Jump to content

EternitySky

Members
  • Content Count

    16
  • Joined

  • Last visited

About EternitySky

  • Rank
    Member
  1. Nope, Everything seems fine now, Thank you
  2. The Baidu Thing isn't coming back anymore , well there is this one problem i just remembered while restarting from OTL, when i restart my laptop shuts down instead and it almost seems like it crashes when it shutdowns for the restart .... dunno if this is the cause of something, and there's also that my Laptop's Back light for the monitor doesn't work anymore... last time i reformatted from trojan cinmus cause of time troubles the screen worked for 2 weeks before i updated then it stop working again... i dunno if its fixable... All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57A19CF8-D82A-2BD6-465F-FD9AF29AF07D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57A19CF8-D82A-2BD6-465F-FD9AF29AF07D}\ deleted successfully. C:\QvodPlayer\AddIn\QvodAddr.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ not found. File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found. ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully. ADS C:\ProgramData\TEMP:430C6D84 deleted successfully. ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully. ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully. ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.google.ca/" /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Search Page deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.google.ca/" /E : value set successfully! ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Ken Chan\Desktop\cmd.bat deleted successfully. C:\Users\Ken Chan\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: All Users User: Default User: Default User User: Jaq ->Flash cache emptied: 1092 bytes User: Ken Chan ->Flash cache emptied: 5116 bytes User: mom ->Flash cache emptied: 10655 bytes User: Public Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Jaq ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 3799523 bytes ->Java cache emptied: 1325532 bytes ->FireFox cache emptied: 76529922 bytes ->Flash cache emptied: 0 bytes User: Ken Chan ->Temp folder emptied: 713816746 bytes ->Temporary Internet Files folder emptied: 3204731 bytes ->Java cache emptied: 1096935 bytes ->FireFox cache emptied: 87927832 bytes ->Flash cache emptied: 0 bytes User: mom ->Temp folder emptied: 367050635 bytes ->Temporary Internet Files folder emptied: 146218 bytes ->Java cache emptied: 13229 bytes ->FireFox cache emptied: 75872373 bytes ->Google Chrome cache emptied: 6099312 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 12092 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,275.00 mb OTL by OldTimer - Version 3.2.21.0 log created on 03052011_191808 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... _________ Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5971 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 05/03/2011 7:36:54 PM mbam-log-2011-03-05 (19-36-54).txt Scan type: Quick scan Objects scanned: 180625 Time elapsed: 8 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  3. Double checking would be great! OTL.txt OTL logfile created on: 05/03/2011 10:56:22 AM - Run 3 OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Ken Chan\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 1,015.00 Mb Total Physical Memory | 357.00 Mb Available Physical Memory | 35.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141.79 Gb Total Space | 66.92 Gb Free Space | 47.20% Space Free | Partition Type: NTFS Drive D: | 7.25 Gb Total Space | 1.00 Gb Free Space | 13.75% Space Free | Partition Type: NTFS Computer Name: KENCHAN-PC | User Name: Ken Chan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/03/05 08:35:43 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2011/03/05 08:35:41 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/02/23 18:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe PRC - [2011/02/14 17:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011/01/13 00:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011/01/13 00:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/04/16 17:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2007/03/28 16:45:38 | 000,118,877 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe PRC - [2007/03/28 16:45:34 | 000,270,431 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe PRC - [2007/02/21 18:14:24 | 001,183,744 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe PRC - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\AEADISRV.EXE PRC - [2006/12/12 22:51:18 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe ========== Modules (SafeList) ========== MOD - [2011/02/23 18:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe MOD - [2011/01/13 00:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011/01/13 00:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/10/05 22:06:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/04/28 06:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/03/28 16:45:38 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2007/03/28 16:45:34 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2007/03/05 09:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2006/12/12 22:51:18 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - [2011/01/13 00:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/01/13 00:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/01/13 00:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/01/13 00:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011/01/13 00:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010/10/10 20:12:15 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi) DRV - [2010/08/16 06:26:29 | 006,637,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel® DRV - [2010/06/29 16:02:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/04/28 06:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2007/06/07 23:14:18 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP) DRV - [2007/06/07 07:04:00 | 001,683,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2007/06/07 07:04:00 | 001,683,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm) DRV - [2007/05/11 02:42:46 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\btwavdt.sys -- (btwavdt) DRV - [2007/05/04 06:11:32 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel® DRV - [2007/03/09 21:49:46 | 000,309,248 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2007/02/26 06:52:22 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2006/12/12 22:51:16 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/11/30 10:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006/11/02 01:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006/11/02 01:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006/11/02 01:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/01 23:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS -- (HSF_DPV) DRV - [2006/11/01 23:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006/11/01 23:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS -- (winachsf) DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2006/11/01 23:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV) DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 EE DE 5A E8 D2 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.2 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.76 FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbbaaec&v=6.011.025.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/24 02:09:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/24 02:09:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/05 08:35:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 08:35:48 | 000,000,000 | ---D | M] [2010/06/17 17:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Extensions [2011/03/04 22:49:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions [2010/06/28 17:37:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/01/23 17:31:41 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2011/02/09 00:06:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/03/04 18:28:55 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011/02/20 09:48:06 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\adblockpopups@jessehakanen.net [2011/02/22 15:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/01/02 22:04:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/06/24 13:12:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/02 23:37:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/18 23:45:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010/12/22 01:04:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/02/18 00:31:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/02/02 04:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2011/02/27 11:26:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (57A19CF8-D82A-2BD6-465F-FD9AF29AF07D Class) - {57A19CF8-D82A-2BD6-465F-FD9AF29AF07D} - C:\QvodPlayer\AddIn\QvodAddr.dll () O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Ken Chan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Ken Chan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2011/03/03 15:53:40 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Roaming\QuickScan [2011/02/27 11:30:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/02/27 11:30:23 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011/02/27 11:30:22 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Local\temp [2011/02/27 11:11:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/02/27 11:11:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/02/27 11:11:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/02/27 11:10:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/02/27 11:10:54 | 000,000,000 | ---D | C] -- C:\schrauber [2011/02/27 11:06:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/02/27 11:05:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011/02/26 00:28:16 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Local\AreaZero [2011/02/24 21:21:14 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Roaming\DivX [2011/02/24 15:30:31 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Local\DDMSettings [2011/02/24 02:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011/02/24 02:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2011/02/23 23:16:13 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\Documents\Updater5 [2011/02/23 18:12:36 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe [2011/02/23 02:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Blinkx [2011/02/22 17:20:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ken Chan\Desktop\HijackThis.exe [2011/02/22 01:10:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0248.old [2011/02/22 01:10:35 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0248.old [2011/02/18 00:31:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/02/18 00:31:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/02/18 00:31:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/02/14 01:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine [2011/02/14 01:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2011/02/14 01:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2011/02/09 19:45:04 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0 [2011/02/09 19:45:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011/02/09 19:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS [2011/02/08 15:40:49 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/02/08 15:40:36 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011/02/08 15:40:35 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011/02/08 15:40:09 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/02/08 15:40:09 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/02/08 15:40:07 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011/02/08 15:40:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/02/08 15:40:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/02/08 15:40:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/02/08 15:40:03 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/02/08 15:40:03 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011/02/08 15:40:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011/02/08 15:40:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011/02/08 15:40:02 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011/02/08 15:40:01 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/02/08 15:40:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/02/08 15:40:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/02/08 15:39:55 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011/02/08 15:39:54 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/02/08 15:39:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/02/08 15:39:34 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011/02/08 15:39:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011/02/05 18:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlyForFantasy [2011/02/05 17:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\FlyForFantasy ========== Files - Modified Within 30 Days ========== [2011/03/05 10:56:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job [2011/03/05 09:25:04 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/03/05 09:25:04 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/03/05 09:19:36 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/03/05 09:19:36 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/03/05 09:19:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/03/05 09:19:23 | 161,156,820 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/03/05 01:06:31 | 000,003,035 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011/03/05 00:26:17 | 000,005,648 | ---- | M] () -- C:\Users\Ken Chan\AppData\Local\d3d9caps.dat [2011/02/27 23:34:39 | 000,000,392 | ---- | M] () -- C:\Users\Ken Chan\AppData\Roaming\wklnhst.dat [2011/02/27 11:34:20 | 000,002,383 | ---- | M] () -- C:\Users\Ken Chan\Desktop\Skype.lnk [2011/02/27 11:26:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011/02/27 11:03:53 | 004,276,140 | R--- | M] () -- C:\Users\Ken Chan\Desktop\schrauber.exe [2011/02/23 18:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe [2011/02/22 16:10:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ken Chan\Desktop\HijackThis.exe [2011/02/22 03:18:33 | 001,802,910 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2011/02/20 20:44:33 | 000,054,630 | ---- | M] () -- C:\Users\Ken Chan\Documents\c04_793x540.png [2011/02/09 19:40:48 | 003,014,656 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl [2011/02/09 19:40:48 | 000,049,152 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf [2011/02/09 19:40:48 | 000,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx [2011/02/09 15:48:03 | 001,695,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/02/07 00:13:42 | 000,031,744 | ---- | M] () -- C:\Users\Ken Chan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2011/03/05 09:19:23 | 161,156,820 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011/02/27 11:11:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011/02/27 11:11:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/02/27 11:11:08 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011/02/27 11:11:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/02/27 11:11:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/02/27 11:03:29 | 004,276,140 | R--- | C] () -- C:\Users\Ken Chan\Desktop\schrauber.exe [2011/02/23 18:27:30 | 000,133,632 | ---- | C] () -- C:\Users\Ken Chan\Desktop\RKUnhookerLE.EXE [2011/02/22 03:16:32 | 001,802,910 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2011/02/22 01:10:36 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0248.old [2011/02/20 20:44:30 | 000,054,630 | ---- | C] () -- C:\Users\Ken Chan\Documents\c04_793x540.png [2011/02/17 00:21:39 | 000,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job [2011/02/09 19:40:04 | 003,014,656 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl [2011/02/09 19:40:04 | 000,049,152 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf [2011/02/09 19:40:04 | 000,016,384 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx [2011/02/01 21:57:38 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2010/11/30 18:16:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/10/03 12:35:25 | 000,000,392 | ---- | C] () -- C:\Users\Ken Chan\AppData\Roaming\wklnhst.dat [2010/08/20 10:44:09 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\prvlcl.dat [2010/06/30 16:05:59 | 000,004,355 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010/06/29 16:02:04 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010/06/28 14:11:17 | 000,031,744 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/25 15:19:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010/06/19 13:05:12 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010/06/18 10:31:04 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\FnF4.txt [2010/06/17 17:44:14 | 000,005,648 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\d3d9caps.dat [2010/06/17 17:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\QSwitch.txt [2010/06/17 17:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\DSwitch.txt [2010/06/17 17:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\AtStart.txt [2007/06/07 07:26:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1287.dll [2007/06/07 07:02:10 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007/06/07 06:15:28 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007/02/27 12:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/12/13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006/12/13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/03/09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report >
  4. Hmm... I see... Well besides this problem nothing else on my Laptop is acting weird, so i don't think there is any other problems with it right now, so lets continue
  5. Well the thing that worries me currently is... My sister uses this program called QVOD player, she uses it to stream things from china's stream sites, and then somehow she got this thing called "Baidu", i talked to a friend about it and apparently theres a virus with it, and it was infected last time i posted here too ( Trojan Cinmus was the thing that came up ), and well she removed the toolbar from IE, But it tries to change my Homepage on IE to baidu but microsoft redirects me to a website saying about malicious websites, and also it keeps reappearing on my favorites bar / folder when i delete it and it restart IE ... my friend said it had something to do with the registries and stuff so i dont have any idea and came here for help. and Thanks Dakeyras for helping while Tom is away
  6. QuickScan Beta 32-bit v0.9.9.52 ------------------------------- Scan date: Thu Mar 03 15:56:44 2011 Machine ID: F8E555FD System32\Drivers\sptd.sys - could not be scanned --> HKLM\System\ControlSet002\services\sptd\"ImagePath" No infection found. ------------------- Processes --------- (verified) avast! Antivirus 3332 C:\Program Files\Alwil Software\Avast5\AvastUI.exe (verified) DivX Update 3544 C:\Program Files\DivX\DivX Update\DivXUpdate.exe (verified) Firefox 2204 C:\Program Files\Mozilla Firefox\firefox.exe (verified) hp digital imaging - hp all-in-one seri 3176 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (verified) Intel® Common User Interface 2960 C:\WINDOWS\System32\hkcmd.exe (verified) Intel® Common User Interface 2996 C:\WINDOWS\System32\igfxpers.exe (verified) Intel® Common User Interface 3268 C:\WINDOWS\System32\igfxsrvc.exe (verified) Java Platform SE Auto Updater 2 0 3400 C:\Program Files\Common Files\Java\Java Update\jusched.exe (verified) Microsoft® Windows® Operating System 3648 C:\Program Files\Windows Media Player\wmpnscfg.exe (verified) Microsoft® Windows® Operating System 3228 C:\Program Files\Windows Sidebar\sidebar.exe (verified) Microsoft® Windows® Operating System 3636 C:\Program Files\Windows Sidebar\sidebar.exe (verified) Microsoft® Windows® Operating System 2728 C:\WINDOWS\explorer.exe (verified) Microsoft® Windows® Operating System 2644 C:\WINDOWS\System32\dwm.exe (verified) Microsoft® Windows® Operating System 2612 C:\WINDOWS\System32\notepad.exe (verified) Microsoft® Windows® Operating System 2476 C:\WINDOWS\System32\taskeng.exe (verified) SMax4PNP Application 3324 C:\Program Files\Analog Devices\Core\smax4pnp.exe Autoruns and critical files --------------------------- (unsigned) Mozilla Firefox C:\Program Files\Mozilla Firefox (verified) avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastUI.exe (verified) DivX Update C:\Program Files\DivX\DivX Update\DivXUpdate.exe (verified) hp digital imaging - hp all-in-one seri C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (verified) HP Health Check Scheduler c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (verified) Intel® Common User Interface C:\WINDOWS\System32\hkcmd.exe (verified) Intel® Common User Interface C:\WINDOWS\System32\igfxdev.dll (verified) Intel® Common User Interface C:\WINDOWS\System32\igfxpers.exe (verified) Intel® Common User Interface C:\Windows\system32\igfxtray.exe (verified) Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe (verified) Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\wmpnscfg.exe (verified) Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\browseui.dll (verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe (verified) SMax4PNP Application C:\Program Files\Analog Devices\Core\smax4pnp.exe (verified) Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe (verified) Windows® Internet Explorer C:\WINDOWS\System32\webcheck.dll Browser plugins --------------- (unsigned) Java Platform SE 6 U24 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (verified) AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll (verified) AddressSearch Module c:\qvodplayer\addin\qvodaddr.dll (verified) BitDefender QuickScan C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll (verified) BitDefender QuickScan C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll (verified) BitDefender QuickScan C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll (deleted) (verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll (verified) DivX VOD Helper Plug-in C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (verified) DivX Web Player c:\program files\divx\divx plus web player\npdivx32.dll (verified) Google Toolbar for IE c:\program files\google\googletoolbar1.dll (verified) Java Deployment Toolkit 6.0.240.7 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (verified) Java Platform SE 6 U24 c:\program files\java\jre6\bin\jp2ssv.dll (verified) Microsoft Office Live Plug-in for Firef C:\Program Files\Microsoft\Office Live\npOLW.dll (verified) Microsoft Search Helper Extention c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll (verified) Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll (verified) Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\NapiNSP.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\nlaapi.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\pnrpnsp.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\wshbth.dll (verified) Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll (verified) MSN® Games by Zone.com C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll (verified) MSN® Games by Zone.com C:\Windows\Downloaded Program Files\msgrchkr.dll (verified) Nexon Game Controller C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (verified) npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll (verified) NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll (verified) Pando Web Plugin C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll (verified) Skype Toolbars c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll (verified) Windows Live Toolbar c:\program files\windows live\toolbar\wltcore.dll (verified) Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (verified) Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (verified) Windows® Internet Explorer C:\WINDOWS\System32\ieframe.dll Missing files ------------- File not found: C:\Users\KENCHA~1\AppData\Local\Temp\ALSysIO.sys --> HKLM\System\ControlSet001\services\ALSysIO\"ImagePath" File not found: C:\Users\KENCHA~1\AppData\Local\Temp\catchme.sys --> HKLM\System\ControlSet001\services\catchme\"ImagePath" File not found: C:\Windows\System32\appmgmts.dll --> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll" Scan ---- (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll (unsigned) MD5: 4ebb5b4dcabec18b29d01f9f607b0114 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (unsigned) MD5: e9fd67b7ab3f1ae177914313e2847dc3 C:\Program Files\Mozilla Firefox\freebl3.dll (unsigned) MD5: 631f3d1f8d339fe58b0d4899fed6d84a C:\Program Files\Mozilla Firefox\nssdbm3.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (unsigned) MD5: 92edaae9c5c533860ec87aef22f71e05 C:\Program Files\Mozilla Firefox\softokn3.dll (unsigned) MD5: dd48695d9b86dc5970c3f54c84dbbd4f C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\98bbdd8c400493ad228b8283665cc9da\mscorlib.ni.dll No file uploaded. Scan finished - communication took 2 sec Total traffic - 0.03 MB sent, 0.15 KB recvd Scanned 1022 files and modules - 7 seconds ============================================================================== Everything is running fine, its just some things that worries me >_<
  7. No not yet, because i wasn't sure about it yet if it messes up this process, if i actually need to i'll go delete now. [EDIT] so i just deleted the 2 things, Log before Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5908 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 01/03/2011 4:10:13 PM mbam-log-2011-03-01 (16-10-13).txt Scan type: Quick scan Objects scanned: 179986 Time elapsed: 7 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\mom\downloads\xvidsetup(3).exe (Adware.Hotbar) -> Quarantined and deleted successfully. Log after: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5922 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 01/03/2011 4:25:25 PM mbam-log-2011-03-01 (16-25-25).txt Scan type: Quick scan Objects scanned: 180006 Time elapsed: 6 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) the scans have nothing coming up, but the baidu favorites page still keeps returning after deleting it. [EDIT2] after i scanned i noticed there were 2 items in my "ignore list" that i never remembered adding, after removing it form the list i did a full scan and heres the logs. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5922 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 01/03/2011 6:12:23 PM mbam-log-2011-03-01 (18-12-23).txt Scan type: Full scan (C:\|) Objects scanned: 352745 Time elapsed: 1 hour(s), 29 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{9F44453E-1E46-4D5C-B57C-112FF2EDAE82} (Spyware.OnlineGames) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\qvodplayer\QvodBand.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. both items are now deleted.
  8. My IE didnt let me connect to that site, it said something about being loged in... >.<;; MbaM log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5908 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 01/03/2011 9:10:04 AM mbam-log-2011-03-01 (09-09-52).txt Scan type: Quick scan Objects scanned: 179893 Time elapsed: 4 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\mom\downloads\xvidsetup(3).exe (Adware.Hotbar) -> No action taken. OTL.txt OTL logfile created on: 01/03/2011 9:12:49 AM - Run 2 OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Ken Chan\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 1,015.00 Mb Total Physical Memory | 206.00 Mb Available Physical Memory | 20.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141.79 Gb Total Space | 69.63 Gb Free Space | 49.11% Space Free | Partition Type: NTFS Drive D: | 7.25 Gb Total Space | 1.00 Gb Free Space | 13.75% Space Free | Partition Type: NTFS Computer Name: KENCHAN-PC | User Name: Ken Chan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/02/24 11:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe PRC - [2011/02/15 10:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011/01/13 17:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011/01/13 17:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010/12/11 08:24:20 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010/12/11 08:24:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/10/16 17:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/04/17 10:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe PRC - [2009/04/11 15:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009/01/15 09:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2007/03/29 09:45:38 | 000,118,877 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe PRC - [2007/03/29 09:45:34 | 000,270,431 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe PRC - [2007/02/22 11:14:24 | 001,183,744 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe PRC - [2007/02/07 04:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\AEADISRV.EXE PRC - [2006/12/13 15:51:18 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe ========== Modules (SafeList) ========== MOD - [2011/02/24 11:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe MOD - [2011/01/13 17:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll MOD - [2010/09/01 00:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011/01/13 17:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/10/16 17:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/10/06 15:06:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/04/28 23:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009/01/15 09:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008/01/19 16:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/03/29 09:45:38 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2007/03/29 09:45:34 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2007/03/06 02:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007/02/07 04:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2006/12/13 15:51:18 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - [2011/01/13 17:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/01/13 17:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/01/13 17:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/01/13 17:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011/01/13 17:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010/10/11 13:12:15 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi) DRV - [2010/08/16 23:26:29 | 006,637,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel® DRV - [2010/06/30 09:02:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/04/28 23:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2007/06/08 16:14:18 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP) DRV - [2007/06/08 00:04:00 | 001,683,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2007/06/08 00:04:00 | 001,683,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm) DRV - [2007/05/11 19:42:46 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\btwavdt.sys -- (btwavdt) DRV - [2007/05/04 23:11:32 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel® DRV - [2007/03/10 14:49:46 | 000,309,248 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2007/02/26 23:52:22 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2006/12/13 15:51:16 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/12/01 03:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006/11/02 18:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006/11/02 18:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006/11/02 18:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006/11/02 18:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006/11/02 18:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006/11/02 18:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006/11/02 18:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006/11/02 18:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006/11/02 18:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006/11/02 18:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 18:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 18:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006/11/02 18:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006/11/02 18:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 18:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 18:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006/11/02 18:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006/11/02 18:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 18:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006/11/02 18:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006/11/02 18:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006/11/02 18:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006/11/02 18:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006/11/02 18:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 18:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 18:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006/11/02 18:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 18:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006/11/02 18:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 18:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 18:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 18:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006/11/02 18:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006/11/02 18:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006/11/02 18:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006/11/02 17:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 17:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 17:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 17:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 17:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 17:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 16:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS -- (HSF_DPV) DRV - [2006/11/02 16:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006/11/02 16:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS -- (winachsf) DRV - [2006/11/02 16:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 16:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2006/11/02 16:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV) DRV - [2006/06/29 02:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 EE DE 5A E8 D2 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.2 FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbbaaec&v=6.011.025.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/24 19:09:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/24 19:09:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/22 18:25:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/24 18:18:33 | 000,000,000 | ---D | M] [2010/06/18 10:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Extensions [2011/02/28 14:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions [2010/06/29 10:37:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/01/24 10:31:41 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2011/02/09 17:06:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/02/21 02:48:06 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\adblockpopups@jessehakanen.net [2011/02/23 08:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/01/03 15:04:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/06/25 06:12:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/03 16:37:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/19 16:45:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010/12/22 18:04:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/02/18 17:31:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2011/02/28 04:26:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (57A19CF8-D82A-2BD6-465F-FD9AF29AF07D Class) - {57A19CF8-D82A-2BD6-465F-FD9AF29AF07D} - C:\QvodPlayer\AddIn\QvodAddr.dll () O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Ken Chan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Ken Chan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/09/12 00:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2011/02/28 04:30:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/02/28 04:30:23 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011/02/28 04:30:22 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Local\temp [2011/02/28 04:11:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/02/28 04:11:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/02/28 04:11:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/02/28 04:10:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/02/28 04:10:54 | 000,000,000 | ---D | C] -- C:\schrauber [2011/02/28 04:06:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/02/28 04:05:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011/02/26 17:28:16 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Local\AreaZero [2011/02/25 14:21:14 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Roaming\DivX [2011/02/25 08:30:31 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Local\DDMSettings [2011/02/24 19:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011/02/24 19:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2011/02/24 16:16:13 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\Documents\Updater5 [2011/02/24 11:12:36 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe [2011/02/23 19:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Blinkx [2011/02/23 10:20:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ken Chan\Desktop\HijackThis.exe [2011/02/22 18:10:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0248.old [2011/02/22 18:10:35 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0248.old [2011/02/18 17:31:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/02/18 17:31:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/02/18 17:31:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/02/16 19:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\KuaiWan [2011/02/14 18:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine [2011/02/14 18:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2011/02/14 18:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2011/02/10 12:45:04 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0 [2011/02/10 12:45:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011/02/10 12:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS [2011/02/09 08:40:49 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/02/09 08:40:36 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011/02/09 08:40:35 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011/02/09 08:40:09 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/02/09 08:40:09 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/02/09 08:40:07 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011/02/09 08:40:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/02/09 08:40:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/02/09 08:40:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/02/09 08:40:03 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/02/09 08:40:03 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011/02/09 08:40:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011/02/09 08:40:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011/02/09 08:40:02 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011/02/09 08:40:01 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/02/09 08:40:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/02/09 08:40:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/02/09 08:39:55 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011/02/09 08:39:54 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/02/09 08:39:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/02/09 08:39:34 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011/02/09 08:39:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011/02/06 11:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlyForFantasy [2011/02/06 10:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\FlyForFantasy [2011/02/02 14:57:38 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\System32\D3DX81ab.dll [2011/02/02 14:57:37 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\Documents\Cheat Engine [2011/02/02 14:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2011/02/02 14:10:45 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011/02/02 14:10:44 | 000,294,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011/02/02 14:10:39 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011/02/02 14:10:34 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011/02/02 14:10:19 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011/02/02 14:09:07 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011/02/02 14:09:02 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011/02/02 14:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2011/02/02 14:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software ========== Files - Modified Within 30 Days ========== [2011/03/01 09:17:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job [2011/03/01 08:17:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/03/01 08:17:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/03/01 08:17:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/02/28 17:46:22 | 000,003,035 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011/02/28 16:34:39 | 000,000,392 | ---- | M] () -- C:\Users\Ken Chan\AppData\Roaming\wklnhst.dat [2011/02/28 14:48:58 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/02/28 14:48:58 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/02/28 04:34:20 | 000,002,383 | ---- | M] () -- C:\Users\Ken Chan\Desktop\Skype.lnk [2011/02/28 04:26:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011/02/28 04:03:53 | 004,276,140 | R--- | M] () -- C:\Users\Ken Chan\Desktop\schrauber.exe [2011/02/24 11:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe [2011/02/23 09:10:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ken Chan\Desktop\HijackThis.exe [2011/02/22 20:18:33 | 001,802,910 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2011/02/22 08:19:05 | 000,005,648 | ---- | M] () -- C:\Users\Ken Chan\AppData\Local\d3d9caps.dat [2011/02/21 13:44:33 | 000,054,630 | ---- | M] () -- C:\Users\Ken Chan\Documents\c04_793x540.png [2011/02/10 12:40:48 | 003,014,656 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl [2011/02/10 12:40:48 | 000,049,152 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf [2011/02/10 12:40:48 | 000,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx [2011/02/10 08:48:03 | 001,695,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/02/07 17:13:42 | 000,031,744 | ---- | M] () -- C:\Users\Ken Chan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/02 21:40:39 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/02/02 21:40:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/02/02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/02/02 21:40:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2011/02/02 14:18:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011/02/02 14:10:52 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011/02/02 10:43:41 | 000,000,000 | ---- | M] () -- C:\Users\Ken Chan\AppData\Local\prvlcl.dat [2011/02/02 09:18:46 | 000,057,897 | ---- | M] () -- C:\Users\Ken Chan\Documents\c12_338x540.png [2011/02/02 09:17:41 | 000,060,160 | ---- | M] () -- C:\Users\Ken Chan\Documents\c06_678x540.png ========== Files Created - No Company Name ========== [2011/02/28 04:11:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011/02/28 04:11:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/02/28 04:11:08 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011/02/28 04:11:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/02/28 04:11:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/02/28 04:03:29 | 004,276,140 | R--- | C] () -- C:\Users\Ken Chan\Desktop\schrauber.exe [2011/02/24 11:27:30 | 000,133,632 | ---- | C] () -- C:\Users\Ken Chan\Desktop\RKUnhookerLE.EXE [2011/02/22 20:16:32 | 001,802,910 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2011/02/22 18:10:36 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0248.old [2011/02/21 13:44:30 | 000,054,630 | ---- | C] () -- C:\Users\Ken Chan\Documents\c04_793x540.png [2011/02/17 17:21:39 | 000,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job [2011/02/10 12:40:04 | 003,014,656 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl [2011/02/10 12:40:04 | 000,049,152 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf [2011/02/10 12:40:04 | 000,016,384 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx [2011/02/02 14:57:38 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2011/02/02 14:10:52 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011/02/02 09:18:44 | 000,057,897 | ---- | C] () -- C:\Users\Ken Chan\Documents\c12_338x540.png [2011/02/02 09:17:37 | 000,060,160 | ---- | C] () -- C:\Users\Ken Chan\Documents\c06_678x540.png [2010/12/01 11:16:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/10/04 05:35:25 | 000,000,392 | ---- | C] () -- C:\Users\Ken Chan\AppData\Roaming\wklnhst.dat [2010/08/21 03:44:09 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\prvlcl.dat [2010/07/01 09:05:59 | 000,004,355 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010/06/30 09:02:04 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010/06/29 07:11:17 | 000,031,744 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/26 08:19:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010/06/20 06:05:12 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010/06/19 03:31:04 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\FnF4.txt [2010/06/18 10:44:14 | 000,005,648 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\d3d9caps.dat [2010/06/18 10:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\QSwitch.txt [2010/06/18 10:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\DSwitch.txt [2010/06/18 10:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\AtStart.txt [2007/06/08 00:26:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1287.dll [2007/06/08 00:02:10 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007/06/07 23:15:28 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007/02/28 05:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/12/14 15:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006/12/14 15:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006/11/02 21:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 16:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/03/10 08:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > extras.txt OTL Extras logfile created on: 01/03/2011 9:12:49 AM - Run 2 OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Ken Chan\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 1,015.00 Mb Total Physical Memory | 206.00 Mb Available Physical Memory | 20.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141.79 Gb Total Space | 69.63 Gb Free Space | 49.11% Space Free | Partition Type: NTFS Drive D: | 7.25 Gb Total Space | 1.00 Gb Free Space | 13.75% Space Free | Partition Type: NTFS Computer Name: KENCHAN-PC | User Name: Ken Chan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{30DD8CC0-AD91-4A6E-8316-77027AB6F3F3}" = lport=137 | protocol=17 | dir=in | app=system | "{5168CAF2-D0CE-4C7E-ABB2-08E2AD0A11F9}" = lport=2869 | protocol=6 | dir=in | app=system | "{57205D2D-E3E6-428D-BC1D-A08D60904E16}" = rport=139 | protocol=6 | dir=out | app=system | "{7A4C907F-DD00-4350-81D8-09BFDA12BEAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{7BD35D0F-3A9A-4096-BE3C-3F63CAB5E4D0}" = lport=139 | protocol=6 | dir=in | app=system | "{964E7711-2C18-47FC-ACD4-53970BC18D19}" = rport=445 | protocol=6 | dir=out | app=system | "{BC78B98C-9C33-4094-BF9F-BF3C04FE5553}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{BDC3822A-CFE3-4935-9627-0C4F5967FF26}" = rport=138 | protocol=17 | dir=out | app=system | "{DC547E59-81E8-4844-A2CD-514398C8A1DA}" = lport=138 | protocol=17 | dir=in | app=system | "{E6D14914-8EBA-4F17-9EA8-78A79621C637}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E83E4C3D-5E55-479A-A0E3-6536401AF8B3}" = rport=137 | protocol=17 | dir=out | app=system | "{F4C25D3B-FDC6-4F24-AABA-86F0D2040BCB}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0364B6D9-972F-4579-80CB-6654E585429C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{04BE6308-B59C-4583-B447-D706A2204CE2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{07DDADF6-DDCE-4C3D-9017-D1DC6ABFB3F4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{0A260E56-AF9A-464D-8FA4-628AA63BCA32}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{0C96342F-6AB4-403C-9BDB-A4FD1C8F37B3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{0E0E5FEE-6D19-47E7-B244-ECFAA5B19EFB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{14E9E78E-503B-4BCD-9352-6F1FBC7AD5BE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{19704FAC-036E-4A5A-A75B-FC534D86FF11}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1BE26089-6BAD-4C34-880B-D5F65BFB2F47}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{2370246A-499D-4134-948E-715937D8EEB4}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{2967CE4E-0D1F-4619-B86C-249AE4A42ACF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{311BC415-47A0-46BA-9E14-522365F9B093}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{327DEDE3-A3DC-4E85-91DE-298D673D9B54}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{36015FE0-D708-4CB6-AC6A-AE79AFCBCDFE}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{3B9AA188-3301-41AA-9229-609B1BB068F5}" = protocol=17 | dir=in | app=c:\users\ken chan\documents\kenstuff\th123\th123e.exe | "{434602CA-C4C7-498C-8421-A0B2E34C0E38}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{63CA0C9D-5699-436D-989D-61EDE0C55E18}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{691E2612-0CD8-44A7-A1D1-3ED965C51E10}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{76DF735D-C6E3-4894-A82E-C6B97B53794E}" = protocol=6 | dir=in | app=c:\users\ken chan\documents\kenstuff\th123\th123e.exe | "{862F0502-3B9F-41F4-A6C5-AFE91A2B5878}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{879C0F94-7409-4C0A-91D1-878EEDD8F215}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{A4FD0F94-6BC7-4302-9431-34B7B61996A7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A8432E01-8784-4A90-B470-E5142BE61373}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{B726EC97-EEF7-4B4E-98B0-1645A1DC8B6A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{BB3897DD-911E-4FD1-8D7F-85653BC3233A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C032C23E-2E06-4974-8A0A-EF65074BBBF4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{CE18C656-F69B-4F3F-A7CB-37A8BBF2D117}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{CE598035-24A8-45B5-B25C-6EDC3EA59880}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D2D33EF3-0A65-4F22-93E4-DC50650D2233}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{DAE9ECD2-5DD4-4368-B6B1-5EFA0383EB1A}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{DC74FFAA-C584-4E0A-8FF8-B247F42C719A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{DD96C0CA-4A49-4540-87E4-5FB6ADD3E8CC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{DE895C23-5403-468A-8494-CB291
  9. log.txt ComboFix 11-02-27.01 - Ken Chan 28/02/2011 4:15.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1015.196 [GMT 9:00] Running from: c:\users\Ken Chan\Desktop\schrauber.exe AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\desktop.ini c:\qvodplayer\QvodPlayer.exe c:\users\Ken Chan\AppData\Roaming\360SE c:\users\Ken Chan\AppData\Roaming\360SE\360SE.ini c:\users\Ken Chan\AppData\Roaming\360SE\data\360sefav.db c:\users\Ken Chan\AppData\Roaming\360SE\data\DailyBackup\360sefav_2010_06_24.favdb c:\users\Ken Chan\AppData\Roaming\360SE\data\history.dat c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\avc.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\cn.bing.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\cz.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\ddt.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\dgcs.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\dh.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\farm.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\hao.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\hero.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\login.live.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\mcsd.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\me.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\plsm.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\poker.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\se.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\search8.taobao.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\shell.windows.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.baidu.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.bing.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.google.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.qihoo.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.rarlab.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.sogou.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.youdao.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\wxfy.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\yahoo.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\zqjl.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\user.dat c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAddons\ExtStats.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAddons\ExtStats.ini.cfg c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAddons\ganzhi.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAddons\recommend.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAdfilter\extadfilter.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtDownload\ExtDownload.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtProxy\proxy.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\Favorites\Favorites.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2010_06_24.log c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\esimple.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\SafeCentral.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\SafeProtect.dat c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\sc.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\urllib.dat c:\users\Ken Chan\AppData\Roaming\360SE\stat.ini c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\system32\AutoRun.inf c:\windows\system32\twunk_32.exe . ((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 ))))))))))))))))))))))))))))))) . 2011-02-27 19:25 . 2011-02-27 19:26 -------- d-----w- c:\users\Ken Chan\AppData\Local\temp 2011-02-27 19:25 . 2011-02-27 19:25 -------- d-----w- c:\users\mom\AppData\Local\temp 2011-02-27 19:25 . 2011-02-27 19:25 -------- d-----w- c:\users\Jaq\AppData\Local\temp 2011-02-27 19:25 . 2011-02-27 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-26 08:28 . 2011-02-26 08:28 -------- d-----w- c:\users\Ken Chan\AppData\Local\AreaZero 2011-02-25 17:05 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EA09348-CA2C-4CAE-AC6B-02047BADE622}\mpengine.dll 2011-02-25 05:21 . 2011-02-25 05:21 -------- d-----w- c:\users\Ken Chan\AppData\Roaming\DivX 2011-02-24 23:30 . 2011-02-24 23:30 -------- d-----w- c:\users\Ken Chan\AppData\Local\DDMSettings 2011-02-24 10:06 . 2011-02-24 10:07 -------- d-----w- c:\program files\Common Files\DivX Shared 2011-02-23 10:40 . 2011-02-23 10:40 -------- d-----w- c:\program files\Blinkx 2011-02-22 09:10 . 2010-01-22 00:56 149456 ----a-w- c:\windows\SGDetectionTool.dll0248.old 2011-02-22 09:10 . 2010-01-22 00:55 767952 ----a-w- c:\windows\BDTSupport.dll0248.old 2011-02-22 09:10 . 2010-01-22 00:56 1652688 ----a-w- c:\windows\PCTBDCore.dll0248.old 2011-02-16 10:43 . 2011-02-16 10:52 -------- d-----w- c:\programdata\KuaiWan 2011-02-14 09:10 . 2011-02-14 09:10 -------- d-----w- c:\users\Jaq\AppData\Roaming\DivX 2011-02-14 09:10 . 2011-02-24 10:08 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2011-02-14 09:05 . 2011-02-24 10:09 -------- d-----w- c:\program files\DivX 2011-02-14 09:05 . 2011-02-24 10:09 -------- d-----w- c:\programdata\DivX 2011-02-10 03:39 . 2011-02-10 03:39 -------- d-----w- c:\program files\Microsoft ATS 2011-02-08 23:39 . 2010-12-18 04:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-02-08 23:39 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll 2011-02-08 23:39 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-02-08 08:49 . 2011-02-14 09:12 -------- d-----w- c:\users\mom\AppData\Local\Google 2011-02-06 01:50 . 2011-02-06 01:50 -------- d-----w- c:\program files\FlyForFantasy 2011-02-02 05:57 . 2009-11-03 22:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll 2011-02-02 05:57 . 2009-11-03 22:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll 2011-02-02 05:10 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-02-02 05:10 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-02-02 05:10 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-02-02 05:10 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-02-02 05:10 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-02-02 05:09 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr 2011-02-02 05:09 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe 2011-02-02 05:07 . 2011-02-02 05:07 -------- d-----w- c:\programdata\Alwil Software 2011-02-02 05:07 . 2011-02-02 05:07 -------- d-----w- c:\program files\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-02 12:40 . 2010-06-24 21:12 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 08:11 . 2011-01-22 20:26 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-12-28 15:55 . 2011-01-12 01:37 413696 ----a-w- c:\windows\system32\odbc32.dll 2010-12-21 02:09 . 2010-06-18 02:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 02:08 . 2010-06-18 02:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-14 14:49 . 2011-01-12 01:37 1169408 ----a-w- c:\windows\system32\sdclt.exe 2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57A19CF8-D82A-2BD6-465F-FD9AF29AF07D}] 2010-06-24 21:44 1184176 ----a-w- c:\qvodplayer\AddIn\QvodAddr.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 133912] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-16 71176] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-22 1183744] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2007-03-29 00:45 176128 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R3 ALSysIO;ALSysIO;c:\users\KENCHA~1\AppData\Local\Temp\ALSysIO.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-30 691696] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712] S3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-08-16 6637056] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2011-02-27 c:\windows\Tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job - c:\windows\system32\msfeedssync.exe [2011-02-08 04:47] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbbaaec&v=6.011.025.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Adblock Plus Pop-up Addon: adblockpopups@jessehakanen.net - %profile%\extensions\adblockpopups@jessehakanen.net . - - - - ORPHANS REMOVED - - - - HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-28 04:26 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2011-02-28 04:30:19 ComboFix-quarantined-files.txt 2011-02-27 19:30 Pre-Run: 74,689,806,336 bytes free Post-Run: 74,805,854,208 bytes free Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - D6DAE43F333473ECBE33B15B93458E35 combofix.txt ComboFix 11-02-27.01 - Ken Chan 28/02/2011 4:15.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1015.196 [GMT 9:00] Running from: c:\users\Ken Chan\Desktop\schrauber.exe AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\desktop.ini c:\qvodplayer\QvodPlayer.exe c:\users\Ken Chan\AppData\Roaming\360SE c:\users\Ken Chan\AppData\Roaming\360SE\360SE.ini c:\users\Ken Chan\AppData\Roaming\360SE\data\360sefav.db c:\users\Ken Chan\AppData\Roaming\360SE\data\DailyBackup\360sefav_2010_06_24.favdb c:\users\Ken Chan\AppData\Roaming\360SE\data\history.dat c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\avc.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\cn.bing.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\cz.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\ddt.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\dgcs.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\dh.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\farm.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\hao.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\hero.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\login.live.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\mcsd.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\me.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\plsm.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\poker.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\se.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\search8.taobao.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\shell.windows.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.baidu.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.bing.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.google.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.qihoo.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.rarlab.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.sogou.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.youdao.com.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\wxfy.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\yahoo.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\zqjl.wan.360.cn.ico c:\users\Ken Chan\AppData\Roaming\360SE\data\user.dat c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAddons\ExtStats.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAddons\ExtStats.ini.cfg c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAddons\ganzhi.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAddons\recommend.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAdfilter\extadfilter.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtDownload\ExtDownload.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtProxy\proxy.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\Favorites\Favorites.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2010_06_24.log c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\esimple.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\SafeCentral.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\SafeProtect.dat c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\sc.ini c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\urllib.dat c:\users\Ken Chan\AppData\Roaming\360SE\stat.ini c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\system32\AutoRun.inf c:\windows\system32\twunk_32.exe . ((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 ))))))))))))))))))))))))))))))) . 2011-02-27 19:25 . 2011-02-27 19:26 -------- d-----w- c:\users\Ken Chan\AppData\Local\temp 2011-02-27 19:25 . 2011-02-27 19:25 -------- d-----w- c:\users\mom\AppData\Local\temp 2011-02-27 19:25 . 2011-02-27 19:25 -------- d-----w- c:\users\Jaq\AppData\Local\temp 2011-02-27 19:25 . 2011-02-27 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-26 08:28 . 2011-02-26 08:28 -------- d-----w- c:\users\Ken Chan\AppData\Local\AreaZero 2011-02-25 17:05 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EA09348-CA2C-4CAE-AC6B-02047BADE622}\mpengine.dll 2011-02-25 05:21 . 2011-02-25 05:21 -------- d-----w- c:\users\Ken Chan\AppData\Roaming\DivX 2011-02-24 23:30 . 2011-02-24 23:30 -------- d-----w- c:\users\Ken Chan\AppData\Local\DDMSettings 2011-02-24 10:06 . 2011-02-24 10:07 -------- d-----w- c:\program files\Common Files\DivX Shared 2011-02-23 10:40 . 2011-02-23 10:40 -------- d-----w- c:\program files\Blinkx 2011-02-22 09:10 . 2010-01-22 00:56 149456 ----a-w- c:\windows\SGDetectionTool.dll0248.old 2011-02-22 09:10 . 2010-01-22 00:55 767952 ----a-w- c:\windows\BDTSupport.dll0248.old 2011-02-22 09:10 . 2010-01-22 00:56 1652688 ----a-w- c:\windows\PCTBDCore.dll0248.old 2011-02-16 10:43 . 2011-02-16 10:52 -------- d-----w- c:\programdata\KuaiWan 2011-02-14 09:10 . 2011-02-14 09:10 -------- d-----w- c:\users\Jaq\AppData\Roaming\DivX 2011-02-14 09:10 . 2011-02-24 10:08 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2011-02-14 09:05 . 2011-02-24 10:09 -------- d-----w- c:\program files\DivX 2011-02-14 09:05 . 2011-02-24 10:09 -------- d-----w- c:\programdata\DivX 2011-02-10 03:39 . 2011-02-10 03:39 -------- d-----w- c:\program files\Microsoft ATS 2011-02-08 23:39 . 2010-12-18 04:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-02-08 23:39 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll 2011-02-08 23:39 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-02-08 08:49 . 2011-02-14 09:12 -------- d-----w- c:\users\mom\AppData\Local\Google 2011-02-06 01:50 . 2011-02-06 01:50 -------- d-----w- c:\program files\FlyForFantasy 2011-02-02 05:57 . 2009-11-03 22:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll 2011-02-02 05:57 . 2009-11-03 22:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll 2011-02-02 05:10 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-02-02 05:10 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-02-02 05:10 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-02-02 05:10 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-02-02 05:10 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-02-02 05:09 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr 2011-02-02 05:09 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe 2011-02-02 05:07 . 2011-02-02 05:07 -------- d-----w- c:\programdata\Alwil Software 2011-02-02 05:07 . 2011-02-02 05:07 -------- d-----w- c:\program files\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-02 12:40 . 2010-06-24 21:12 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 08:11 . 2011-01-22 20:26 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-12-28 15:55 . 2011-01-12 01:37 413696 ----a-w- c:\windows\system32\odbc32.dll 2010-12-21 02:09 . 2010-06-18 02:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 02:08 . 2010-06-18 02:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-14 14:49 . 2011-01-12 01:37 1169408 ----a-w- c:\windows\system32\sdclt.exe 2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57A19CF8-D82A-2BD6-465F-FD9AF29AF07D}] 2010-06-24 21:44 1184176 ----a-w- c:\qvodplayer\AddIn\QvodAddr.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 133912] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-16 71176] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-22 1183744] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2007-03-29 00:45 176128 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R3 ALSysIO;ALSysIO;c:\users\KENCHA~1\AppData\Local\Temp\ALSysIO.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-30 691696] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712] S3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-08-16 6637056] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2011-02-27 c:\windows\Tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job - c:\windows\system32\msfeedssync.exe [2011-02-08 04:47] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbbaaec&v=6.011.025.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Adblock Plus Pop-up Addon: adblockpopups@jessehakanen.net - %profile%\extensions\adblockpopups@jessehakanen.net . - - - - ORPHANS REMOVED - - - - HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-28 04:26 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2011-02-28 04:30:19 ComboFix-quarantined-files.txt 2011-02-27 19:30 Pre-Run: 74,689,806,336 bytes free Post-Run: 74,805,854,208 bytes free Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - D6DAE43F333473ECBE33B15B93458E35
  10. Thanks for helping me Tom OTL.txt OTL logfile created on: 24/02/2011 11:14:52 AM - Run 1 OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Ken Chan\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 1,015.00 Mb Total Physical Memory | 109.00 Mb Available Physical Memory | 11.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141.79 Gb Total Space | 72.96 Gb Free Space | 51.46% Space Free | Partition Type: NTFS Drive D: | 7.25 Gb Total Space | 1.00 Gb Free Space | 13.75% Space Free | Partition Type: NTFS Computer Name: KENCHAN-PC | User Name: Ken Chan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/02/24 11:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe PRC - [2011/01/13 17:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011/01/13 17:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010/12/11 08:24:20 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010/12/11 08:24:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/10/16 17:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/04/17 10:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe PRC - [2009/04/11 15:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009/01/15 09:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2007/03/29 09:45:38 | 000,118,877 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe PRC - [2007/03/29 09:45:34 | 000,270,431 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe PRC - [2007/02/22 11:14:24 | 001,183,744 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe PRC - [2007/02/07 04:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\AEADISRV.EXE PRC - [2006/12/13 15:51:18 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe ========== Modules (SafeList) ========== MOD - [2011/02/24 11:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe MOD - [2011/01/13 17:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll MOD - [2010/09/01 00:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011/01/13 17:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/10/16 17:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/10/06 15:06:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/04/28 23:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009/01/15 09:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008/01/19 16:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/03/29 09:45:38 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2007/03/29 09:45:34 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2007/03/06 02:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007/02/07 04:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2006/12/13 15:51:18 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - [2011/01/13 17:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/01/13 17:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/01/13 17:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/01/13 17:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011/01/13 17:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010/10/11 13:12:15 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi) DRV - [2010/08/16 23:26:29 | 006,637,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel® DRV - [2010/06/30 09:02:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/04/28 23:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2007/06/08 16:14:18 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP) DRV - [2007/06/08 00:04:00 | 001,683,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2007/06/08 00:04:00 | 001,683,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm) DRV - [2007/05/11 19:42:46 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\btwavdt.sys -- (btwavdt) DRV - [2007/05/04 23:11:32 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel® DRV - [2007/03/10 14:49:46 | 000,309,248 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2007/02/26 23:52:22 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2006/12/13 15:51:16 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/12/01 03:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006/11/02 18:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006/11/02 18:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006/11/02 18:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006/11/02 18:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006/11/02 18:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006/11/02 18:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006/11/02 18:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006/11/02 18:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006/11/02 18:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006/11/02 18:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 18:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 18:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006/11/02 18:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006/11/02 18:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 18:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 18:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006/11/02 18:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006/11/02 18:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 18:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006/11/02 18:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006/11/02 18:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006/11/02 18:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006/11/02 18:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006/11/02 18:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 18:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 18:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006/11/02 18:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 18:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006/11/02 18:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 18:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 18:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 18:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006/11/02 18:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006/11/02 18:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006/11/02 18:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006/11/02 17:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 17:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 17:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 17:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 17:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 17:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 16:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS -- (HSF_DPV) DRV - [2006/11/02 16:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006/11/02 16:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS -- (winachsf) DRV - [2006/11/02 16:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 16:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2006/11/02 16:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV) DRV - [2006/06/29 02:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 EE DE 5A E8 D2 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.2 FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbbaaec&v=6.011.025.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared FF - HKLM\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions [2011/02/23 19:40:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/22 18:25:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/24 10:59:28 | 000,000,000 | ---D | M] [2010/06/18 10:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Extensions [2011/02/24 11:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions [2010/06/29 10:37:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/01/24 10:31:41 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2011/02/09 17:06:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/02/21 02:48:06 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\adblockpopups@jessehakanen.net [2011/02/23 08:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/01/03 15:04:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/06/25 06:12:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/03 16:37:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/19 16:45:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010/12/22 18:04:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/02/18 17:31:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2006/09/19 06:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ShopperReports) - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - C:\Program Files\ShopperReports3\bin\3.1.22.0\ShopperReports.dll (SmartShopper Inc.) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (57A19CF8-D82A-2BD6-465F-FD9AF29AF07D Class) - {57A19CF8-D82A-2BD6-465F-FD9AF29AF07D} - C:\QvodPlayer\AddIn\QvodAddr.dll () O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShopperReports3\bin\3.1.22.0\ShopperReports.dll (SmartShopper Inc.) O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShopperReports3\bin\3.1.22.0\ShopperReports.dll (SmartShopper Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Ken Chan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Ken Chan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/09/12 00:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{47fed771-a63c-11df-be67-001a6bbda553}\Shell\AutoRun\command - "" = G:\setupSNK.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/02/24 11:12:36 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe [2011/02/23 19:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Blinkx [2011/02/23 19:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports [2011/02/23 19:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\ShopperReports3 [2011/02/23 10:20:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ken Chan\Desktop\HijackThis.exe [2011/02/22 18:10:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0248.old [2011/02/22 18:10:35 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0248.old [2011/02/16 19:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\KuaiWan [2011/02/14 18:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine [2011/02/14 18:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2011/02/14 18:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2011/02/10 12:45:04 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0 [2011/02/10 12:45:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011/02/10 12:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS [2011/02/06 11:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlyForFantasy [2011/02/06 10:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\FlyForFantasy [2011/02/02 14:57:38 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\System32\D3DX81ab.dll [2011/02/02 14:57:37 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\Documents\Cheat Engine [2011/02/02 14:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2011/02/02 14:10:45 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011/02/02 14:10:44 | 000,294,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011/02/02 14:10:39 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011/02/02 14:10:34 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011/02/02 14:10:19 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011/02/02 14:09:07 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011/02/02 14:09:02 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011/02/02 14:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2011/02/02 14:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2011/01/28 04:45:47 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\Documents\TouHack ========== Files - Modified Within 30 Days ========== [2011/02/24 11:21:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job [2011/02/24 11:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe [2011/02/24 11:06:49 | 000,598,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/02/24 11:06:49 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/02/24 11:01:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/02/24 11:01:03 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/02/24 11:00:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/02/24 10:59:57 | 000,003,035 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011/02/23 18:14:58 | 169,475,556 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/02/23 09:10:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ken Chan\Desktop\HijackThis.exe [2011/02/22 20:18:33 | 001,802,910 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2011/02/22 08:19:05 | 000,005,648 | ---- | M] () -- C:\Users\Ken Chan\AppData\Local\d3d9caps.dat [2011/02/21 13:44:33 | 000,054,630 | ---- | M] () -- C:\Users\Ken Chan\Documents\c04_793x540.png [2011/02/10 12:40:48 | 003,014,656 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl [2011/02/10 12:40:48 | 000,049,152 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf [2011/02/10 12:40:48 | 000,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx [2011/02/10 08:48:03 | 001,695,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/02/07 17:13:42 | 000,031,744 | ---- | M] () -- C:\Users\Ken Chan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/02 14:18:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011/02/02 14:10:52 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011/02/02 10:43:41 | 000,000,000 | ---- | M] () -- C:\Users\Ken Chan\AppData\Local\prvlcl.dat [2011/02/02 09:18:46 | 000,057,897 | ---- | M] () -- C:\Users\Ken Chan\Documents\c12_338x540.png [2011/02/02 09:17:41 | 000,060,160 | ---- | M] () -- C:\Users\Ken Chan\Documents\c06_678x540.png [2011/01/26 03:07:15 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini ========== Files Created - No Company Name ========== [2011/02/23 08:39:30 | 169,475,556 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011/02/22 20:16:32 | 001,802,910 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2011/02/22 18:10:36 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0248.old [2011/02/21 13:44:30 | 000,054,630 | ---- | C] () -- C:\Users\Ken Chan\Documents\c04_793x540.png [2011/02/17 17:21:39 | 000,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job [2011/02/10 12:40:04 | 003,014,656 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl [2011/02/10 12:40:04 | 000,049,152 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf [2011/02/10 12:40:04 | 000,016,384 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx [2011/02/02 14:57:38 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2011/02/02 14:10:52 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011/02/02 09:18:44 | 000,057,897 | ---- | C] () -- C:\Users\Ken Chan\Documents\c12_338x540.png [2011/02/02 09:17:37 | 000,060,160 | ---- | C] () -- C:\Users\Ken Chan\Documents\c06_678x540.png [2010/12/01 11:16:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/10/04 05:35:25 | 000,000,114 | ---- | C] () -- C:\Users\Ken Chan\AppData\Roaming\wklnhst.dat [2010/08/21 03:44:09 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\prvlcl.dat [2010/07/01 09:05:59 | 000,004,355 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010/06/30 09:02:04 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010/06/29 07:11:17 | 000,031,744 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/26 08:19:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010/06/20 06:05:12 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010/06/19 03:31:04 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\FnF4.txt [2010/06/18 10:44:14 | 000,005,648 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\d3d9caps.dat [2010/06/18 10:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\QSwitch.txt [2010/06/18 10:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\DSwitch.txt [2010/06/18 10:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\AtStart.txt [2007/06/08 00:26:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1287.dll [2007/06/08 00:02:10 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007/06/07 23:15:28 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007/02/28 05:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/12/14 15:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006/12/14 15:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006/11/02 21:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 16:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/03/10 08:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll ========== LOP Check ========== [2010/06/24 17:14:33 | 000,000,000 | ---D | M] -- C:\Users\Ken Chan\AppData\Roaming\360safe [2010/06/24 17:14:22 | 000,000,000 | ---D | M] -- C:\Users\Ken Chan\AppData\Roaming\360se [2010/10/18 12:38:45 | 000,000,000 | ---D | M] -- C:\Users\Ken Chan\AppData\Roaming\AVG10 [2011/01/23 03:56:51 | 000,000,000 | ---D | M] -- C:\Users\Ken Chan\AppData\Roaming\BitTorrent [2010/10/06 15:21:27 | 000,000,000 | ---D | M] -- C:\Users\Ken Chan\AppData\Roaming\Notepad++ [2010/08/17 06:20:20 | 000,000,000 | ---D | M] -- C:\Users\Ken Chan\AppData\Roaming\ShanghaiAlice [2010/10/04 05:35:31 | 000,000,000 | ---D | M] -- C:\Users\Ken Chan\AppData\Roaming\Template [2010/10/04 13:43:26 | 000,000,000 | ---D | M] -- C:\Users\Ken Chan\AppData\Roaming\uTorrent [2011/02/24 10:59:57 | 000,032,580 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT [2011/02/24 11:21:59 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %systemroot%\*. /mp /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > extras.txt OTL Extras logfile created on: 24/02/2011 11:14:52 AM - Run 1 OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Ken Chan\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 1,015.00 Mb Total Physical Memory | 109.00 Mb Available Physical Memory | 11.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141.79 Gb Total Space | 72.96 Gb Free Space | 51.46% Space Free | Partition Type: NTFS Drive D: | 7.25 Gb Total Space | 1.00 Gb Free Space | 13.75% Space Free | Partition Type: NTFS Computer Name: KENCHAN-PC | User Name: Ken Chan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{30DD8CC0-AD91-4A6E-8316-77027AB6F3F3}" = lport=137 | protocol=17 | dir=in | app=system | "{5168CAF2-D0CE-4C7E-ABB2-08E2AD0A11F9}" = lport=2869 | protocol=6 | dir=in | app=system | "{57205D2D-E3E6-428D-BC1D-A08D60904E16}" = rport=139 | protocol=6 | dir=out | app=system | "{7A4C907F-DD00-4350-81D8-09BFDA12BEAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{7BD35D0F-3A9A-4096-BE3C-3F63CAB5E4D0}" = lport=139 | protocol=6 | dir=in | app=system | "{964E7711-2C18-47FC-ACD4-53970BC18D19}" = rport=445 | protocol=6 | dir=out | app=system | "{BC78B98C-9C33-4094-BF9F-BF3C04FE5553}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{BDC3822A-CFE3-4935-9627-0C4F5967FF26}" = rport=138 | protocol=17 | dir=out | app=system | "{DC547E59-81E8-4844-A2CD-514398C8A1DA}" = lport=138 | protocol=17 | dir=in | app=system | "{E6D14914-8EBA-4F17-9EA8-78A79621C637}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E83E4C3D-5E55-479A-A0E3-6536401AF8B3}" = rport=137 | protocol=17 | dir=out | app=system | "{F4C25D3B-FDC6-4F24-AABA-86F0D2040BCB}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0364B6D9-972F-4579-80CB-6654E585429C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{04BE6308-B59C-4583-B447-D706A2204CE2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{07DDADF6-DDCE-4C3D-9017-D1DC6ABFB3F4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{0A260E56-AF9A-464D-8FA4-628AA63BCA32}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{0C96342F-6AB4-403C-9BDB-A4FD1C8F37B3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{0E0E5FEE-6D19-47E7-B244-ECFAA5B19EFB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{14E9E78E-503B-4BCD-9352-6F1FBC7AD5BE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{19704FAC-036E-4A5A-A75B-FC534D86FF11}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1BE26089-6BAD-4C34-880B-D5F65BFB2F47}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{2370246A-499D-4134-948E-715937D8EEB4}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{2967CE4E-0D1F-4619-B86C-249AE4A42ACF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{311BC415-47A0-46BA-9E14-522365F9B093}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{327DEDE3-A3DC-4E85-91DE-298D673D9B54}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{36015FE0-D708-4CB6-AC6A-AE79AFCBCDFE}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{3B9AA188-3301-41AA-9229-609B1BB068F5}" = protocol=17 | dir=in | app=c:\users\ken chan\documents\kenstuff\th123\th123e.exe | "{434602CA-C4C7-498C-8421-A0B2E34C0E38}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{63CA0C9D-5699-436D-989D-61EDE0C55E18}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{691E2612-0CD8-44A7-A1D1-3ED965C51E10}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{76DF735D-C6E3-4894-A82E-C6B97B53794E}" = protocol=6 | dir=in | app=c:\users\ken chan\documents\kenstuff\th123\th123e.exe | "{862F0502-3B9F-41F4-A6C5-AFE91A2B5878}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{879C0F94-7409-4C0A-91D1-878EEDD8F215}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{A4FD0F94-6BC7-4302-9431-34B7B61996A7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A8432E01-8784-4A90-B470-E5142BE61373}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{B726EC97-EEF7-4B4E-98B0-1645A1DC8B6A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{BB3897DD-911E-4FD1-8D7F-85653BC3233A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C032C23E-2E06-4974-8A0A-EF65074BBBF4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{CE18C656-F69B-4F3F-A7CB-37A8BBF2D117}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{CE598035-24A8-45B5-B25C-6EDC3EA59880}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D2D33EF3-0A65-4F22-93E4-DC50650D2233}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{DAE9ECD2-5DD4-4368-B6B1-5EFA0383EB1A}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{DC74FFAA-C584-4E0A-8FF8-B247F42C719A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{DD96C0CA-4A49-4540-87E4-5FB6ADD3E8CC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{DE895C23-5403-468A-8494-CB291A55DB82}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{EBB1235D-A370-49F6-BBD7-CDA500AFB944}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{EC877CCC-E1B9-4C10-AC51-3674672D2DD3}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{F0C76492-891F-48F4-B157-81A2C6C8FF06}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "TCP Query User{0E3A3D6C-DAE1-417A-8467-63ED105D4C9E}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | "TCP Query User{3F4710B0-5808-4E5E-9B71-62F95CEB7432}C:\users\ken chan\documents\touhack\dx9ôîòvânâbânâaâôâhâxâëâbâvâà.exe" = protocol=6 | dir=in | app=c:\users\ken chan\documents\touhack\dx9ôîòvânâbânâaâôâhâxâëâbâvâà.exe | "TCP Query User{43220674-5650-4218-92D9-8BD2BCEFA011}C:\users\ken chan\documents\kenstuff\th123\th123.exe" = protocol=6 | dir=in | app=c:\users\ken chan\documents\kenstuff\th123\th123.exe | "TCP Query User{80CC296C-9427-42F0-9ED5-3D9C6D7C7B28}C:\qvodplayer\qvodterminal.exe" = protocol=6 | dir=in | app=c:\qvodplayer\qvodterminal.exe | "TCP Query User{896D46E0-68D8-4E9D-A112-8DED9B831F48}C:\users\ken chan\documents\kenstuff\pofv\th09e.exe" = protocol=6 | dir=in | app=c:\users\ken chan\documents\kenstuff\pofv\th09e.exe | "TCP Query User{897B8262-456F-4C1F-986D-DE856DE10DB4}C:\users\ken chan\documents\touhack\ôîòvânâbânâaâôâhâxâëâbâvâà.exe" = protocol=6 | dir=in | app=c:\users\ken chan\documents\touhack\ôîòvânâbânâaâôâhâxâëâbâvâà.exe | "TCP Query User{AA89F04B-8510-4E0D-AB16-1E9BA5E8DBBB}C:\qvodplayer\qvodterminal.exe" = protocol=6 | dir=in | app=c:\qvodplayer\qvodterminal.exe | "TCP Query User{F7C68BF8-6B65-47F1-9FD9-32644D936BE1}C:\users\ken chan\documents\kenstuff\th123\th123.exe" = protocol=6 | dir=in | app=c:\users\ken chan\documents\kenstuff\th123\th123.exe | "TCP Query User{F9285BFD-23CC-40D3-BB7D-01F84D5D19ED}C:\users\ken chan\documents\touhack\ôîòvânâbânâaâôâhâxâëâbâvâà.exe" = protocol=6 | dir=in | app=c:\users\ken chan\documents\touhack\ôîòvânâbânâaâôâhâxâëâbâvâà.exe | "UDP Query User{1B2E4D73-1683-4D97-979A-6E2A809DA5DF}C:\users\ken chan\documents\touhack\ôîòvânâbânâaâôâhâxâëâbâvâà.exe" = protocol=17 | dir=in | app=c:\users\ken chan\documents\touhack\ôîòvânâbânâaâôâhâxâëâbâvâà.exe | "UDP Query User{2748BDD2-F5CF-43A3-8A7E-3834CF0E2802}C:\users\ken chan\documents\touhack\ôîòvânâbânâaâôâhâxâëâbâvâà.exe" = protocol=17 | dir=in | app=c:\users\ken chan\documents\touhack\ôîòvânâbânâaâôâhâxâëâbâvâà.exe | "UDP Query User{5E8EE3D9-4EB5-41EB-BC6C-676B4DD6559D}C:\users\ken chan\documents\touhack\dx9ôîòvânâbânâaâôâhâxâëâbâvâà.exe" = protocol=17 | dir=in | app=c:\users\ken chan\documents\touhack\dx9ôîòvânâbânâaâôâhâxâëâbâvâà.exe | "UDP Query User{6B91E8BA-3CBD-4623-BBE5-25960B407261}C:\users\ken chan\documents\kenstuff\pofv\th09e.exe" = protocol=17 | dir=in | app=c:\users\ken chan\documents\kenstuff\pofv\th09e.exe | "UDP Query User{707996C6-1D66-4980-A8C5-4993E54CC0C6}C:\users\ken chan\documents\kenstuff\th123\th123.exe" = protocol=17 | dir=in | app=c:\users\ken chan\documents\kenstuff\th123\th123.exe | "UDP Query User{9943F492-59D4-42B3-A311-AD2E61CB8F60}C:\qvodplayer\qvodterminal.exe" = protocol=17 | dir=in | app=c:\qvodplayer\qvodterminal.exe | "UDP Query User{9CB13D5B-66E1-49D8-8464-409B4ADC303B}C:\qvodplayer\qvodterminal.exe" = protocol=17 | dir=in | app=c:\qvodplayer\qvodterminal.exe | "UDP Query User{A7EF6F91-AD10-4E08-90A0-E6BD7E704902}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | "UDP Query User{BB5E7A62-9995-4C8D-B93F-9B1F48E78AFE}C:\users\ken chan\documents\kenstuff\th123\th123.exe" = protocol=17 | dir=in | app=c:\users\ken chan\documents\kenstuff\th123\th123.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{0289B18A-
  11. hi, i'm sorry for bothering all you good people here, but last time with my Trojan Cinmus problem i saw in the virus scan that Baidu was involved and now my Sister had somehow gotten baidu back on my laptop, the trojan isn't here though, and we tried to get rid of it but it keeps coming back onto internet explorer( i use firefox, its my sister who uses IE) and i asked a friend about it, apparently it has something in the registry and she said to do a mbam + HJT scan and post it here, please help me again thank you ~ I delete it off the favrites folder/bar form internet explorer but when i reopen it, it comes back onto the bar Also, i would like some tips of how not to get this again, thank you very much HJT log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:23:56 AM, on 23/02/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Ken Chan\Desktop\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: 57A19CF8-D82A-2BD6-465F-FD9AF29AF07D Class - {57A19CF8-D82A-2BD6-465F-FD9AF29AF07D} - C:\QvodPlayer\AddIn\QvodAddr.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...S.cab109791.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file) O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 9278 bytes Mbam log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5845 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 23/02/2011 10:18:13 AM mbam-log-2011-02-23 (10-17-59).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 350468 Time elapsed: 1 hour(s), 23 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{9F44453E-1E46-4D5C-B57C-112FF2EDAE82} (Spyware.OnlineGames) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\qvodplayer\QvodBand.dll (Spyware.OnlineGames) -> No action taken.
  12. Thank you for helping me, but because of time problems i have, i had already reformatted my laptop...... but i really like to thank you for taking your time trying to help me ^^
  13. GMER results ____________ GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-15 16:48:24 Windows 6.0.6002 Service Pack 2 Running: 4y3imvwn.exe; Driver: C:\Users\HPUSER~1\AppData\Local\Temp\ufryrpoc.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\Explorer.EXE[1096] ntdll.dll!NtProtectVirtualMemory 77C54D34 5 Bytes JMP 00CC000A .text C:\Windows\Explorer.EXE[1096] ntdll.dll!NtWriteVirtualMemory 77C55674 5 Bytes JMP 00CD000A .text C:\Windows\Explorer.EXE[1096] ntdll.dll!KiUserExceptionDispatcher 77C55DC8 5 Bytes JMP 00CB000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3256] ntdll.dll!NtProtectVirtualMemory 77C54D34 5 Bytes JMP 0092000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3256] ntdll.dll!NtWriteVirtualMemory 77C55674 5 Bytes JMP 0093000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3256] ntdll.dll!KiUserExceptionDispatcher 77C55DC8 5 Bytes JMP 0091000A .text C:\Windows\system32\svchost.exe[4240] ntdll.dll!NtProtectVirtualMemory 77C54D34 5 Bytes JMP 005C000A .text C:\Windows\system32\svchost.exe[4240] ntdll.dll!NtWriteVirtualMemory 77C55674 5 Bytes JMP 005D000A .text C:\Windows\system32\svchost.exe[4240] ntdll.dll!KiUserExceptionDispatcher 77C55DC8 5 Bytes JMP 005B000A .text C:\Windows\system32\svchost.exe[4240] ole32.dll!CoCreateInstance 776B9EA6 5 Bytes JMP 00AF000A .text C:\Windows\system32\svchost.exe[4240] USER32.dll!GetCursorPos 762E0B88 5 Bytes JMP 00C5000A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74B67817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74BBA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74B6BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74B5F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74B675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74B5E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74B98395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74B6DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74B5FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74B5FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74B571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74BECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74B8C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74B5D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74B56853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74B5687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74B62AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bae210d Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bbda553 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bbda553@002404918b9c 0x39 0x05 0xEE 0xAF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bbda553@3cf72af3be0d 0x5E 0xC9 0xCE 0xCC ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bae210d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bbda553 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bbda553@002404918b9c 0x39 0x05 0xEE 0xAF ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bbda553@3cf72af3be0d 0x5E 0xC9 0xCE 0xCC ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7D736E8-A08B-EDCE-DF5A-8139E8A47578} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7D736E8-A08B-EDCE-DF5A-8139E8A47578}@halldpnkpgbdocdb 0x6B 0x61 0x61 0x66 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7D736E8-A08B-EDCE-DF5A-8139E8A47578}@ianlmdcleainndfhol 0x6B 0x61 0x6A 0x65 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7D736E8-A08B-EDCE-DF5A-8139E8A47578}@hajondedglablbei 0x61 0x61 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7D736E8-A08B-EDCE-DF5A-8139E8A47578}@hajondedpkdhkhol 0x61 0x61 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7D736E8-A08B-EDCE-DF5A-8139E8A47578}@gaepcfdeahhbbb 0x61 0x63 0x69 0x65 ... ---- EOF - GMER 1.0.15 ----
  14. Hi Tom, Thank you for helping me OTL.txt ________ OTL logfile created on: 15/06/2010 3:32:53 PM - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Hp User\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 1,015.00 Mb Total Physical Memory | 137.00 Mb Available Physical Memory | 14.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 43.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141.79 Gb Total Space | 54.06 Gb Free Space | 38.13% Space Free | Partition Type: NTFS Drive D: | 7.25 Gb Total Space | 1.00 Gb Free Space | 13.75% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HPUSER-PC Current User Name: Hp User Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/06/15 15:30:41 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Hp User\Desktop\OTL.exe PRC - [2010/06/02 15:53:24 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2010/06/02 15:53:07 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/06/02 15:53:06 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010/06/02 15:49:01 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010/06/02 15:48:59 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010/05/14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010/04/23 04:18:05 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2010/04/12 19:19:40 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/04/05 03:07:38 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2010/03/16 10:12:51 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010/03/16 10:11:20 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2010/02/04 04:16:02 | 000,562,568 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\QvodPlayer\QvodTerminal.exe PRC - [2009/12/08 12:27:10 | 001,503,232 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe PRC - [2008/03/25 20:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe PRC - [2008/03/18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2007/12/04 15:13:34 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2007/12/04 15:13:34 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007/03/28 17:45:34 | 000,270,431 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe PRC - [2007/02/21 19:14:24 | 001,183,744 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe PRC - [2007/02/06 12:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\AEADISRV.EXE PRC - [2007/01/24 14:55:27 | 001,007,720 | ---- | M] (TELUS) -- C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe ========== Modules (SafeList) ========== MOD - [2010/06/15 15:30:41 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Hp User\Desktop\OTL.exe MOD - [2010/03/16 10:12:57 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx MOD - [2007/12/04 15:13:14 | 000,208,896 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\BtMmHook.dll MOD - [2007/12/04 15:07:28 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex) SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010/03/22 15:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus® SRV - [2010/03/16 10:12:51 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/03/16 10:11:20 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache) SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2008/10/16 20:12:28 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2008/03/25 21:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2008/03/25 21:25:50 | 000,630,784 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC) SRV - [2008/03/18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2007/03/28 17:45:38 | 000,118,877 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2007/03/28 17:45:34 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2007/03/05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007/02/06 12:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\AEADISRV.EXE -- (AEADIFilters) ========== Driver Services (SafeList) ========== DRV - [2010/06/12 11:57:11 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi) DRV - [2010/06/02 15:53:07 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/06/02 15:53:06 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010/03/16 10:11:19 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009/10/06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009/10/06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009/10/06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009/10/06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel® DRV - [2008/09/30 08:06:12 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\DrmCDriverV32.sys -- (DrmCDriverV32) DRV - [2008/09/30 08:06:12 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\DrmCVideo32.sys -- (DrmCVideo32) DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/04/24 18:26:28 | 000,309,248 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2008/03/28 03:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP) DRV - [2007/12/12 14:12:38 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\btwavdt.sys -- (btwavdt) DRV - [2007/12/12 14:12:38 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\btwaudio.sys -- (btwaudio) DRV - [2007/12/12 14:12:38 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\btwrchid.sys -- (btwrchid) DRV - [2007/10/31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel® DRV - [2007/09/13 23:23:50 | 001,925,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2007/09/13 23:23:50 | 001,925,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm) DRV - [2007/02/26 07:52:22 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2006/11/30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 00:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS -- (HSF_DPV) DRV - [2006/11/02 00:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006/11/02 00:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS -- (winachsf) DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2006/11/02 00:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV) DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=73&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=73&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 EA 6F BB 95 D4 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://ca.msn.com/" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.16 FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 16:31:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/01/04 19:41:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/01/05 06:28:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/23 04:19:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/08 23:18:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/05 18:17:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/27 17:53:26 | 000,000,000 | ---D | M] [2009/10/24 09:32:49 | 000,000,000 | ---D | M] -- C:\Users\Hp User\AppData\Roaming\Mozilla\Extensions [2010/06/14 19:56:56 | 000,000,000 | ---D | M] -- C:\Users\Hp User\AppData\Roaming\Mozilla\Firefox\Profiles\t0xj5cur.default\extensions [2009/10/24 09:34:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hp User\AppData\Roaming\Mozilla\Firefox\Profiles\t0xj5cur.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/04/12 17:37:36 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Hp User\AppData\Roaming\Mozilla\Firefox\Profiles\t0xj5cur.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} [2009/10/27 00:04:31 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Hp User\AppData\Roaming\Mozilla\Firefox\Profiles\t0xj5cur.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2010/06/15 15:24:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/05/27 17:53:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/05/27 17:49:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009/12/10 19:43:17 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll O1 HOSTS File: ([2009/10/26 22:02:46 | 000,001,692 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 4 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (QvodExtend) - {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} - C:\QvodPlayer\QvodExtend.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe (TELUS) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [QvodPlayer] C:\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img25.jpg O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img25.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{8847f291-46a6-11df-891d-001a6bbda553}\Shell - "" = AutoRun O33 - MountPoints2\{8847f291-46a6-11df-891d-001a6bbda553}\Shell\AutoRun\command - "" = G:\DPFMate350.exe -- File not found O33 - MountPoints2\{9c400f52-5239-11dd-9304-001a6bbda553}\Shell\AutoRun\command - "" = F:\.\Recyclcd\Driveinfo.exe -- File not found O33 - MountPoints2\{9c400f52-5239-11dd-9304-001a6bbda553}\Shell\Open\Command - "" = F:\.\Recyclcd\Driveinfo.exe -- File not found O33 - MountPoints2\{dc5cbecf-478c-11dd-b135-001a6bbda553}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\WINDOWS\System32\ias [2008/07/20 22:32:55 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 90 Days ========== [2010/06/15 15:30:29 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Hp User\Desktop\OTL.exe [2010/06/14 20:14:21 | 000,000,000 | ---D | C] -- C:\Users\Hp User\Desktop\HijackThis [2010/06/13 21:20:05 | 000,000,000 | ---D | C] -- C:\Users\Hp User\AppData\Roaming\Malwarebytes [2010/06/13 21:19:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/06/13 21:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/06/13 21:19:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/06/13 21:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/06/12 11:59:04 | 000,000,000 | ---D | C] -- C:\Users\Hp User\AppData\Roaming\Hamachi [2010/06/12 11:57:11 | 000,017,480 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys [2010/06/12 11:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Hamachi [2010/06/12 11:52:40 | 000,000,000 | ---D | C] -- C:\Users\Hp User\{d323741f-406b-4541-bc5f-fe631620bdcc} [2010/06/12 11:27:07 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys [2010/05/25 22:58:07 | 000,000,000 | ---D | C] -- C:\Users\Hp User\Documents\My Downloads [2010/05/21 00:13:35 | 000,000,000 | ---D | C] -- C:\Users\Hp User\Desktop\104NIKON [2010/05/21 00:11:36 | 000,000,000 | ---D | C] -- C:\Users\Hp User\Desktop\103NIKON [2010/05/21 00:09:29 | 000,000,000 | ---D | C] -- C:\Users\Hp User\Desktop\102NIKON [2010/05/21 00:08:21 | 000,000,000 | ---D | C] -- C:\Users\Hp User\Desktop\101NIKON [2010/05/11 21:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\kRO [2010/05/08 10:47:24 | 000,000,000 | ---D | C] -- C:\Users\Hp User\Documents\DS Games [2010/04/23 04:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2010/04/07 23:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Thunder Network ========== Files - Modified Within 90 Days ========== [2010/06/15 15:40:09 | 005,505,024 | -HS- | M] () -- C:\Users\Hp User\ntuser.dat [2010/06/15 15:37:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/06/15 15:37:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/06/15 15:30:41 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Hp User\Desktop\OTL.exe [2010/06/15 15:17:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/06/15 15:17:45 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/06/15 15:17:05 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010/06/15 15:16:59 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn [2010/06/15 15:14:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/06/15 07:08:02 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010/06/15 07:07:14 | 000,065,536 | -HS- | M] () -- C:\Users\Hp User\ntuser.dat{4532301e-bdd8-11de-a0b3-001a6bbda553}.TM.blf [2010/06/15 07:07:13 | 000,524,288 | -HS- | M] () -- C:\Users\Hp User\ntuser.dat{4532301e-bdd8-11de-a0b3-001a6bbda553}.TMContainer00000000000000000001.regtrans-ms [2010/06/15 07:06:25 | 004,284,906 | -H-- | M] () -- C:\Users\Hp User\AppData\Local\IconCache.db [2010/06/15 06:14:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/06/14 19:09:35 | 000,000,000 | ---- | M] () -- C:\Users\Hp User\AppData\Local\prvlcl.dat [2010/06/14 18:26:28 | 061,063,854 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/06/13 21:19:36 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/06/12 11:57:11 | 000,017,480 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys [2010/06/09 21:56:47 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/06/09 21:56:47 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/06/09 21:56:47 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/06/09 21:13:53 | 000,232,427 | ---- | M] () -- C:\Users\Hp User\Documents\The Declaration of Independence.pptx [2010/06/09 15:23:30 | 000,361,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/06/06 16:06:00 | 000,005,252 | ---- | M] () -- C:\Users\Hp User\AppData\Roaming\wklnhst.dat [2010/06/05 12:22:47 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/06/04 16:16:39 | 000,111,104 | ---- | M] () -- C:\Users\Hp User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/02 15:53:07 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2010/06/02 15:53:06 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2010/05/25 23:00:47 | 000,092,992 | ---- | M] () -- C:\Users\Hp User\AppData\Local\GDIPFONTCACHEV1.DAT [2010/05/11 19:12:02 | 000,524,410 | ---- | M] () -- C:\Users\Hp User\Documents\4839 - Pokemon - Soul Silver (USA) (Clean).dsv [2010/05/11 18:18:03 | 000,002,824 | ---- | M] () -- C:\Users\Hp User\Documents\4839 - Pokemon - Soul Silver (USA) (Clean).dct [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/23 04:19:58 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk [2010/04/23 04:18:12 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2010/04/22 00:38:46 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/04/12 22:17:21 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010/04/03 19:05:52 | 134,217,728 | ---- | M] () -- C:\Users\Hp User\Documents\4839 - Pokemon - Soul Silver (USA) (Clean).nds ========== Files Created - No Company Name ========== [2010/06/13 21:19:36 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/06/09 21:13:52 | 000,232,427 | ---- | C] () -- C:\Users\Hp User\Documents\The Declaration of Independence.pptx [2010/05/06 22:01:59 | 000,002,824 | ---- | C] () -- C:\Users\Hp User\Documents\4839 - Pokemon - Soul Silver (USA) (Clean).dct [2010/05/06 21:16:00 | 000,524,410 | ---- | C] () -- C:\Users\Hp User\Documents\4839 - Pokemon - Soul Silver (USA) (Clean).dsv [2010/05/06 21:15:29 | 134,217,728 | ---- | C] () -- C:\Users\Hp User\Documents\4839 - Pokemon - Soul Silver (USA) (Clean).nds [2010/04/23 04:19:58 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk [2010/04/22 00:36:49 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2009/10/27 16:45:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll [2007/12/04 14:55:36 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll [2007/09/13 23:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll [2007/09/13 23:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007/09/13 23:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007/06/07 08:26:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1287.dll [2007/06/07 07:15:28 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll [2007/02/27 13:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/12/13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006/12/13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2010/06/15 15:36:12 | 000,032,574 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2007/07/16 04:43:36 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys [2007/07/16 04:43:37 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys [2007/07/16 04:43:37 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys [2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys [2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys [2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008/03/13 23:22:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008/03/13 23:22:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008/03/13 23:22:45 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll [2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008/01/19 00:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/19 00:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll [2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/19 00:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/19 00:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/19 00:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/19 00:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006/11/02 02:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll [2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < %systemroot%\*. /mp /s > ========== Files - Unicode (All) ========== [2009/07/14 03:11:24 | 000,554,244 | ---- | M] ()(C:\Users\Hp User\Documents\??.mp3) -- C:\Users\Hp User\Documents\淚了.mp3 [2009/07/14 03:11:20 | 000,554,244 | ---- | C] ()(C:\Users\Hp User\Documents\??.mp3) -- C:\Users\Hp User\Documents\淚了.mp3 [2008/10/22 01:06:28 | 001,106,813 | ---- | M] ()(C:\Users\Hp User\Documents\???.mp3) -- C:\Users\Hp User\Documents\迪迪尼.mp3 [2008/10/22 00:55:35 | 001,106,813 | ---- | C] ()(C:\Users\Hp User\Documents\???.mp3) -- C:\Users\Hp User\Documents\迪迪尼.mp3 [2008/09/24 16:49
  15. As i have posted in this thread : http://forums.pcpitstop.com/index.php?showtopic=186539&pid=1686914&st=0entry1686914 a kind person had directed me to here here is my HJT log ________________________ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:16:19 PM, on 14/06/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hp\HP Software Update\hpwuschd2.exe C:\Program Files\Hp\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\ehome\ehtray.exe C:\QvodPlayer\QvodTerminal.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\System32\mobsync.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Hp User\Desktop\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=73&bd=Pavilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: QvodExtend - {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} - C:\QvodPlayer\QvodExtend.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [QvodPlayer] C:\QvodPlayer\QvodTerminal.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Google Update Service (gupdate1c915516f9be0a1) (gupdate1c915516f9be0a1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 12928 bytes and my malware log too ____________________________ Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4195 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 14/06/2010 3:25:26 AM mbam-log-2010-06-14 (03-25-26).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 301703 Time elapsed: 2 hour(s), 58 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 11 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e5d5d4a1-17f0-41d7-b1c6-0979f91e6f46} (Adware.BDSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a7f05ee4-0426-454f-8013-c41e3596e9e9} (Trojan.Cinmus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9f44453e-1e46-4d5c-b57c-112ff2edae82} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{d02e3ab9-7796-40cb-bdfc-20d834fe1f75} (Adware.Baidu) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fcb380c4-d350-44be-8791-50216f4747ac} (Adware.Baidu) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Baidu (Adware.Baidu) -> Quarantined and deleted successfully. C:\Program Files\Baidu\AddressBar (Adware.Baidu) -> Quarantined and deleted successfully. C:\Program Files\Baidu\Toolbar (Adware.Baidu) -> Quarantined and deleted successfully. Files Infected: C:\QvodPlayer\QvodBand.dll (Spyware.OnlineGames) -> Delete on reboot. C:\Program Files\Baidu\AddressBar\ASBarBroker.exe (Adware.Baidu) -> Quarantined and deleted successfully.
×
×
  • Create New...