :Commands
  [emptytemp]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
  
• It will produce a log for you on reboot, please post that log in your next reply.
  

================================Malwarebytes' Anti-Malware=================================

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

================================Online scan=================================

* Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
  
• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activex control to install
  
• Click Start
  
• Check next options: Remove found threats and Scan unwanted applications.
  
• Click Scan
  
• Wait for the scan to finish
  
• Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[JiaWen]

Hi, im on a blue screen now and it gives a warning that application (OTL) cannot be used as my computer is affected...

[kahdah]

Were you able to apply any fix yet?

If not please boot into safe mode to do the steps.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Then do the OTL step then reboot into normal mode again and do the other steps.

[JiaWen]

Hi, nope im not on any fix yet, alright doing OTL scan now

[JiaWen]

All processes killed

========== OTL ==========

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e8239f3-d1c8-11de-ad69-00301a007166}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e8239f3-d1c8-11de-ad69-00301a007166}\ not found.

File Boot.exe not found.

C:\Users\Aaron\AppData\Local\417ya3snt1 moved successfully.

C:\ProgramData\417ya3snt1 moved successfully.

C:\ProgramData\34332408 moved successfully.

C:\ProgramData\~34332408 moved successfully.

C:\ProgramData\~34332408r moved successfully.

C:\ProgramData\~33021688r moved successfully.

C:\ProgramData\~33021688 moved successfully.

C:\ProgramData\33021688 moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Aaron

->Temp folder emptied: 3077564588 bytes

->Temporary Internet Files folder emptied: 76995941 bytes

->Java cache emptied: 50788676 bytes

->FireFox cache emptied: 50851065 bytes

->Google Chrome cache emptied: 16404498 bytes

->Apple Safari cache emptied: 26380288 bytes

->Flash cache emptied: 2826471 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5178170495 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 8,087.00 mb

OTL by OldTimer - Version 3.2.24.0 log created on 06122011_051845

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[JiaWen]

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6705

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 7.0.6002.18005

12/6/2011 5:58:53 AM

mbam-log-2011-06-12 (05-58-53).txt

Scan type: Quick scan

Objects scanned: 152645

Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 5

Files Infected: 37

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\fsp (Adware.Funshion) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Funshion Task (Adware.Funshion) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\program files\funshion online (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\skin (Adware.Funshion) -> Quarantined and deleted successfully.

c:\Users\Aaron\funshion (Adware.Funshion) -> Quarantined and deleted successfully.

c:\Users\Aaron\funshion\ini (Adware.Funshion) -> Quarantined and deleted successfully.

Files Infected:

c:\Windows\System32\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\cook.dll (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\CoreAAC.ax (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\coreavc.ax (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\crashreport.exe (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\dbghelp.dll (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\drvc.dll (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\Dump.dll (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\Encrypt.dll (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\fpsrv.dll (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\fptassrv.dll (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\funshion-install.ico (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\Funshion.exe (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\funshiongame2.ico (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\funshionplugin2.dll (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\funshionservice.exe (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\funshionupgrade.exe (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\Funshop2.ico (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\getmacaddress.dll (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\langresenamerican.dll (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\pncrt.dll (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\pndx5032.dll (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\quality.dll (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\rmoc3260.dll (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\routersetting.dll (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\uninstall.exe (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\upnp.dll (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\skin\taskdown.ico (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\skin\taskpause.ico (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\skin\taskplaying.ico (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\skin\taskstop.ico (Adware.Funshion) -> Quarantined and deleted successfully.

c:\program files\funshion online\Funshion\skin\taskupload.ico (Adware.Funshion) -> Quarantined and deleted successfully.

c:\Users\Aaron\funshion\install.ini (Adware.Funshion) -> Quarantined and deleted successfully.

c:\Users\Aaron\funshion\KB_info.ini (Adware.Funshion) -> Quarantined and deleted successfully.

c:\Users\Aaron\funshion\ini\httpfile.ini (Adware.Funshion) -> Quarantined and deleted successfully.

c:\Users\Aaron\funshion\ini\temp_config.ini (Adware.Funshion) -> Quarantined and deleted successfully.

[JiaWen]

Also meanwhile im getting ''Hard Drive Failure'' : The system has detected a problem with one or more installed IDE / SATA hard disks & recommends me to restart my com.

[kahdah]

Did you do the eset scan?

I need to see the log instructions are in my previous post.

For now though just open OTL and click the run scan button.

Post the new OTL.txt that opens.

[JiaWen]

once i restart my computer the virus seems to take over my desktop only leaving one icon, which is the windows vista restore icon

[JiaWen]

OTL logfile created on: 13/6/2011 12:51:44 AM - Run 2

OTL by OldTimer - Version 3.2.24.0 Folder = J:\

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

892.45 Mb Total Physical Memory | 306.04 Mb Available Physical Memory | 34.29% Memory free

2.00 Gb Paging File | 1.16 Gb Available in Paging File | 58.17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139.63 Gb Total Space | 49.09 Gb Free Space | 35.16% Space Free | Partition Type: NTFS

Drive D: | 9.42 Gb Total Space | 1.18 Gb Free Space | 12.52% Space Free | Partition Type: NTFS

Drive E: | 54.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive J: | 3.74 Gb Total Space | 3.69 Gb Free Space | 98.63% Space Free | Partition Type: FAT32

Computer Name: KB | User Name: Aaron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - J:\OTL.exe (OldTimer Tools)

PRC - C:\ProgramData\35905272.exe (Microsoft Corporation)

PRC - C:\ProgramData\SwPGvtLdJxoV.exe (Microsoft Corporation)

PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()

PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()

PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)

PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

PRC - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()

PRC - C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - J:\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)

========== Win32 Services (SafeList) ==========

SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (Qvod Terminal) -- C:\Program Files\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()

SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()

SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)

DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)

DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()

DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)

DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys ()

DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)

DRV - (smartNIC) -- C:\Windows\System32\drivers\smartnic.sys (CATC (Computer Access Technology Corp.))

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=84&bd=Pavilion&pf=cndt

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=84&bd=Pavilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=84&bd=Pavilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ds.koramgame.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://game.ds.koramgame.com/?sid=s1|http://www.facebook.com/media/set/?set=a.187244370170.245970.788565170#!/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {916ab64c-bc3e-471b-8e60-29551922a7ba}:1.300.222

FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17

FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&ei=utf-8&yahoo_domain=search.yahoo.com&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/13 07:41:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/02/25 23:51:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 02:47:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 00:11:51 | 000,000,000 | ---D | M]

[2009/02/25 18:38:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions

[2009/02/25 18:38:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/06/12 06:03:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions

[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] (TradeManager-Plugin) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}

[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] (MouseHunt Toolbar) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}

[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] (vShare Plugin) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\vshare@toolbar

[2009/04/27 20:11:54 | 000,001,768 | -H-- | M] () -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\searchplugins\search-the-web.xml

[2011/04/07 02:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/05/01 02:47:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/04/23 14:19:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/05/21 19:51:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2011/05/01 02:47:21 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2011/05/01 02:47:21 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

[2009/05/21 19:51:24 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2009/02/06 12:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

[2011/05/01 02:47:23 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2009/12/22 12:44:28 | 000,107,864 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npww.dll

[2010/10/13 03:18:37 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/10/13 03:18:37 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/10/13 03:18:37 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/10/13 03:18:37 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/10/13 03:18:37 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/10/13 03:18:37 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/10/13 03:18:37 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PCM_MUI] C:\Program Files\CyberLink\PowerCinema\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Google Update] C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [swPGvtLdJxoV] C:\ProgramData\SwPGvtLdJxoV.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImationFlashDetect.lnk = File not found

O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\??.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()

O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()

O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()

O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.1.58 202.156.1.68 202.156.1.78

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/11/07 18:46:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/09/18 06:02:45 | 000,000,154 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell - "" = Autorun

O33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e

O33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell\Open\command - "" = Boot.exe e

O33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell - "" = Autorun

O33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e

O33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell\Open\command - "" = Boot.exe e

O33 - MountPoints2\{fc2a0878-9911-11de-9021-00301a007166}\Shell - "" = AutoRun

O33 - MountPoints2\{fc2a0878-9911-11de-9021-00301a007166}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O33 - MountPoints2\{fca6173b-e764-11dd-baa6-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{fca6173b-e764-11dd-baa6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2010/09/18 05:57:30 | 022,862,464 | R--- | M] (Cisco Consumer Products LLC)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/13 00:23:45 | 000,000,000 | -H-D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Restore

[2011/06/13 00:23:17 | 000,386,048 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\35905272.exe

[2011/06/13 00:14:03 | 000,492,544 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\SwPGvtLdJxoV.exe

[2011/06/12 05:54:47 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/06/12 05:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/06/12 05:54:42 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/06/12 05:51:27 | 009,435,312 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Aaron\Desktop\mbam-setup-1.51.0.1200.exe

[2011/06/12 05:18:45 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/06/12 04:04:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\lB08200NoDkD08200

[2011/06/12 02:07:36 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe

[2011/06/11 16:42:40 | 000,000,000 | -H-D | C] -- C:\Users\Aaron\AppData\Roaming\PCTools

[2011/06/11 16:41:14 | 000,000,000 | -H-D | C] -- C:\Users\Aaron\Desktop\PC ToolFix

[2011/06/11 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security

[2011/06/11 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2011/06/11 16:35:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\TEMP

[2011/06/11 16:34:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\PC Tools

[2011/06/11 05:18:36 | 000,000,000 | -H-D | C] -- C:\Users\Aaron\AppData\Roaming\Malwarebytes

[2011/06/11 05:18:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes

[2011/06/11 05:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/06/10 20:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems

[2011/06/10 19:29:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Cisco Systems

[2010/08/21 17:22:21 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe3C45.dll

[6 C:\Users\Aaron\Desktop\*.tmp files -> C:\Users\Aaron\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/13 00:53:21 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/06/13 00:53:21 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/06/13 00:49:45 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~35905272r

[2011/06/13 00:49:45 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~35905272

[2011/06/13 00:48:08 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/06/13 00:48:08 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/06/13 00:48:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/06/13 00:48:00 | 936,517,632 | -HS- | M] () -- C:\hiberfil.sys

[2011/06/13 00:23:46 | 000,000,595 | -H-- | M] () -- C:\Users\Aaron\Desktop\Windows Vista Restore.lnk

[2011/06/13 00:23:32 | 000,000,336 | -H-- | M] () -- C:\ProgramData\35905272

[2011/06/13 00:23:19 | 000,386,048 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\35905272.exe

[2011/06/13 00:14:01 | 000,492,544 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\SwPGvtLdJxoV.exe

[2011/06/12 23:39:00 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000UA.job

[2011/06/12 08:39:00 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000Core.job

[2011/06/12 05:49:40 | 009,435,312 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\Aaron\Desktop\mbam-setup-1.51.0.1200.exe

[2011/06/12 05:46:37 | 000,002,587 | -H-- | M] () -- C:\Users\Aaron\Desktop\Microsoft Office Word 2007.lnk

[2011/06/12 03:27:10 | 000,000,452 | -H-- | M] () -- C:\Users\Aaron\Desktop\Results.lnk

[2011/06/12 02:08:13 | 000,302,592 | ---- | M] () -- C:\mppf510d.exe

[2011/06/12 02:08:09 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe

[2011/06/11 16:39:32 | 002,936,953 | -H-- | M] () -- C:\Users\Aaron\Desktop\pcttFixTool.zip

[2011/06/10 22:21:56 | 000,001,878 | -H-- | M] () -- C:\Users\Aaron\funshion.ini

[2011/06/10 04:49:37 | 000,002,044 | -H-- | M] () -- C:\Users\Aaron\Desktop\Google Chrome.lnk

[2011/06/04 00:25:32 | 000,007,052 | -H-- | M] () -- C:\Users\Aaron\AppData\Local\d3d9caps.dat

[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2011/05/24 02:12:05 | 000,119,808 | -H-- | M] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[6 C:\Users\Aaron\Desktop\*.tmp files -> C:\Users\Aaron\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/13 00:48:00 | 936,517,632 | -HS- | C] () -- C:\hiberfil.sys

[2011/06/13 00:36:10 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~35905272r

[2011/06/13 00:36:10 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~35905272

[2011/06/13 00:23:46 | 000,000,595 | -H-- | C] () -- C:\Users\Aaron\Desktop\Windows Vista Restore.lnk

[2011/06/13 00:23:32 | 000,000,336 | -H-- | C] () -- C:\ProgramData\35905272

[2011/06/12 03:27:10 | 000,000,452 | -H-- | C] () -- C:\Users\Aaron\Desktop\Results.lnk

[2011/06/12 02:08:09 | 000,302,592 | ---- | C] () -- C:\mppf510d.exe

[2011/06/11 16:40:24 | 000,527,360 | -H-- | C] () -- C:\Users\Aaron\Desktop\refdbe.dat

[2011/06/11 16:40:24 | 000,035,384 | -H-- | C] () -- C:\Users\Aaron\Desktop\tedbe.dat

[2011/06/11 16:40:24 | 000,000,464 | -H-- | C] () -- C:\Users\Aaron\Desktop\tedbwe.dat

[2011/06/11 16:38:36 | 002,936,953 | -H-- | C] () -- C:\Users\Aaron\Desktop\pcttFixTool.zip

[2011/06/10 20:16:22 | 000,001,918 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk

[2011/02/05 13:48:21 | 000,000,132 | -H-- | C] () -- C:\Users\Aaron\AppData\Roaming\Adobe BMP Format CS5 Prefs

[2010/05/15 15:07:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/10/20 18:34:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/10/20 18:34:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/07/29 14:15:25 | 000,000,008 | -H-- | C] () -- C:\Users\Aaron\AppData\Roaming\NMM-MetaData.db

[2009/07/13 20:13:24 | 000,011,355 | -H-- | C] () -- C:\Users\Aaron\AppData\Roaming\SmarThruOptions.xml

[2009/07/13 20:13:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe

[2009/07/13 20:12:45 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll

[2009/07/13 20:12:28 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini

[2009/07/13 20:12:25 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll

[2009/07/13 20:10:05 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe

[2009/07/13 20:09:48 | 000,110,592 | ---- | C] () -- C:\Windows\Wiainst.exe

[2009/07/13 20:09:01 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll

[2009/07/13 20:09:01 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll

[2009/07/13 20:09:01 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll

[2009/07/13 20:09:00 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll

[2009/07/13 20:07:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sse1ml3.dll

[2009/06/07 17:20:10 | 000,002,562 | -H-- | C] () -- C:\Users\Aaron\AppData\Roaming\wklnhst.dat

[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2009/04/15 16:01:11 | 000,119,808 | -H-- | C] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/12 14:32:10 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini

[2009/02/26 13:26:59 | 000,007,052 | -H-- | C] () -- C:\Users\Aaron\AppData\Local\d3d9caps.dat

[2009/02/25 19:00:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/11/07 18:47:48 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat

[2008/11/07 18:25:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll

[2008/11/07 18:25:45 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll

[2007/05/11 17:30:16 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

[2007/05/11 17:27:58 | 002,107,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys

[2007/03/29 22:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll

[2006/11/02 20:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 20:44:53 | 003,701,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 18:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 18:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/02/22 19:19:35 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\AnvSoft

[2010/01/16 16:23:48 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\DAEMON Tools Lite

[2011/06/12 11:42:50 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\GetRightToGo

[2009/08/10 16:59:48 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\GrabPro

[2010/01/24 02:37:28 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\LimeWire

[2009/07/29 14:15:25 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\Nokia

[2009/04/23 14:22:48 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\OpenOffice.org

[2011/03/30 02:02:22 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\Orbit

[2009/02/25 23:57:41 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\PC Suite

[2011/06/11 16:42:40 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\PCTools

[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\PPStream

[2009/07/13 20:13:26 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\SmarThru4

[2011/05/30 22:10:59 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\Sports Interactive

[2010/06/12 22:19:24 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\StreamTorrent

[2010/03/25 00:47:45 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\Template

[2009/06/04 03:44:59 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\The Creative Assembly

[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\uTorrent

[2010/09/02 14:47:13 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\Xilisoft Corporation

[2011/06/13 00:44:25 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Aaron\Desktop\Beyond - Hai Guo Tian Kong @ Lunar.AVI:TOC.WMV

@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

[kahdah]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  PRC - C:\ProgramData\35905272.exe (Microsoft Corporation)
  PRC - C:\ProgramData\SwPGvtLdJxoV.exe (Microsoft Corporation)
  O4 - HKCU..\Run: [SwPGvtLdJxoV] C:\ProgramData\SwPGvtLdJxoV.exe (Microsoft Corporation)
  O33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell\Open\command - "" = Boot.exe 
  O33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell\Open\command - "" = Boot.exe 
  [2011/06/13 00:23:45 | 000,000,000 | -H-D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Restore
  [2011/06/13 00:23:17 | 000,386,048 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\35905272.exe
  [2011/06/13 00:14:03 | 000,492,544 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\SwPGvtLdJxoV.exe
  [2011/06/12 04:04:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\lB08200NoDkD08200
  [2011/06/13 00:49:45 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~35905272r
  [2011/06/13 00:49:45 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~35905272
  [2011/06/13 00:23:46 | 000,000,595 | -H-- | M] () -- C:\Users\Aaron\Desktop\Windows Vista Restore.lnk
  [2011/06/13 00:23:32 | 000,000,336 | -H-- | C] () -- C:\ProgramData\35905272
  
  :Commands
  [reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
  
• It will produce a log for you on reboot, please post that log in your next reply.
  

=================

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your C:\Drive if you cannot save it there then choose Documents instead.

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[JiaWen]

hmm the OTL scan didnt give me a log am doing the ComboFix now, is it in chinese words?

[JiaWen]

ComboFix 11-06-11.01 - Aaron 6/2011 Mon 2:28.1.2 - x86

????: C:\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( ?????? )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\hpe3C45.dll

c:\programdata\lB08200NoDkD08200

c:\programdata\lB08200NoDkD08200\lB08200NoDkD08200

c:\programdata\lB08200NoDkD08200\lB08200NoDkD08200.exe

c:\windows\system32\jusched.exe

.

.

((((((((((((((((((((((((( 2011-05-12 ? 2011-06-12 ????? )))))))))))))))))))))))))))))))

.

.

2011-06-12 18:41 . 2011-06-12 18:41 -------- d-----w- c:\users\Aaron\AppData\Local\temp

2011-06-12 18:41 . 2011-06-12 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-12 18:21 . 2011-06-12 18:21 -------- d-----w- C:\32788R22FWJFW

2011-06-12 17:22 . 2011-06-12 17:22 -------- d-----w- c:\users\Aaron\AppData\Roaming\SUPERAntiSpyware.com

2011-06-12 17:22 . 2011-06-12 17:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-06-12 17:22 . 2011-06-12 17:26 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-10 12:15 . 2011-06-10 12:44 -------- d-----w- c:\program files\Cisco Systems

2011-06-10 11:29 . 2011-06-10 11:29 -------- d--h--w- c:\programdata\Cisco Systems

.

.

.

(((((((((((((((((((((((((((((((((((((((( ??????????? ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-24 11:14 . 2009-10-03 00:16 222080 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( ????? ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*??* ???????????????

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]

"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-06-11 90112]

"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2008-03-20 151552]

"PCM_MUI"="c:\program files\CyberLink\PowerCinema\MUITransfer\MUIStartMenu.exe" [2008-03-20 222504]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 780312]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

.

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ImationFlashDetect.lnk - c:\users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe [N/A]

??.lnk - c:\program files\Funshion Online\Funshion\Funshion.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\???6]

c:\program files\?

[kahdah]

Great now please do the following:

ESET OnlineScan

1. Click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
   
2. Click the button.
   
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. 
      
   2. Click on to download the ESET Smart Installer. Save it to your desktop.
      
   3. Double click on the icon on your desktop.
      
      
   4. Check
      
   5. Click the button.
      
   6. Accept any security warnings from your browser.
      
   7. Under scan settings, check and check Remove found threats
      
   8. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
        
      • Scan for potentially unsafe applications
        
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, push

[*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Push the button.

[*]Push

[JiaWen]

C:\Qoobox\Quarantine\C\ProgramData\lB08200NoDkD08200\lB08200NoDkD08200.exe.vir a variant of Win32/Kryptik.OXF trojan cleaned by deleting - quarantined

[kahdah]

Great open OTL and click the run scan button and posy the new OTL.txt that opens please.

Let me know how it is running as well.

[JiaWen]

Hi, the scan was done fast...

OTL logfile created on: 13/6/2011 6:58:47 PM - Run 3

OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Aaron\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

892.45 Mb Total Physical Memory | 396.56 Mb Available Physical Memory | 44.43% Memory free

2.00 Gb Paging File | 1.06 Gb Available in Paging File | 53.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139.63 Gb Total Space | 49.67 Gb Free Space | 35.57% Space Free | Partition Type: NTFS

Drive D: | 9.42 Gb Total Space | 1.18 Gb Free Space | 12.52% Space Free | Partition Type: NTFS

Drive E: | 54.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive J: | 3.74 Gb Total Space | 3.67 Gb Free Space | 98.20% Space Free | Partition Type: FAT32

Computer Name: KB | User Name: Aaron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Aaron\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()

PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()

PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)

PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

PRC - C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

========== Modules (SafeList) ==========

MOD - C:\Users\Aaron\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)

========== Win32 Services (SafeList) ==========

SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (Qvod Terminal) -- C:\Program Files\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()

SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()

SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)

DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)

DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()

DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)

DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys ()

DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)

DRV - (smartNIC) -- C:\Windows\System32\drivers\smartnic.sys (CATC (Computer Access Technology Corp.))

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=84&bd=Pavilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ds.koramgame.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://game.ds.koramgame.com/?sid=s1|http://www.facebook.com/media/set/?set=a.187244370170.245970.788565170#!/"

FF - prefs.js..extensions.enabledItems: {916ab64c-bc3e-471b-8e60-29551922a7ba}:1.300.222

FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&ei=utf-8&yahoo_domain=search.yahoo.com&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/02/25 23:51:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 02:47:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 00:11:51 | 000,000,000 | ---D | M]

[2009/02/25 18:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions

[2011/06/13 03:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions

[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}

[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (MouseHunt Toolbar) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}

[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\vshare@toolbar

[2009/04/27 20:11:54 | 000,001,768 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\searchplugins\search-the-web.xml

[2011/04/07 02:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2009/12/22 12:44:28 | 000,107,864 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npww.dll

O1 HOSTS File: ([2011/06/13 02:41:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PCM_MUI] C:\Program Files\CyberLink\PowerCinema\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImationFlashDetect.lnk = File not found

O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\??.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()

O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()

O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()

O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/11/07 18:46:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/09/18 06:02:45 | 000,000,154 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/13 03:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/06/13 03:15:45 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Aaron\Desktop\esetsmartinstaller_enu.exe

[2011/06/13 02:59:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/06/13 02:59:06 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\temp

[2011/06/13 02:21:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/06/13 02:21:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/06/13 02:21:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/06/13 02:21:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/06/13 02:21:46 | 000,000,000 | ---D | C] -- C:\ComboFix

[2011/06/13 02:21:42 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/06/13 02:21:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2011/06/13 02:19:48 | 004,120,119 | R--- | C] (Swearware) -- C:\ComboFix.exe

[2011/06/13 01:22:55 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\SUPERAntiSpyware.com

[2011/06/13 01:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2011/06/13 01:22:47 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2011/06/13 01:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011/06/12 05:54:47 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/06/12 05:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/06/12 05:54:42 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/06/12 05:51:27 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Aaron\Desktop\mbam-setup-1.51.0.1200.exe

[2011/06/12 05:18:45 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/06/12 02:07:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe

[2011/06/11 16:42:40 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\PCTools

[2011/06/11 16:41:14 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\PC ToolFix

[2011/06/11 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security

[2011/06/11 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2011/06/11 16:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2011/06/11 16:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2011/06/11 05:18:36 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Malwarebytes

[2011/06/11 05:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/06/11 05:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/06/10 20:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems

[2011/06/10 19:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems

[6 C:\Users\Aaron\Desktop\*.tmp files -> C:\Users\Aaron\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/13 18:39:12 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000UA.job

[2011/06/13 17:09:34 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/06/13 17:09:34 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/06/13 08:39:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000Core.job

[2011/06/13 03:15:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Aaron\Desktop\esetsmartinstaller_enu.exe

[2011/06/13 03:09:46 | 000,007,052 | ---- | M] () -- C:\Users\Aaron\AppData\Local\d3d9caps.dat

[2011/06/13 03:09:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/06/13 03:09:08 | 936,472,576 | -HS- | M] () -- C:\hiberfil.sys

[2011/06/13 02:41:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/06/13 02:19:55 | 004,120,119 | R--- | M] (Swearware) -- C:\ComboFix.exe

[2011/06/13 01:22:48 | 000,001,762 | ---- | M] () -- C:\Users\Aaron\Desktop\SUPERAntiSpyware Professional.lnk

[2011/06/13 00:53:21 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/06/13 00:53:21 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/06/12 05:49:40 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Aaron\Desktop\mbam-setup-1.51.0.1200.exe

[2011/06/12 05:46:37 | 000,002,587 | ---- | M] () -- C:\Users\Aaron\Desktop\Microsoft Office Word 2007.lnk

[2011/06/12 03:27:10 | 000,000,452 | ---- | M] () -- C:\Users\Aaron\Desktop\Results.lnk

[2011/06/12 02:08:13 | 000,302,592 | ---- | M] () -- C:\mppf510d.exe

[2011/06/12 02:08:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe

[2011/06/11 16:39:32 | 002,936,953 | ---- | M] () -- C:\Users\Aaron\Desktop\pcttFixTool.zip

[2011/06/10 22:21:56 | 000,001,878 | ---- | M] () -- C:\Users\Aaron\funshion.ini

[2011/06/10 04:49:37 | 000,002,044 | ---- | M] () -- C:\Users\Aaron\Desktop\Google Chrome.lnk

[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2011/05/24 02:12:05 | 000,119,808 | ---- | M] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[6 C:\Users\Aaron\Desktop\*.tmp files -> C:\Users\Aaron\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/13 02:21:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011/06/13 02:21:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/06/13 02:21:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/06/13 02:21:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/06/13 02:21:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/06/13 01:55:49 | 936,472,576 | -HS- | C] () -- C:\hiberfil.sys

[2011/06/13 01:22:48 | 000,001,762 | ---- | C] () -- C:\Users\Aaron\Desktop\SUPERAntiSpyware Professional.lnk

[2011/06/12 03:27:10 | 000,000,452 | ---- | C] () -- C:\Users\Aaron\Desktop\Results.lnk

[2011/06/12 02:08:09 | 000,302,592 | ---- | C] () -- C:\mppf510d.exe

[2011/06/11 16:40:24 | 000,527,360 | ---- | C] () -- C:\Users\Aaron\Desktop\refdbe.dat

[2011/06/11 16:40:24 | 000,035,384 | ---- | C] () -- C:\Users\Aaron\Desktop\tedbe.dat

[2011/06/11 16:40:24 | 000,000,464 | ---- | C] () -- C:\Users\Aaron\Desktop\tedbwe.dat

[2011/06/11 16:38:36 | 002,936,953 | ---- | C] () -- C:\Users\Aaron\Desktop\pcttFixTool.zip

[2011/06/10 20:16:22 | 000,001,918 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk

[2011/02/05 13:48:21 | 000,000,132 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\Adobe BMP Format CS5 Prefs

[2010/05/15 15:07:47 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/10/20 18:34:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/10/20 18:34:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/07/29 14:15:25 | 000,000,008 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\NMM-MetaData.db

[2009/07/13 20:13:24 | 000,011,355 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\SmarThruOptions.xml

[2009/07/13 20:13:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe

[2009/07/13 20:12:45 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll

[2009/07/13 20:12:28 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini

[2009/07/13 20:12:25 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll

[2009/07/13 20:10:05 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe

[2009/07/13 20:09:48 | 000,110,592 | ---- | C] () -- C:\Windows\Wiainst.exe

[2009/07/13 20:09:01 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll

[2009/07/13 20:09:01 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll

[2009/07/13 20:09:01 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll

[2009/07/13 20:09:00 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll

[2009/07/13 20:07:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sse1ml3.dll

[2009/06/07 17:20:10 | 000,002,562 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\wklnhst.dat

[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2009/04/15 16:01:11 | 000,119,808 | ---- | C] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/12 14:32:10 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini

[2009/02/26 13:26:59 | 000,007,052 | ---- | C] () -- C:\Users\Aaron\AppData\Local\d3d9caps.dat

[2009/02/25 19:00:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/11/07 18:47:48 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat

[2008/11/07 18:25:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll

[2008/11/07 18:25:45 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll

[2007/05/11 17:30:16 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

[2007/05/11 17:27:58 | 002,107,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys

[2007/03/29 22:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll

[2006/11/02 20:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 20:44:53 | 003,701,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 18:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 18:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Aaron\Desktop\Beyond - Hai Guo Tian Kong @ Lunar.AVI:TOC.WMV

@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

[kahdah]

Looks good how are things running?

[JiaWen]

hmm it looks ok other then some of my desktop icons disappeared like mozzila and the shortcut above the ''All programs'' when i click start also disappeared, other then that i think it looks cool!