Jump to content
Sign in to follow this  
EternitySky

Help Get Rid Of Baidu

Recommended Posts

hi, i'm sorry for bothering all you good people here, but last time with my Trojan Cinmus problem i saw in the virus scan that Baidu was involved and now my Sister had somehow gotten baidu back on my laptop, the trojan isn't here though, and we tried to get rid of it but it keeps coming back onto internet explorer( i use firefox, its my sister who uses IE) and i asked a friend about it, apparently it has something in the registry and she said to do a mbam + HJT scan and post it here, please help me again thank you ~

 

I delete it off the favrites folder/bar form internet explorer but when i reopen it, it comes back onto the bar

 

Also, i would like some tips of how not to get this again, thank you very much :D

 

HJT log

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:23:56 AM, on 23/02/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Users\Ken Chan\Desktop\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: 57A19CF8-D82A-2BD6-465F-FD9AF29AF07D Class - {57A19CF8-D82A-2BD6-465F-FD9AF29AF07D} - C:\QvodPlayer\AddIn\QvodAddr.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...S.cab109791.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 9278 bytes

 

Mbam log

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Database version: 5845

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

 

23/02/2011 10:18:13 AM

mbam-log-2011-02-23 (10-17-59).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 350468

Time elapsed: 1 hour(s), 23 minute(s), 33 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{9F44453E-1E46-4D5C-B57C-112FF2EDAE82} (Spyware.OnlineGames) -> No action taken.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\qvodplayer\QvodBand.dll (Spyware.OnlineGames) -> No action taken.

Edited by EternitySky

Share this post


Link to post
Share on other sites

Hello, EternitySky

Welcome to the PcPitstop Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

 

 

 

Please take note of some guidelines for this fix:

  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.

    Click Start, open My Computer, select the Tools menu and click Folder Options.

    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

    Uncheck: Hide file extensions for known file types

    Uncheck the Hide protected operating system files (recommended) option.

    Click Yes to confirm.

 

 

 

 

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Under the Custom Scan box paste this in

    netsvcs

    %SYSTEMDRIVE%\*.exe

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

 

 

 

 

Please download Rootkit Unhooker from one of the following links and save it to your desktop. Link 1 (.exe file) Link 2 (zipped file) Link 3 (.rar file) In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program. Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Share this post


Link to post
Share on other sites

Thanks for helping me Tom :D

 

OTL.txt

 

OTL logfile created on: 24/02/2011 11:14:52 AM - Run 1

OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Ken Chan\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

 

1,015.00 Mb Total Physical Memory | 109.00 Mb Available Physical Memory | 11.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 141.79 Gb Total Space | 72.96 Gb Free Space | 51.46% Space Free | Partition Type: NTFS

Drive D: | 7.25 Gb Total Space | 1.00 Gb Free Space | 13.75% Space Free | Partition Type: NTFS

 

Computer Name: KENCHAN-PC | User Name: Ken Chan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/02/24 11:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe

PRC - [2011/01/13 17:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2011/01/13 17:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/12/11 08:24:20 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/12/11 08:24:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/10/16 17:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/04/17 10:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2009/04/11 15:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2009/01/15 09:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2007/03/29 09:45:38 | 000,118,877 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe

PRC - [2007/03/29 09:45:34 | 000,270,431 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe

PRC - [2007/02/22 11:14:24 | 001,183,744 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe

PRC - [2007/02/07 04:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\AEADISRV.EXE

PRC - [2006/12/13 15:51:18 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011/02/24 11:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe

MOD - [2011/01/13 17:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll

MOD - [2010/09/01 00:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2011/01/13 17:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/10/16 17:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/10/06 15:06:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/04/28 23:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2009/01/15 09:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2008/01/19 16:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/03/29 09:45:38 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2007/03/29 09:45:34 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2007/03/06 02:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

SRV - [2007/02/07 04:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\AEADISRV.EXE -- (AEADIFilters)

SRV - [2006/12/13 15:51:18 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/01/13 17:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/01/13 17:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/01/13 17:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/01/13 17:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011/01/13 17:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/10/11 13:12:15 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2010/08/16 23:26:29 | 006,637,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel®

DRV - [2010/06/30 09:02:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010/04/28 23:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\fssfltr.sys -- (fssfltr)

DRV - [2007/06/08 16:14:18 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2007/06/08 00:04:00 | 001,683,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2007/06/08 00:04:00 | 001,683,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm)

DRV - [2007/05/11 19:42:46 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\btwavdt.sys -- (btwavdt)

DRV - [2007/05/04 23:11:32 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/03/10 14:49:46 | 000,309,248 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV - [2007/02/26 23:52:22 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2006/12/13 15:51:16 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/12/01 03:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)

DRV - [2006/11/02 18:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 18:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 18:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 18:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 18:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 18:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006/11/02 18:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 18:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 18:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 18:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 18:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 18:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 18:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 18:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 18:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 18:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 18:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 18:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 18:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 18:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 18:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 18:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006/11/02 18:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 18:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 18:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 18:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 18:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 18:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 18:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 18:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 18:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 18:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 18:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2006/11/02 18:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2006/11/02 18:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2006/11/02 17:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 17:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 17:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 17:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 17:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 17:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 16:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)

DRV - [2006/11/02 16:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)

DRV - [2006/11/02 16:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS -- (winachsf)

DRV - [2006/11/02 16:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 16:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2006/11/02 16:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)

DRV - [2006/06/29 02:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 EE DE 5A E8 D2 CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: [email protected]:0.2.2

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbbaaec&v=6.011.025.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected]

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions [2011/02/23 19:40:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/22 18:25:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/24 10:59:28 | 000,000,000 | ---D | M]

 

[2010/06/18 10:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Extensions

[2011/02/24 11:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions

[2010/06/29 10:37:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/01/24 10:31:41 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

[2011/02/09 17:06:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/02/21 02:48:06 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\[email protected]

[2011/02/23 08:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/01/03 15:04:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/06/25 06:12:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/03 16:37:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/19 16:45:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/22 18:04:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/02/18 17:31:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

 

O1 HOSTS File: ([2006/09/19 06:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (ShopperReports) - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - C:\Program Files\ShopperReports3\bin\3.1.22.0\ShopperReports.dll (SmartShopper Inc.)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (57A19CF8-D82A-2BD6-465F-FD9AF29AF07D Class) - {57A19CF8-D82A-2BD6-465F-FD9AF29AF07D} - C:\QvodPlayer\AddIn\QvodAddr.dll ()

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShopperReports3\bin\3.1.22.0\ShopperReports.dll (SmartShopper Inc.)

O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShopperReports3\bin\3.1.22.0\ShopperReports.dll (SmartShopper Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\Ken Chan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Ken Chan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/09/12 00:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O33 - MountPoints2\{47fed771-a63c-11df-be67-001a6bbda553}\Shell\AutoRun\command - "" = G:\setupSNK.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/02/24 11:12:36 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe

[2011/02/23 19:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Blinkx

[2011/02/23 19:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports

[2011/02/23 19:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\ShopperReports3

[2011/02/23 10:20:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ken Chan\Desktop\HijackThis.exe

[2011/02/22 18:10:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0248.old

[2011/02/22 18:10:35 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0248.old

[2011/02/16 19:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\KuaiWan

[2011/02/14 18:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine

[2011/02/14 18:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2011/02/14 18:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

[2011/02/10 12:45:04 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0

[2011/02/10 12:45:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2011/02/10 12:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS

[2011/02/06 11:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlyForFantasy

[2011/02/06 10:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\FlyForFantasy

[2011/02/02 14:57:38 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\System32\D3DX81ab.dll

[2011/02/02 14:57:37 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\Documents\Cheat Engine

[2011/02/02 14:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2011/02/02 14:10:45 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2011/02/02 14:10:44 | 000,294,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2011/02/02 14:10:39 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2011/02/02 14:10:34 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2011/02/02 14:10:19 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2011/02/02 14:09:07 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/02/02 14:09:02 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2011/02/02 14:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software

[2011/02/02 14:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2011/01/28 04:45:47 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\Documents\TouHack

 

========== Files - Modified Within 30 Days ==========

 

[2011/02/24 11:21:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job

[2011/02/24 11:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe

[2011/02/24 11:06:49 | 000,598,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/02/24 11:06:49 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/02/24 11:01:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/02/24 11:01:03 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/02/24 11:00:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/02/24 10:59:57 | 000,003,035 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/02/23 18:14:58 | 169,475,556 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/02/23 09:10:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ken Chan\Desktop\HijackThis.exe

[2011/02/22 20:18:33 | 001,802,910 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB

[2011/02/22 08:19:05 | 000,005,648 | ---- | M] () -- C:\Users\Ken Chan\AppData\Local\d3d9caps.dat

[2011/02/21 13:44:33 | 000,054,630 | ---- | M] () -- C:\Users\Ken Chan\Documents\c04_793x540.png

[2011/02/10 12:40:48 | 003,014,656 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl

[2011/02/10 12:40:48 | 000,049,152 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf

[2011/02/10 12:40:48 | 000,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx

[2011/02/10 08:48:03 | 001,695,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/02/07 17:13:42 | 000,031,744 | ---- | M] () -- C:\Users\Ken Chan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/02/02 14:18:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2011/02/02 14:10:52 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/02/02 10:43:41 | 000,000,000 | ---- | M] () -- C:\Users\Ken Chan\AppData\Local\prvlcl.dat

[2011/02/02 09:18:46 | 000,057,897 | ---- | M] () -- C:\Users\Ken Chan\Documents\c12_338x540.png

[2011/02/02 09:17:41 | 000,060,160 | ---- | M] () -- C:\Users\Ken Chan\Documents\c06_678x540.png

[2011/01/26 03:07:15 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

 

========== Files Created - No Company Name ==========

 

[2011/02/23 08:39:30 | 169,475,556 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011/02/22 20:16:32 | 001,802,910 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB

[2011/02/22 18:10:36 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0248.old

[2011/02/21 13:44:30 | 000,054,630 | ---- | C] () -- C:\Users\Ken Chan\Documents\c04_793x540.png

[2011/02/17 17:21:39 | 000,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job

[2011/02/10 12:40:04 | 003,014,656 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl

[2011/02/10 12:40:04 | 000,049,152 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf

[2011/02/10 12:40:04 | 000,016,384 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx

[2011/02/02 14:57:38 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll

[2011/02/02 14:10:52 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/02/02 09:18:44 | 000,057,897 | ---- | C] () -- C:\Users\Ken Chan\Documents\c12_338x540.png

[2011/02/02 09:17:37 | 000,060,160 | ---- | C] () -- C:\Users\Ken Chan\Documents\c06_678x540.png

[2010/12/01 11:16:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/10/04 05:35:25 | 000,000,114 | ---- | C] () -- C:\Users\Ken Chan\AppData\Roaming\wklnhst.dat

[2010/08/21 03:44:09 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\prvlcl.dat

[2010/07/01 09:05:59 | 000,004,355 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010/06/30 09:02:04 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2010/06/29 07:11:17 | 000,031,744 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/26 08:19:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010/06/20 06:05:12 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/06/19 03:31:04 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\FnF4.txt

[2010/06/18 10:44:14 | 000,005,648 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\d3d9caps.dat

[2010/06/18 10:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\QSwitch.txt

[2010/06/18 10:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\DSwitch.txt

[2010/06/18 10:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\AtStart.txt

[2007/06/08 00:26:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1287.dll

[2007/06/08 00:02:10 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007/06/07 23:15:28 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2007/02/28 05:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/12/14 15:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/12/14 15:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/11/02 21:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 16:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/03/10 08:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

 

========== LOP Check ==========

 

[2010/06/24 17:14:33 | 000,000,000 | ---D | M] -- C:\Users\Ken Chan\AppData\Roaming\360safe

[2010/06/24 17:14:22 | 000,000,000 | ---D | M] -- C:\Users\Ken Chan\AppData\Roaming\360se

[2010/10/18 12:38:45 | 000,000,000 | ---D | M] -- C:\Users\Ken Chan\AppData\Roaming\AVG10

[2011/01/23 03:56:51 | 000,000,000 | ---D | M] -- C:\Users\Ken Chan\AppData\Roaming\BitTorrent

[2010/10/06 15:21:27 | 000,000,000 | ---D | M] -- C:\Users\Ken Chan\AppData\Roaming\Notepad++

[2010/08/17 06:20:20 | 000,000,000 | ---D | M] -- C:\Users\Ken Chan\AppData\Roaming\ShanghaiAlice

[2010/10/04 05:35:31 | 000,000,000 | ---D | M] -- C:\Users\Ken Chan\AppData\Roaming\Template

[2010/10/04 13:43:26 | 000,000,000 | ---D | M] -- C:\Users\Ken Chan\AppData\Roaming\uTorrent

[2011/02/24 10:59:57 | 000,032,580 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

[2011/02/24 11:21:59 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

< %systemroot%\*. /mp /s >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

 

< End of report >

 

extras.txt

 

OTL Extras logfile created on: 24/02/2011 11:14:52 AM - Run 1

OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Ken Chan\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

 

1,015.00 Mb Total Physical Memory | 109.00 Mb Available Physical Memory | 11.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 141.79 Gb Total Space | 72.96 Gb Free Space | 51.46% Space Free | Partition Type: NTFS

Drive D: | 7.25 Gb Total Space | 1.00 Gb Free Space | 13.75% Space Free | Partition Type: NTFS

 

Computer Name: KENCHAN-PC | User Name: Ken Chan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{30DD8CC0-AD91-4A6E-8316-77027AB6F3F3}" = lport=137 | protocol=17 | dir=in | app=system |

"{5168CAF2-D0CE-4C7E-ABB2-08E2AD0A11F9}" = lport=2869 | protocol=6 | dir=in | app=system |

"{57205D2D-E3E6-428D-BC1D-A08D60904E16}" = rport=139 | protocol=6 | dir=out | app=system |

"{7A4C907F-DD00-4350-81D8-09BFDA12BEAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{7BD35D0F-3A9A-4096-BE3C-3F63CAB5E4D0}" = lport=139 | protocol=6 | dir=in | app=system |

"{964E7711-2C18-47FC-ACD4-53970BC18D19}" = rport=445 | protocol=6 | dir=out | app=system |

"{BC78B98C-9C33-4094-BF9F-BF3C04FE5553}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{BDC3822A-CFE3-4935-9627-0C4F5967FF26}" = rport=138 | protocol=17 | dir=out | app=system |

"{DC547E59-81E8-4844-A2CD-514398C8A1DA}" = lport=138 | protocol=17 | dir=in | app=system |

"{E6D14914-8EBA-4F17-9EA8-78A79621C637}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{E83E4C3D-5E55-479A-A0E3-6536401AF8B3}" = rport=137 | protocol=17 | dir=out | app=system |

"{F4C25D3B-FDC6-4F24-AABA-86F0D2040BCB}" = lport=445 | protocol=6 | dir=in | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0364B6D9-972F-4579-80CB-6654E585429C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{04BE6308-B59C-4583-B447-D706A2204CE2}" = protocol=58 | dir=in | [email protected],-28545 |

"{07DDADF6-DDCE-4C3D-9017-D1DC6ABFB3F4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{0A260E56-AF9A-464D-8FA4-628AA63BCA32}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{0C96342F-6AB4-403C-9BDB-A4FD1C8F37B3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{0E0E5FEE-6D19-47E7-B244-ECFAA5B19EFB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{14E9E78E-503B-4BCD-9352-6F1FBC7AD5BE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{19704FAC-036E-4A5A-A75B-FC534D86FF11}" = protocol=58 | dir=out | [email protected],-28546 |

"{1BE26089-6BAD-4C34-880B-D5F65BFB2F47}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{2370246A-499D-4134-948E-715937D8EEB4}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{2967CE4E-0D1F-4619-B86C-249AE4A42ACF}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{311BC415-47A0-46BA-9E14-522365F9B093}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{327DEDE3-A3DC-4E85-91DE-298D673D9B54}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{36015FE0-D708-4CB6-AC6A-AE79AFCBCDFE}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{3B9AA188-3301-41AA-9229-609B1BB068F5}" = protocol=17 | dir=in | app=c:\users\ken chan\documents\kenstuff\th123\th123e.exe |

"{434602CA-C4C7-498C-8421-A0B2E34C0E38}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{63CA0C9D-5699-436D-989D-61EDE0C55E18}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{691E2612-0CD8-44A7-A1D1-3ED965C51E10}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{76DF735D-C6E3-4894-A82E-C6B97B53794E}" = protocol=6 | dir=in | app=c:\users\ken chan\documents\kenstuff\th123\th123e.exe |

"{862F0502-3B9F-41F4-A6C5-AFE91A2B5878}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{879C0F94-7409-4C0A-91D1-878EEDD8F215}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{A4FD0F94-6BC7-4302-9431-34B7B61996A7}" = protocol=1 | dir=out | [email protected],-28544 |

"{A8432E01-8784-4A90-B470-E5142BE61373}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{B726EC97-EEF7-4B4E-98B0-1645A1DC8B6A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{BB3897DD-911E-4FD1-8D7F-85653BC3233A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{C032C23E-2E06-4974-8A0A-EF65074BBBF4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{CE18C656-F69B-4F3F-A7CB-37A8BBF2D117}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{CE598035-24A8-45B5-B25C-6EDC3EA59880}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D2D33EF3-0A65-4F22-93E4-DC50650D2233}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{DAE9ECD2-5DD4-4368-B6B1-5EFA0383EB1A}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{DC74FFAA-C584-4E0A-8FF8-B247F42C719A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{DD96C0CA-4A49-4540-87E4-5FB6ADD3E8CC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{DE895C23-5403-468A-8494-CB291A55DB82}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{EBB1235D-A370-49F6-BBD7-CDA500AFB944}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{EC877CCC-E1B9-4C10-AC51-3674672D2DD3}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{F0C76492-891F-48F4-B157-81A2C6C8FF06}" = protocol=1 | dir=in | [email protected],-28543 |

"TCP Query User{0E3A3D6C-DAE1-417A-8467-63ED105D4C9E}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |

"TCP Query User{3F4710B0-5808-4E5E-9B71-62F95CEB7432}C:\users\ken chan\documents\touhack\dx9ôîòvânâbânâaâôâhâxâëâbâvâà.exe" = protocol=6 | dir=in | app=c:\users\ken chan\documents\touhack\dx9ôîòvânâbânâaâôâhâxâëâbâvâà.exe |

"TCP Query User{43220674-5650-4218-92D9-8BD2BCEFA011}C:\users\ken chan\documents\kenstuff\th123\th123.exe" = protocol=6 | dir=in | app=c:\users\ken chan\documents\kenstuff\th123\th123.exe |

"TCP Query User{80CC296C-9427-42F0-9ED5-3D9C6D7C7B28}C:\qvodplayer\qvodterminal.exe" = protocol=6 | dir=in | app=c:\qvodplayer\qvodterminal.exe |

"TCP Query User{896D46E0-68D8-4E9D-A112-8DED9B831F48}C:\users\ken chan\documents\kenstuff\pofv\th09e.exe" = protocol=6 | dir=in | app=c:\users\ken chan\documents\kenstuff\pofv\th09e.exe |

"TCP Query User{897B8262-456F-4C1F-986D-DE856DE10DB4}C:\users\ken chan\documents\touhack\ôîòvânâbânâaâôâhâxâëâbâvâà.exe" = protocol=6 | dir=in | app=c:\users\ken chan\documents\touhack\ôîòvânâbânâaâôâhâxâëâbâvâà.exe |

"TCP Query User{AA89F04B-8510-4E0D-AB16-1E9BA5E8DBBB}C:\qvodplayer\qvodterminal.exe" = protocol=6 | dir=in | app=c:\qvodplayer\qvodterminal.exe |

"TCP Query User{F7C68BF8-6B65-47F1-9FD9-32644D936BE1}C:\users\ken chan\documents\kenstuff\th123\th123.exe" = protocol=6 | dir=in | app=c:\users\ken chan\documents\kenstuff\th123\th123.exe |

"TCP Query User{F9285BFD-23CC-40D3-BB7D-01F84D5D19ED}C:\users\ken chan\documents\touhack\ôîòvânâbânâaâôâhâxâëâbâvâà.exe" = protocol=6 | dir=in | app=c:\users\ken chan\documents\touhack\ôîòvânâbânâaâôâhâxâëâbâvâà.exe |

"UDP Query User{1B2E4D73-1683-4D97-979A-6E2A809DA5DF}C:\users\ken chan\documents\touhack\ôîòvânâbânâaâôâhâxâëâbâvâà.exe" = protocol=17 | dir=in | app=c:\users\ken chan\documents\touhack\ôîòvânâbânâaâôâhâxâëâbâvâà.exe |

"UDP Query User{2748BDD2-F5CF-43A3-8A7E-3834CF0E2802}C:\users\ken chan\documents\touhack\ôîòvânâbânâaâôâhâxâëâbâvâà.exe" = protocol=17 | dir=in | app=c:\users\ken chan\documents\touhack\ôîòvânâbânâaâôâhâxâëâbâvâà.exe |

"UDP Query User{5E8EE3D9-4EB5-41EB-BC6C-676B4DD6559D}C:\users\ken chan\documents\touhack\dx9ôîòvânâbânâaâôâhâxâëâbâvâà.exe" = protocol=17 | dir=in | app=c:\users\ken chan\documents\touhack\dx9ôîòvânâbânâaâôâhâxâëâbâvâà.exe |

"UDP Query User{6B91E8BA-3CBD-4623-BBE5-25960B407261}C:\users\ken chan\documents\kenstuff\pofv\th09e.exe" = protocol=17 | dir=in | app=c:\users\ken chan\documents\kenstuff\pofv\th09e.exe |

"UDP Query User{707996C6-1D66-4980-A8C5-4993E54CC0C6}C:\users\ken chan\documents\kenstuff\th123\th123.exe" = protocol=17 | dir=in | app=c:\users\ken chan\documents\kenstuff\th123\th123.exe |

"UDP Query User{9943F492-59D4-42B3-A311-AD2E61CB8F60}C:\qvodplayer\qvodterminal.exe" = protocol=17 | dir=in | app=c:\qvodplayer\qvodterminal.exe |

"UDP Query User{9CB13D5B-66E1-49D8-8464-409B4ADC303B}C:\qvodplayer\qvodterminal.exe" = protocol=17 | dir=in | app=c:\qvodplayer\qvodterminal.exe |

"UDP Query User{A7EF6F91-AD10-4E08-90A0-E6BD7E704902}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |

"UDP Query User{BB5E7A62-9995-4C8D-B93F-9B1F48E78AFE}C:\users\ken chan\documents\kenstuff\th123\th123.exe" = protocol=17 | dir=in | app=c:\users\ken chan\documents\kenstuff\th123\th123.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{0289B18A-

Share this post


Link to post
Share on other sites

Hi,

 

Please go here and have a look how you can disable your security software.

 

Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.

 

Link 1

Link 2

 

 

 

--------------------------------------------------------------------

 

Double click on the renamed Combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

Posted Image

Click on Yes, to continue scanning for malware.

 

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

 

If you need help, see this link:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Share this post


Link to post
Share on other sites

log.txt

 

ComboFix 11-02-27.01 - Ken Chan 28/02/2011 4:15.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1015.196 [GMT 9:00]

Running from: c:\users\Ken Chan\Desktop\schrauber.exe

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\desktop.ini

c:\qvodplayer\QvodPlayer.exe

c:\users\Ken Chan\AppData\Roaming\360SE

c:\users\Ken Chan\AppData\Roaming\360SE\360SE.ini

c:\users\Ken Chan\AppData\Roaming\360SE\data\360sefav.db

c:\users\Ken Chan\AppData\Roaming\360SE\data\DailyBackup\360sefav_2010_06_24.favdb

c:\users\Ken Chan\AppData\Roaming\360SE\data\history.dat

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\avc.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\cn.bing.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\cz.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\ddt.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\dgcs.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\dh.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\farm.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\hao.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\hero.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\login.live.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\mcsd.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\me.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\plsm.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\poker.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\se.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\search8.taobao.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\shell.windows.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.baidu.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.bing.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.google.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.qihoo.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.rarlab.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.sogou.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.youdao.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\wxfy.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\yahoo.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\zqjl.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\user.dat

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAddons\ExtStats.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAddons\ExtStats.ini.cfg

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAddons\ganzhi.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAddons\recommend.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAdfilter\extadfilter.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtDownload\ExtDownload.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtProxy\proxy.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\Favorites\Favorites.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2010_06_24.log

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\esimple.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\SafeCentral.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\SafeProtect.dat

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\sc.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\urllib.dat

c:\users\Ken Chan\AppData\Roaming\360SE\stat.ini

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\system32\AutoRun.inf

c:\windows\system32\twunk_32.exe

 

.

((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 )))))))))))))))))))))))))))))))

.

 

2011-02-27 19:25 . 2011-02-27 19:26 -------- d-----w- c:\users\Ken Chan\AppData\Local\temp

2011-02-27 19:25 . 2011-02-27 19:25 -------- d-----w- c:\users\mom\AppData\Local\temp

2011-02-27 19:25 . 2011-02-27 19:25 -------- d-----w- c:\users\Jaq\AppData\Local\temp

2011-02-27 19:25 . 2011-02-27 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-26 08:28 . 2011-02-26 08:28 -------- d-----w- c:\users\Ken Chan\AppData\Local\AreaZero

2011-02-25 17:05 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EA09348-CA2C-4CAE-AC6B-02047BADE622}\mpengine.dll

2011-02-25 05:21 . 2011-02-25 05:21 -------- d-----w- c:\users\Ken Chan\AppData\Roaming\DivX

2011-02-24 23:30 . 2011-02-24 23:30 -------- d-----w- c:\users\Ken Chan\AppData\Local\DDMSettings

2011-02-24 10:06 . 2011-02-24 10:07 -------- d-----w- c:\program files\Common Files\DivX Shared

2011-02-23 10:40 . 2011-02-23 10:40 -------- d-----w- c:\program files\Blinkx

2011-02-22 09:10 . 2010-01-22 00:56 149456 ----a-w- c:\windows\SGDetectionTool.dll0248.old

2011-02-22 09:10 . 2010-01-22 00:55 767952 ----a-w- c:\windows\BDTSupport.dll0248.old

2011-02-22 09:10 . 2010-01-22 00:56 1652688 ----a-w- c:\windows\PCTBDCore.dll0248.old

2011-02-16 10:43 . 2011-02-16 10:52 -------- d-----w- c:\programdata\KuaiWan

2011-02-14 09:10 . 2011-02-14 09:10 -------- d-----w- c:\users\Jaq\AppData\Roaming\DivX

2011-02-14 09:10 . 2011-02-24 10:08 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2011-02-14 09:05 . 2011-02-24 10:09 -------- d-----w- c:\program files\DivX

2011-02-14 09:05 . 2011-02-24 10:09 -------- d-----w- c:\programdata\DivX

2011-02-10 03:39 . 2011-02-10 03:39 -------- d-----w- c:\program files\Microsoft ATS

2011-02-08 23:39 . 2010-12-18 04:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-08 23:39 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll

2011-02-08 23:39 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-08 08:49 . 2011-02-14 09:12 -------- d-----w- c:\users\mom\AppData\Local\Google

2011-02-06 01:50 . 2011-02-06 01:50 -------- d-----w- c:\program files\FlyForFantasy

2011-02-02 05:57 . 2009-11-03 22:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll

2011-02-02 05:57 . 2009-11-03 22:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll

2011-02-02 05:10 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-02-02 05:10 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-02-02 05:10 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-02-02 05:10 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-02-02 05:10 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-02-02 05:09 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr

2011-02-02 05:09 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe

2011-02-02 05:07 . 2011-02-02 05:07 -------- d-----w- c:\programdata\Alwil Software

2011-02-02 05:07 . 2011-02-02 05:07 -------- d-----w- c:\program files\Alwil Software

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-02 12:40 . 2010-06-24 21:12 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 08:11 . 2011-01-22 20:26 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-12-28 15:55 . 2011-01-12 01:37 413696 ----a-w- c:\windows\system32\odbc32.dll

2010-12-21 02:09 . 2010-06-18 02:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 02:08 . 2010-06-18 02:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-14 14:49 . 2011-01-12 01:37 1169408 ----a-w- c:\windows\system32\sdclt.exe

2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57A19CF8-D82A-2BD6-465F-FD9AF29AF07D}]

2010-06-24 21:44 1184176 ----a-w- c:\qvodplayer\AddIn\QvodAddr.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 154392]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 133912]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-16 71176]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-22 1183744]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2007-03-29 00:45 176128 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

R3 ALSysIO;ALSysIO;c:\users\KENCHA~1\AppData\Local\Temp\ALSysIO.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-30 691696]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712]

S3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-08-16 6637056]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

 

2011-02-27 c:\windows\Tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job

- c:\windows\system32\msfeedssync.exe [2011-02-08 04:47]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbbaaec&v=6.011.025.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Adblock Plus Pop-up Addon: [email protected] - %profile%\extensions\[email protected]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-28 04:26

Windows 6.0.6002 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2011-02-28 04:30:19

ComboFix-quarantined-files.txt 2011-02-27 19:30

 

Pre-Run: 74,689,806,336 bytes free

Post-Run: 74,805,854,208 bytes free

 

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5

- - End Of File - - D6DAE43F333473ECBE33B15B93458E35

 

 

combofix.txt

 

ComboFix 11-02-27.01 - Ken Chan 28/02/2011 4:15.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1015.196 [GMT 9:00]

Running from: c:\users\Ken Chan\Desktop\schrauber.exe

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\desktop.ini

c:\qvodplayer\QvodPlayer.exe

c:\users\Ken Chan\AppData\Roaming\360SE

c:\users\Ken Chan\AppData\Roaming\360SE\360SE.ini

c:\users\Ken Chan\AppData\Roaming\360SE\data\360sefav.db

c:\users\Ken Chan\AppData\Roaming\360SE\data\DailyBackup\360sefav_2010_06_24.favdb

c:\users\Ken Chan\AppData\Roaming\360SE\data\history.dat

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\avc.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\cn.bing.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\cz.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\ddt.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\dgcs.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\dh.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\farm.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\hao.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\hero.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\login.live.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\mcsd.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\me.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\plsm.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\poker.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\se.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\search8.taobao.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\shell.windows.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.baidu.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.bing.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.google.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.qihoo.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.rarlab.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.sogou.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\www.youdao.com.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\wxfy.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\yahoo.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\ico\zqjl.wan.360.cn.ico

c:\users\Ken Chan\AppData\Roaming\360SE\data\user.dat

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAddons\ExtStats.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAddons\ExtStats.ini.cfg

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAddons\ganzhi.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAddons\recommend.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtAdfilter\extadfilter.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtDownload\ExtDownload.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\ExtProxy\proxy.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\Favorites\Favorites.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2010_06_24.log

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\esimple.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\SafeCentral.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\SafeProtect.dat

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\sc.ini

c:\users\Ken Chan\AppData\Roaming\360SE\extensions\SafeCentral\urllib.dat

c:\users\Ken Chan\AppData\Roaming\360SE\stat.ini

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\system32\AutoRun.inf

c:\windows\system32\twunk_32.exe

 

.

((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 )))))))))))))))))))))))))))))))

.

 

2011-02-27 19:25 . 2011-02-27 19:26 -------- d-----w- c:\users\Ken Chan\AppData\Local\temp

2011-02-27 19:25 . 2011-02-27 19:25 -------- d-----w- c:\users\mom\AppData\Local\temp

2011-02-27 19:25 . 2011-02-27 19:25 -------- d-----w- c:\users\Jaq\AppData\Local\temp

2011-02-27 19:25 . 2011-02-27 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-26 08:28 . 2011-02-26 08:28 -------- d-----w- c:\users\Ken Chan\AppData\Local\AreaZero

2011-02-25 17:05 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EA09348-CA2C-4CAE-AC6B-02047BADE622}\mpengine.dll

2011-02-25 05:21 . 2011-02-25 05:21 -------- d-----w- c:\users\Ken Chan\AppData\Roaming\DivX

2011-02-24 23:30 . 2011-02-24 23:30 -------- d-----w- c:\users\Ken Chan\AppData\Local\DDMSettings

2011-02-24 10:06 . 2011-02-24 10:07 -------- d-----w- c:\program files\Common Files\DivX Shared

2011-02-23 10:40 . 2011-02-23 10:40 -------- d-----w- c:\program files\Blinkx

2011-02-22 09:10 . 2010-01-22 00:56 149456 ----a-w- c:\windows\SGDetectionTool.dll0248.old

2011-02-22 09:10 . 2010-01-22 00:55 767952 ----a-w- c:\windows\BDTSupport.dll0248.old

2011-02-22 09:10 . 2010-01-22 00:56 1652688 ----a-w- c:\windows\PCTBDCore.dll0248.old

2011-02-16 10:43 . 2011-02-16 10:52 -------- d-----w- c:\programdata\KuaiWan

2011-02-14 09:10 . 2011-02-14 09:10 -------- d-----w- c:\users\Jaq\AppData\Roaming\DivX

2011-02-14 09:10 . 2011-02-24 10:08 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2011-02-14 09:05 . 2011-02-24 10:09 -------- d-----w- c:\program files\DivX

2011-02-14 09:05 . 2011-02-24 10:09 -------- d-----w- c:\programdata\DivX

2011-02-10 03:39 . 2011-02-10 03:39 -------- d-----w- c:\program files\Microsoft ATS

2011-02-08 23:39 . 2010-12-18 04:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-08 23:39 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll

2011-02-08 23:39 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-08 08:49 . 2011-02-14 09:12 -------- d-----w- c:\users\mom\AppData\Local\Google

2011-02-06 01:50 . 2011-02-06 01:50 -------- d-----w- c:\program files\FlyForFantasy

2011-02-02 05:57 . 2009-11-03 22:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll

2011-02-02 05:57 . 2009-11-03 22:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll

2011-02-02 05:10 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-02-02 05:10 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-02-02 05:10 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-02-02 05:10 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-02-02 05:10 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-02-02 05:09 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr

2011-02-02 05:09 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe

2011-02-02 05:07 . 2011-02-02 05:07 -------- d-----w- c:\programdata\Alwil Software

2011-02-02 05:07 . 2011-02-02 05:07 -------- d-----w- c:\program files\Alwil Software

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-02 12:40 . 2010-06-24 21:12 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 08:11 . 2011-01-22 20:26 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-12-28 15:55 . 2011-01-12 01:37 413696 ----a-w- c:\windows\system32\odbc32.dll

2010-12-21 02:09 . 2010-06-18 02:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 02:08 . 2010-06-18 02:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-14 14:49 . 2011-01-12 01:37 1169408 ----a-w- c:\windows\system32\sdclt.exe

2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57A19CF8-D82A-2BD6-465F-FD9AF29AF07D}]

2010-06-24 21:44 1184176 ----a-w- c:\qvodplayer\AddIn\QvodAddr.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 154392]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 133912]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-16 71176]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-22 1183744]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2007-03-29 00:45 176128 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

R3 ALSysIO;ALSysIO;c:\users\KENCHA~1\AppData\Local\Temp\ALSysIO.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-30 691696]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712]

S3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-08-16 6637056]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

 

2011-02-27 c:\windows\Tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job

- c:\windows\system32\msfeedssync.exe [2011-02-08 04:47]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbbaaec&v=6.011.025.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Adblock Plus Pop-up Addon: [email protected] - %profile%\extensions\[email protected]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-28 04:26

Windows 6.0.6002 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2011-02-28 04:30:19

ComboFix-quarantined-files.txt 2011-02-27 19:30

 

Pre-Run: 74,689,806,336 bytes free

Post-Run: 74,805,854,208 bytes free

 

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5

- - End Of File - - D6DAE43F333473ECBE33B15B93458E35

Share this post


Link to post
Share on other sites

Hi,

 

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.

 

 

 

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

 

 

 

 

Please open OTL, set the extra registry tab to use safe list and hit the run scan button, post back with the 2 logfiles.

Share this post


Link to post
Share on other sites

My IE didnt let me connect to that site, it said something about being loged in... >.<;;

 

MbaM log

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Database version: 5908

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

 

01/03/2011 9:10:04 AM

mbam-log-2011-03-01 (09-09-52).txt

 

Scan type: Quick scan

Objects scanned: 179893

Time elapsed: 4 minute(s), 54 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\Users\mom\downloads\xvidsetup(3).exe (Adware.Hotbar) -> No action taken.

 

 

OTL.txt

 

OTL logfile created on: 01/03/2011 9:12:49 AM - Run 2

OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Ken Chan\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

 

1,015.00 Mb Total Physical Memory | 206.00 Mb Available Physical Memory | 20.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 141.79 Gb Total Space | 69.63 Gb Free Space | 49.11% Space Free | Partition Type: NTFS

Drive D: | 7.25 Gb Total Space | 1.00 Gb Free Space | 13.75% Space Free | Partition Type: NTFS

 

Computer Name: KENCHAN-PC | User Name: Ken Chan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/02/24 11:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe

PRC - [2011/02/15 10:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2011/01/13 17:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2011/01/13 17:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/12/11 08:24:20 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/12/11 08:24:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/10/16 17:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/04/17 10:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2009/04/11 15:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2009/01/15 09:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2007/03/29 09:45:38 | 000,118,877 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe

PRC - [2007/03/29 09:45:34 | 000,270,431 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe

PRC - [2007/02/22 11:14:24 | 001,183,744 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe

PRC - [2007/02/07 04:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\AEADISRV.EXE

PRC - [2006/12/13 15:51:18 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011/02/24 11:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe

MOD - [2011/01/13 17:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll

MOD - [2010/09/01 00:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2011/01/13 17:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/10/16 17:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/10/06 15:06:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/04/28 23:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2009/01/15 09:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2008/01/19 16:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/03/29 09:45:38 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2007/03/29 09:45:34 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2007/03/06 02:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

SRV - [2007/02/07 04:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\AEADISRV.EXE -- (AEADIFilters)

SRV - [2006/12/13 15:51:18 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/01/13 17:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/01/13 17:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/01/13 17:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/01/13 17:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011/01/13 17:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/10/11 13:12:15 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2010/08/16 23:26:29 | 006,637,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel®

DRV - [2010/06/30 09:02:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010/04/28 23:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\fssfltr.sys -- (fssfltr)

DRV - [2007/06/08 16:14:18 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2007/06/08 00:04:00 | 001,683,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2007/06/08 00:04:00 | 001,683,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm)

DRV - [2007/05/11 19:42:46 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\btwavdt.sys -- (btwavdt)

DRV - [2007/05/04 23:11:32 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/03/10 14:49:46 | 000,309,248 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV - [2007/02/26 23:52:22 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2006/12/13 15:51:16 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/12/01 03:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)

DRV - [2006/11/02 18:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 18:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 18:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 18:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 18:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 18:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006/11/02 18:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 18:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 18:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 18:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 18:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 18:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 18:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 18:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 18:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 18:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 18:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 18:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 18:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 18:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 18:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 18:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006/11/02 18:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 18:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 18:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 18:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 18:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 18:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 18:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 18:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 18:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 18:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 18:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2006/11/02 18:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2006/11/02 18:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2006/11/02 17:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 17:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 17:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 17:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 17:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 17:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 16:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)

DRV - [2006/11/02 16:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)

DRV - [2006/11/02 16:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS -- (winachsf)

DRV - [2006/11/02 16:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 16:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2006/11/02 16:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)

DRV - [2006/06/29 02:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 EE DE 5A E8 D2 CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: [email protected]:0.2.2

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbbaaec&v=6.011.025.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected]

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/24 19:09:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/24 19:09:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/22 18:25:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/24 18:18:33 | 000,000,000 | ---D | M]

 

[2010/06/18 10:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Extensions

[2011/02/28 14:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions

[2010/06/29 10:37:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/01/24 10:31:41 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

[2011/02/09 17:06:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/02/21 02:48:06 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\[email protected]

[2011/02/23 08:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/01/03 15:04:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/06/25 06:12:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/03 16:37:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/19 16:45:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/22 18:04:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/02/18 17:31:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

 

O1 HOSTS File: ([2011/02/28 04:26:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (57A19CF8-D82A-2BD6-465F-FD9AF29AF07D Class) - {57A19CF8-D82A-2BD6-465F-FD9AF29AF07D} - C:\QvodPlayer\AddIn\QvodAddr.dll ()

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\Ken Chan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Ken Chan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/09/12 00:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/02/28 04:30:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/02/28 04:30:23 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/02/28 04:30:22 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Local\temp

[2011/02/28 04:11:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/02/28 04:11:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/02/28 04:11:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/02/28 04:10:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/02/28 04:10:54 | 000,000,000 | ---D | C] -- C:\schrauber

[2011/02/28 04:06:13 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/02/28 04:05:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011/02/26 17:28:16 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Local\AreaZero

[2011/02/25 14:21:14 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Roaming\DivX

[2011/02/25 08:30:31 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Local\DDMSettings

[2011/02/24 19:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus

[2011/02/24 19:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared

[2011/02/24 16:16:13 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\Documents\Updater5

[2011/02/24 11:12:36 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe

[2011/02/23 19:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Blinkx

[2011/02/23 10:20:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ken Chan\Desktop\HijackThis.exe

[2011/02/22 18:10:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0248.old

[2011/02/22 18:10:35 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0248.old

[2011/02/18 17:31:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/02/18 17:31:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/02/18 17:31:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/02/16 19:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\KuaiWan

[2011/02/14 18:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine

[2011/02/14 18:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2011/02/14 18:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

[2011/02/10 12:45:04 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0

[2011/02/10 12:45:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2011/02/10 12:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS

[2011/02/09 08:40:49 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/02/09 08:40:36 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011/02/09 08:40:35 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2011/02/09 08:40:09 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011/02/09 08:40:09 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011/02/09 08:40:07 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2011/02/09 08:40:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011/02/09 08:40:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011/02/09 08:40:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011/02/09 08:40:03 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011/02/09 08:40:03 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011/02/09 08:40:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011/02/09 08:40:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011/02/09 08:40:02 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011/02/09 08:40:01 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011/02/09 08:40:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011/02/09 08:40:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011/02/09 08:39:55 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011/02/09 08:39:54 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/02/09 08:39:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011/02/09 08:39:34 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011/02/09 08:39:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011/02/06 11:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlyForFantasy

[2011/02/06 10:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\FlyForFantasy

[2011/02/02 14:57:38 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\System32\D3DX81ab.dll

[2011/02/02 14:57:37 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\Documents\Cheat Engine

[2011/02/02 14:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2011/02/02 14:10:45 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2011/02/02 14:10:44 | 000,294,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2011/02/02 14:10:39 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2011/02/02 14:10:34 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2011/02/02 14:10:19 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2011/02/02 14:09:07 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/02/02 14:09:02 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2011/02/02 14:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software

[2011/02/02 14:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

 

========== Files - Modified Within 30 Days ==========

 

[2011/03/01 09:17:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job

[2011/03/01 08:17:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/03/01 08:17:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/03/01 08:17:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/02/28 17:46:22 | 000,003,035 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/02/28 16:34:39 | 000,000,392 | ---- | M] () -- C:\Users\Ken Chan\AppData\Roaming\wklnhst.dat

[2011/02/28 14:48:58 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/02/28 14:48:58 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/02/28 04:34:20 | 000,002,383 | ---- | M] () -- C:\Users\Ken Chan\Desktop\Skype.lnk

[2011/02/28 04:26:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/02/28 04:03:53 | 004,276,140 | R--- | M] () -- C:\Users\Ken Chan\Desktop\schrauber.exe

[2011/02/24 11:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe

[2011/02/23 09:10:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ken Chan\Desktop\HijackThis.exe

[2011/02/22 20:18:33 | 001,802,910 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB

[2011/02/22 08:19:05 | 000,005,648 | ---- | M] () -- C:\Users\Ken Chan\AppData\Local\d3d9caps.dat

[2011/02/21 13:44:33 | 000,054,630 | ---- | M] () -- C:\Users\Ken Chan\Documents\c04_793x540.png

[2011/02/10 12:40:48 | 003,014,656 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl

[2011/02/10 12:40:48 | 000,049,152 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf

[2011/02/10 12:40:48 | 000,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx

[2011/02/10 08:48:03 | 001,695,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/02/07 17:13:42 | 000,031,744 | ---- | M] () -- C:\Users\Ken Chan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/02/02 21:40:39 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/02/02 21:40:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/02/02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/02/02 21:40:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2011/02/02 14:18:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2011/02/02 14:10:52 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/02/02 10:43:41 | 000,000,000 | ---- | M] () -- C:\Users\Ken Chan\AppData\Local\prvlcl.dat

[2011/02/02 09:18:46 | 000,057,897 | ---- | M] () -- C:\Users\Ken Chan\Documents\c12_338x540.png

[2011/02/02 09:17:41 | 000,060,160 | ---- | M] () -- C:\Users\Ken Chan\Documents\c06_678x540.png

 

========== Files Created - No Company Name ==========

 

[2011/02/28 04:11:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011/02/28 04:11:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/02/28 04:11:08 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011/02/28 04:11:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/02/28 04:11:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/02/28 04:03:29 | 004,276,140 | R--- | C] () -- C:\Users\Ken Chan\Desktop\schrauber.exe

[2011/02/24 11:27:30 | 000,133,632 | ---- | C] () -- C:\Users\Ken Chan\Desktop\RKUnhookerLE.EXE

[2011/02/22 20:16:32 | 001,802,910 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB

[2011/02/22 18:10:36 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0248.old

[2011/02/21 13:44:30 | 000,054,630 | ---- | C] () -- C:\Users\Ken Chan\Documents\c04_793x540.png

[2011/02/17 17:21:39 | 000,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job

[2011/02/10 12:40:04 | 003,014,656 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl

[2011/02/10 12:40:04 | 000,049,152 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf

[2011/02/10 12:40:04 | 000,016,384 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx

[2011/02/02 14:57:38 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll

[2011/02/02 14:10:52 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/02/02 09:18:44 | 000,057,897 | ---- | C] () -- C:\Users\Ken Chan\Documents\c12_338x540.png

[2011/02/02 09:17:37 | 000,060,160 | ---- | C] () -- C:\Users\Ken Chan\Documents\c06_678x540.png

[2010/12/01 11:16:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/10/04 05:35:25 | 000,000,392 | ---- | C] () -- C:\Users\Ken Chan\AppData\Roaming\wklnhst.dat

[2010/08/21 03:44:09 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\prvlcl.dat

[2010/07/01 09:05:59 | 000,004,355 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010/06/30 09:02:04 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2010/06/29 07:11:17 | 000,031,744 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/26 08:19:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010/06/20 06:05:12 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/06/19 03:31:04 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\FnF4.txt

[2010/06/18 10:44:14 | 000,005,648 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\d3d9caps.dat

[2010/06/18 10:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\QSwitch.txt

[2010/06/18 10:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\DSwitch.txt

[2010/06/18 10:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\AtStart.txt

[2007/06/08 00:26:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1287.dll

[2007/06/08 00:02:10 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007/06/07 23:15:28 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2007/02/28 05:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/12/14 15:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/12/14 15:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/11/02 21:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 16:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/03/10 08:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

 

< End of report >

 

extras.txt

 

OTL Extras logfile created on: 01/03/2011 9:12:49 AM - Run 2

OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Ken Chan\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

 

1,015.00 Mb Total Physical Memory | 206.00 Mb Available Physical Memory | 20.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 141.79 Gb Total Space | 69.63 Gb Free Space | 49.11% Space Free | Partition Type: NTFS

Drive D: | 7.25 Gb Total Space | 1.00 Gb Free Space | 13.75% Space Free | Partition Type: NTFS

 

Computer Name: KENCHAN-PC | User Name: Ken Chan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{30DD8CC0-AD91-4A6E-8316-77027AB6F3F3}" = lport=137 | protocol=17 | dir=in | app=system |

"{5168CAF2-D0CE-4C7E-ABB2-08E2AD0A11F9}" = lport=2869 | protocol=6 | dir=in | app=system |

"{57205D2D-E3E6-428D-BC1D-A08D60904E16}" = rport=139 | protocol=6 | dir=out | app=system |

"{7A4C907F-DD00-4350-81D8-09BFDA12BEAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{7BD35D0F-3A9A-4096-BE3C-3F63CAB5E4D0}" = lport=139 | protocol=6 | dir=in | app=system |

"{964E7711-2C18-47FC-ACD4-53970BC18D19}" = rport=445 | protocol=6 | dir=out | app=system |

"{BC78B98C-9C33-4094-BF9F-BF3C04FE5553}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{BDC3822A-CFE3-4935-9627-0C4F5967FF26}" = rport=138 | protocol=17 | dir=out | app=system |

"{DC547E59-81E8-4844-A2CD-514398C8A1DA}" = lport=138 | protocol=17 | dir=in | app=system |

"{E6D14914-8EBA-4F17-9EA8-78A79621C637}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{E83E4C3D-5E55-479A-A0E3-6536401AF8B3}" = rport=137 | protocol=17 | dir=out | app=system |

"{F4C25D3B-FDC6-4F24-AABA-86F0D2040BCB}" = lport=445 | protocol=6 | dir=in | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0364B6D9-972F-4579-80CB-6654E585429C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{04BE6308-B59C-4583-B447-D706A2204CE2}" = protocol=58 | dir=in | [email protected],-28545 |

"{07DDADF6-DDCE-4C3D-9017-D1DC6ABFB3F4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{0A260E56-AF9A-464D-8FA4-628AA63BCA32}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{0C96342F-6AB4-403C-9BDB-A4FD1C8F37B3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{0E0E5FEE-6D19-47E7-B244-ECFAA5B19EFB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{14E9E78E-503B-4BCD-9352-6F1FBC7AD5BE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{19704FAC-036E-4A5A-A75B-FC534D86FF11}" = protocol=58 | dir=out | [email protected],-28546 |

"{1BE26089-6BAD-4C34-880B-D5F65BFB2F47}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{2370246A-499D-4134-948E-715937D8EEB4}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{2967CE4E-0D1F-4619-B86C-249AE4A42ACF}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{311BC415-47A0-46BA-9E14-522365F9B093}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{327DEDE3-A3DC-4E85-91DE-298D673D9B54}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{36015FE0-D708-4CB6-AC6A-AE79AFCBCDFE}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{3B9AA188-3301-41AA-9229-609B1BB068F5}" = protocol=17 | dir=in | app=c:\users\ken chan\documents\kenstuff\th123\th123e.exe |

"{434602CA-C4C7-498C-8421-A0B2E34C0E38}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{63CA0C9D-5699-436D-989D-61EDE0C55E18}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{691E2612-0CD8-44A7-A1D1-3ED965C51E10}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{76DF735D-C6E3-4894-A82E-C6B97B53794E}" = protocol=6 | dir=in | app=c:\users\ken chan\documents\kenstuff\th123\th123e.exe |

"{862F0502-3B9F-41F4-A6C5-AFE91A2B5878}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{879C0F94-7409-4C0A-91D1-878EEDD8F215}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{A4FD0F94-6BC7-4302-9431-34B7B61996A7}" = protocol=1 | dir=out | [email protected],-28544 |

"{A8432E01-8784-4A90-B470-E5142BE61373}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{B726EC97-EEF7-4B4E-98B0-1645A1DC8B6A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{BB3897DD-911E-4FD1-8D7F-85653BC3233A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{C032C23E-2E06-4974-8A0A-EF65074BBBF4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{CE18C656-F69B-4F3F-A7CB-37A8BBF2D117}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{CE598035-24A8-45B5-B25C-6EDC3EA59880}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D2D33EF3-0A65-4F22-93E4-DC50650D2233}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{DAE9ECD2-5DD4-4368-B6B1-5EFA0383EB1A}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{DC74FFAA-C584-4E0A-8FF8-B247F42C719A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{DD96C0CA-4A49-4540-87E4-5FB6ADD3E8CC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{DE895C23-5403-468A-8494-CB291

Share this post


Link to post
Share on other sites

No not yet, because i wasn't sure about it yet if it messes up this process, if i actually need to i'll go delete now.

 

[EDIT]

 

so i just deleted the 2 things,

 

Log before

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Database version: 5908

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

 

01/03/2011 4:10:13 PM

mbam-log-2011-03-01 (16-10-13).txt

 

Scan type: Quick scan

Objects scanned: 179986

Time elapsed: 7 minute(s), 12 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\Users\mom\downloads\xvidsetup(3).exe (Adware.Hotbar) -> Quarantined and deleted successfully.

 

 

Log after:

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Database version: 5922

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

 

01/03/2011 4:25:25 PM

mbam-log-2011-03-01 (16-25-25).txt

 

Scan type: Quick scan

Objects scanned: 180006

Time elapsed: 6 minute(s), 1 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

the scans have nothing coming up, but the baidu favorites page still keeps returning after deleting it.

 

[EDIT2]

after i scanned i noticed there were 2 items in my "ignore list" that i never remembered adding, after removing it form the list i did a full scan and heres the logs.

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Database version: 5922

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

 

01/03/2011 6:12:23 PM

mbam-log-2011-03-01 (18-12-23).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 352745

Time elapsed: 1 hour(s), 29 minute(s), 45 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{9F44453E-1E46-4D5C-B57C-112FF2EDAE82} (Spyware.OnlineGames) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\qvodplayer\QvodBand.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

 

both items are now deleted.

Edited by EternitySky

Share this post


Link to post
Share on other sites

Ok, please try this Onlinescan:

 

 

Please run a BitDefender Online Scan

  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

 

 

How is it running now?

Share this post


Link to post
Share on other sites

QuickScan Beta 32-bit v0.9.9.52

-------------------------------

Scan date: Thu Mar 03 15:56:44 2011

Machine ID: F8E555FD

 

System32\Drivers\sptd.sys - could not be scanned

--> HKLM\System\ControlSet002\services\sptd\"ImagePath"

 

No infection found.

-------------------

 

 

 

Processes

---------

(verified) avast! Antivirus 3332 C:\Program Files\Alwil Software\Avast5\AvastUI.exe

(verified) DivX Update 3544 C:\Program Files\DivX\DivX Update\DivXUpdate.exe

(verified) Firefox 2204 C:\Program Files\Mozilla Firefox\firefox.exe

(verified) hp digital imaging - hp all-in-one seri 3176 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

(verified) Intel® Common User Interface 2960 C:\WINDOWS\System32\hkcmd.exe

(verified) Intel® Common User Interface 2996 C:\WINDOWS\System32\igfxpers.exe

(verified) Intel® Common User Interface 3268 C:\WINDOWS\System32\igfxsrvc.exe

(verified) Java Platform SE Auto Updater 2 0 3400 C:\Program Files\Common Files\Java\Java Update\jusched.exe

(verified) Microsoft® Windows® Operating System 3648 C:\Program Files\Windows Media Player\wmpnscfg.exe

(verified) Microsoft® Windows® Operating System 3228 C:\Program Files\Windows Sidebar\sidebar.exe

(verified) Microsoft® Windows® Operating System 3636 C:\Program Files\Windows Sidebar\sidebar.exe

(verified) Microsoft® Windows® Operating System 2728 C:\WINDOWS\explorer.exe

(verified) Microsoft® Windows® Operating System 2644 C:\WINDOWS\System32\dwm.exe

(verified) Microsoft® Windows® Operating System 2612 C:\WINDOWS\System32\notepad.exe

(verified) Microsoft® Windows® Operating System 2476 C:\WINDOWS\System32\taskeng.exe

(verified) SMax4PNP Application 3324 C:\Program Files\Analog Devices\Core\smax4pnp.exe

 

 

Autoruns and critical files

---------------------------

(unsigned) Mozilla Firefox C:\Program Files\Mozilla Firefox

 

(verified) avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastUI.exe

(verified) DivX Update C:\Program Files\DivX\DivX Update\DivXUpdate.exe

(verified) hp digital imaging - hp all-in-one seri C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

(verified) HP Health Check Scheduler c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

(verified) Intel® Common User Interface C:\WINDOWS\System32\hkcmd.exe

(verified) Intel® Common User Interface C:\WINDOWS\System32\igfxdev.dll

(verified) Intel® Common User Interface C:\WINDOWS\System32\igfxpers.exe

(verified) Intel® Common User Interface C:\Windows\system32\igfxtray.exe

(verified) Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe

(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\wmpnscfg.exe

(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\browseui.dll

(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

(verified) SMax4PNP Application C:\Program Files\Analog Devices\Core\smax4pnp.exe

(verified) Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe

(verified) Windows® Internet Explorer C:\WINDOWS\System32\webcheck.dll

 

 

Browser plugins

---------------

(unsigned) Java Platform SE 6 U24 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

 

(verified) AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll

(verified) AddressSearch Module c:\qvodplayer\addin\qvodaddr.dll

(verified) BitDefender QuickScan C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

(verified) BitDefender QuickScan C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

(verified) BitDefender QuickScan C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll (deleted)

(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

(verified) DivX VOD Helper Plug-in C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

(verified) DivX Web Player c:\program files\divx\divx plus web player\npdivx32.dll

(verified) Google Toolbar for IE c:\program files\google\googletoolbar1.dll

(verified) Java Deployment Toolkit 6.0.240.7 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

(verified) Java Platform SE 6 U24 c:\program files\java\jre6\bin\jp2ssv.dll

(verified) Microsoft Office Live Plug-in for Firef C:\Program Files\Microsoft\Office Live\npOLW.dll

(verified) Microsoft Search Helper Extention c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll

(verified) Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll

(verified) Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\NapiNSP.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\nlaapi.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\wshbth.dll

(verified) Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

(verified) MSN® Games by Zone.com C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll

(verified) MSN® Games by Zone.com C:\Windows\Downloaded Program Files\msgrchkr.dll

(verified) Nexon Game Controller C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

(verified) npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

(verified) NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll

(verified) Pando Web Plugin C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

(verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll

(verified) Skype Toolbars c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

(verified) Windows Live Toolbar c:\program files\windows live\toolbar\wltcore.dll

(verified) Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

(verified) Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

(verified) Windows® Internet Explorer C:\WINDOWS\System32\ieframe.dll

 

 

Missing files

-------------

File not found: C:\Users\KENCHA~1\AppData\Local\Temp\ALSysIO.sys

--> HKLM\System\ControlSet001\services\ALSysIO\"ImagePath"

 

File not found: C:\Users\KENCHA~1\AppData\Local\Temp\catchme.sys

--> HKLM\System\ControlSet001\services\catchme\"ImagePath"

 

File not found: C:\Windows\System32\appmgmts.dll

--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

 

 

Scan

----

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

(unsigned) MD5: 4ebb5b4dcabec18b29d01f9f607b0114 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

(unsigned) MD5: e9fd67b7ab3f1ae177914313e2847dc3 C:\Program Files\Mozilla Firefox\freebl3.dll

(unsigned) MD5: 631f3d1f8d339fe58b0d4899fed6d84a C:\Program Files\Mozilla Firefox\nssdbm3.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

(unsigned) MD5: 92edaae9c5c533860ec87aef22f71e05 C:\Program Files\Mozilla Firefox\softokn3.dll

(unsigned) MD5: dd48695d9b86dc5970c3f54c84dbbd4f C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\98bbdd8c400493ad228b8283665cc9da\mscorlib.ni.dll

 

 

No file uploaded.

 

Scan finished - communication took 2 sec

Total traffic - 0.03 MB sent, 0.15 KB recvd

Scanned 1022 files and modules - 7 seconds

 

==============================================================================

 

Everything is running fine, its just some things that worries me >_<

Share this post


Link to post
Share on other sites

Hi. :)

 

My colleague is unavailable for a few days, this is just a courtesy post on my behalf.

 

I will be providing assistance from this time forward. Please complete the last set of instructions when ready and we will go from there, thank you.

Share this post


Link to post
Share on other sites

Well the thing that worries me currently is...

 

My sister uses this program called QVOD player, she uses it to stream things from china's stream sites, and then somehow she got this thing called "Baidu", i talked to a friend about it and apparently theres a virus with it, and it was infected last time i posted here too ( Trojan Cinmus was the thing that came up ), and well she removed the toolbar from IE, But it tries to change my Homepage on IE to baidu but microsoft redirects me to a website saying about malicious websites, and also it keeps reappearing on my favorites bar / folder when i delete it and it restart IE ... my friend said it had something to do with the registries and stuff so i dont have any idea and came here for help.

 

and Thanks Dakeyras for helping while Tom is away :D

Share this post


Link to post
Share on other sites

Hi. :)

 

Thanks Dakeyras for helping while Tom is away :D

You're welcome!

 

My sister uses this program called QVOD player, she uses it to stream things from china's stream sites, and then somehow she got this thing called "Baidu", i talked to a friend about it and apparently theres a virus with it, and it was infected last time i posted here too ( Trojan Cinmus was the thing that came up ), and well she removed the toolbar from IE

 

Actually this particular application does come bundled with malware(depending from where the actual installer is downloaded from) and or has the chance anything streamed with it will contain such...Personally I advise do not use this application at all plus criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop. It's also very important to avoid any "cracks" or "Keygens" that allow unauthorised use of programs. Besides being illegal, these files also are loaded with "planted" malware.

 

Any further issues remaining? If not we will clean up the tools used during the course of the Malware Removal process and I will provide some advice about online safety.

Share this post


Link to post
Share on other sites

Hmm... I see...

 

Well besides this problem nothing else on my Laptop is acting weird, so i don't think there is any other problems with it right now, so lets continue :D

Share this post


Link to post
Share on other sites

Hi. :)

 

Well besides this problem nothing else on my Laptop is acting weird

OK if you so wish we can double check to make sure, for your peace of mind so to speak. I do not mind in the least doing so I will further add.

 

Right-click on OTL and select Run as Administrator, then click on Run Scan, post the new log that opens in your next reply.

Share this post


Link to post
Share on other sites

Double checking would be great!

 

OTL.txt

 

OTL logfile created on: 05/03/2011 10:56:22 AM - Run 3

OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Ken Chan\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

 

1,015.00 Mb Total Physical Memory | 357.00 Mb Available Physical Memory | 35.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 141.79 Gb Total Space | 66.92 Gb Free Space | 47.20% Space Free | Partition Type: NTFS

Drive D: | 7.25 Gb Total Space | 1.00 Gb Free Space | 13.75% Space Free | Partition Type: NTFS

 

Computer Name: KENCHAN-PC | User Name: Ken Chan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/03/05 08:35:43 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2011/03/05 08:35:41 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/02/23 18:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe

PRC - [2011/02/14 17:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2011/01/13 00:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2011/01/13 00:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/04/16 17:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2007/03/28 16:45:38 | 000,118,877 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe

PRC - [2007/03/28 16:45:34 | 000,270,431 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe

PRC - [2007/02/21 18:14:24 | 001,183,744 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe

PRC - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\AEADISRV.EXE

PRC - [2006/12/12 22:51:18 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011/02/23 18:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe

MOD - [2011/01/13 00:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll

MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2011/01/13 00:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/10/05 22:06:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/04/28 06:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/03/28 16:45:38 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2007/03/28 16:45:34 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2007/03/05 09:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

SRV - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\AEADISRV.EXE -- (AEADIFilters)

SRV - [2006/12/12 22:51:18 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/01/13 00:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/01/13 00:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/01/13 00:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/01/13 00:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011/01/13 00:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2010/10/10 20:12:15 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2010/08/16 06:26:29 | 006,637,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel®

DRV - [2010/06/29 16:02:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010/04/28 06:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\fssfltr.sys -- (fssfltr)

DRV - [2007/06/07 23:14:18 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2007/06/07 07:04:00 | 001,683,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2007/06/07 07:04:00 | 001,683,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm)

DRV - [2007/05/11 02:42:46 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\btwavdt.sys -- (btwavdt)

DRV - [2007/05/04 06:11:32 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/03/09 21:49:46 | 000,309,248 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV - [2007/02/26 06:52:22 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2006/12/12 22:51:16 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/11/30 10:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)

DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 01:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2006/11/02 01:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2006/11/02 01:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/01 23:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)

DRV - [2006/11/01 23:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)

DRV - [2006/11/01 23:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS -- (winachsf)

DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2006/11/01 23:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)

DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 EE DE 5A E8 D2 CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: [email protected]:0.2.2

FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.76

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbbaaec&v=6.011.025.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected]

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/24 02:09:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/24 02:09:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/05 08:35:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 08:35:48 | 000,000,000 | ---D | M]

 

[2010/06/17 17:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Extensions

[2011/03/04 22:49:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions

[2010/06/28 17:37:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/01/23 17:31:41 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

[2011/02/09 00:06:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/03/04 18:28:55 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2011/02/20 09:48:06 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Users\Ken Chan\AppData\Roaming\Mozilla\Firefox\Profiles\r5qrpc23.default\extensions\[email protected]

[2011/02/22 15:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/01/02 22:04:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/06/24 13:12:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/02 23:37:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/18 23:45:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/22 01:04:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/02/18 00:31:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/02/02 04:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

 

O1 HOSTS File: ([2011/02/27 11:26:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (57A19CF8-D82A-2BD6-465F-FD9AF29AF07D Class) - {57A19CF8-D82A-2BD6-465F-FD9AF29AF07D} - C:\QvodPlayer\AddIn\QvodAddr.dll ()

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\Ken Chan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Ken Chan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/03/03 15:53:40 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Roaming\QuickScan

[2011/02/27 11:30:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/02/27 11:30:23 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/02/27 11:30:22 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Local\temp

[2011/02/27 11:11:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/02/27 11:11:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/02/27 11:11:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/02/27 11:10:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/02/27 11:10:54 | 000,000,000 | ---D | C] -- C:\schrauber

[2011/02/27 11:06:13 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/02/27 11:05:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011/02/26 00:28:16 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Local\AreaZero

[2011/02/24 21:21:14 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Roaming\DivX

[2011/02/24 15:30:31 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\AppData\Local\DDMSettings

[2011/02/24 02:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus

[2011/02/24 02:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared

[2011/02/23 23:16:13 | 000,000,000 | ---D | C] -- C:\Users\Ken Chan\Documents\Updater5

[2011/02/23 18:12:36 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe

[2011/02/23 02:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Blinkx

[2011/02/22 17:20:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ken Chan\Desktop\HijackThis.exe

[2011/02/22 01:10:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0248.old

[2011/02/22 01:10:35 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0248.old

[2011/02/18 00:31:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/02/18 00:31:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/02/18 00:31:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/02/14 01:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine

[2011/02/14 01:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2011/02/14 01:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

[2011/02/09 19:45:04 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0

[2011/02/09 19:45:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2011/02/09 19:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS

[2011/02/08 15:40:49 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/02/08 15:40:36 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011/02/08 15:40:35 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2011/02/08 15:40:09 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011/02/08 15:40:09 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011/02/08 15:40:07 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2011/02/08 15:40:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011/02/08 15:40:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011/02/08 15:40:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011/02/08 15:40:03 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011/02/08 15:40:03 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011/02/08 15:40:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011/02/08 15:40:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011/02/08 15:40:02 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011/02/08 15:40:01 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011/02/08 15:40:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011/02/08 15:40:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011/02/08 15:39:55 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011/02/08 15:39:54 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/02/08 15:39:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011/02/08 15:39:34 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011/02/08 15:39:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011/02/05 18:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlyForFantasy

[2011/02/05 17:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\FlyForFantasy

 

========== Files - Modified Within 30 Days ==========

 

[2011/03/05 10:56:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job

[2011/03/05 09:25:04 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/03/05 09:25:04 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/03/05 09:19:36 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/03/05 09:19:36 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/03/05 09:19:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/03/05 09:19:23 | 161,156,820 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/03/05 01:06:31 | 000,003,035 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/03/05 00:26:17 | 000,005,648 | ---- | M] () -- C:\Users\Ken Chan\AppData\Local\d3d9caps.dat

[2011/02/27 23:34:39 | 000,000,392 | ---- | M] () -- C:\Users\Ken Chan\AppData\Roaming\wklnhst.dat

[2011/02/27 11:34:20 | 000,002,383 | ---- | M] () -- C:\Users\Ken Chan\Desktop\Skype.lnk

[2011/02/27 11:26:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/02/27 11:03:53 | 004,276,140 | R--- | M] () -- C:\Users\Ken Chan\Desktop\schrauber.exe

[2011/02/23 18:12:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ken Chan\Desktop\OTL.exe

[2011/02/22 16:10:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ken Chan\Desktop\HijackThis.exe

[2011/02/22 03:18:33 | 001,802,910 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB

[2011/02/20 20:44:33 | 000,054,630 | ---- | M] () -- C:\Users\Ken Chan\Documents\c04_793x540.png

[2011/02/09 19:40:48 | 003,014,656 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl

[2011/02/09 19:40:48 | 000,049,152 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf

[2011/02/09 19:40:48 | 000,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx

[2011/02/09 15:48:03 | 001,695,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/02/07 00:13:42 | 000,031,744 | ---- | M] () -- C:\Users\Ken Chan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== Files Created - No Company Name ==========

 

[2011/03/05 09:19:23 | 161,156,820 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011/02/27 11:11:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011/02/27 11:11:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/02/27 11:11:08 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011/02/27 11:11:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/02/27 11:11:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/02/27 11:03:29 | 004,276,140 | R--- | C] () -- C:\Users\Ken Chan\Desktop\schrauber.exe

[2011/02/23 18:27:30 | 000,133,632 | ---- | C] () -- C:\Users\Ken Chan\Desktop\RKUnhookerLE.EXE

[2011/02/22 03:16:32 | 001,802,910 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB

[2011/02/22 01:10:36 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0248.old

[2011/02/20 20:44:30 | 000,054,630 | ---- | C] () -- C:\Users\Ken Chan\Documents\c04_793x540.png

[2011/02/17 00:21:39 | 000,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{80103354-DF80-4FFA-999D-3E7CA2F819ED}.job

[2011/02/09 19:40:04 | 003,014,656 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl

[2011/02/09 19:40:04 | 000,049,152 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf

[2011/02/09 19:40:04 | 000,016,384 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx

[2011/02/01 21:57:38 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll

[2010/11/30 18:16:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/10/03 12:35:25 | 000,000,392 | ---- | C] () -- C:\Users\Ken Chan\AppData\Roaming\wklnhst.dat

[2010/08/20 10:44:09 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\prvlcl.dat

[2010/06/30 16:05:59 | 000,004,355 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010/06/29 16:02:04 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2010/06/28 14:11:17 | 000,031,744 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/25 15:19:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010/06/19 13:05:12 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/06/18 10:31:04 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\FnF4.txt

[2010/06/17 17:44:14 | 000,005,648 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\d3d9caps.dat

[2010/06/17 17:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\QSwitch.txt

[2010/06/17 17:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\DSwitch.txt

[2010/06/17 17:07:12 | 000,000,000 | ---- | C] () -- C:\Users\Ken Chan\AppData\Local\AtStart.txt

[2007/06/07 07:26:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1287.dll

[2007/06/07 07:02:10 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007/06/07 06:15:28 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2007/02/27 12:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/12/13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/12/13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/03/09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

 

< End of report >

Share this post


Link to post
Share on other sites

Hi. :)

 

Double checking would be great!

No problem, part of the Custom OTL Script below will reset some Internet Explorer settings to the Google homepage for your country as a a precaution. I chose this rather than the MS default, feel free to change such to whatever you wish after I have gave the all clear/posted my final set of advice/instructions etc.

 

Backup the Registry:

 

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

 

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

 

Custom OTL Script:

 

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:OTL
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (57A19CF8-D82A-2BD6-465F-FD9AF29AF07D Class) - {57A19CF8-D82A-2BD6-465F-FD9AF29AF07D} - C:\QvodPlayer\AddIn\QvodAddr.dll ()
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"=-
"Start Page"="http://www.google.ca/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=-
"Default_Search_URL"=-
"Search Page"=-
"Start Page"="http://www.google.ca/"

:Files
ipconfig /flushdns /c

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

 

Malwarebytes Anti-Malware:

 

Note: Remember to right click MBAM and select Run As Administrator.

 

  • Launch the application, Check for Updates >> Perform a Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

When completed the above, please post back the following in the order asked for:

 

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

Share this post


Link to post
Share on other sites

The Baidu Thing isn't coming back anymore :D, well there is this one problem i just remembered while restarting from OTL, when i restart my laptop shuts down instead and it almost seems like it crashes when it shutdowns for the restart .... dunno if this is the cause of something, and there's also that my Laptop's Back light for the monitor doesn't work anymore... last time i reformatted from trojan cinmus cause of time troubles the screen worked for 2 weeks before i updated then it stop working again... i dunno if its fixable...

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57A19CF8-D82A-2BD6-465F-FD9AF29AF07D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57A19CF8-D82A-2BD6-465F-FD9AF29AF07D}\ deleted successfully.

C:\QvodPlayer\AddIn\QvodAddr.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ not found.

File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.

ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.

ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.

ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.

ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.

========== REGISTRY ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.google.ca/" /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Search Page deleted successfully.

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.google.ca/" /E : value set successfully!

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Ken Chan\Desktop\cmd.bat deleted successfully.

C:\Users\Ken Chan\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Jaq

->Flash cache emptied: 1092 bytes

 

User: Ken Chan

->Flash cache emptied: 5116 bytes

 

User: mom

->Flash cache emptied: 10655 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Jaq

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 3799523 bytes

->Java cache emptied: 1325532 bytes

->FireFox cache emptied: 76529922 bytes

->Flash cache emptied: 0 bytes

 

User: Ken Chan

->Temp folder emptied: 713816746 bytes

->Temporary Internet Files folder emptied: 3204731 bytes

->Java cache emptied: 1096935 bytes

->FireFox cache emptied: 87927832 bytes

->Flash cache emptied: 0 bytes

 

User: mom

->Temp folder emptied: 367050635 bytes

->Temporary Internet Files folder emptied: 146218 bytes

->Java cache emptied: 13229 bytes

->FireFox cache emptied: 75872373 bytes

->Google Chrome cache emptied: 6099312 bytes

->Flash cache emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 12092 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1,275.00 mb

 

 

 

OTL by OldTimer - Version 3.2.21.0 log created on 03052011_191808

 

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

_________

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Database version: 5971

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

 

05/03/2011 7:36:54 PM

mbam-log-2011-03-05 (19-36-54).txt

 

Scan type: Quick scan

Objects scanned: 180625

Time elapsed: 8 minute(s), 2 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Hi. :)

 

The Baidu Thing isn't coming back anymore :D

Good.

 

well there is this one problem i just remembered while restarting from OTL, when i restart my laptop shuts down instead and it almost seems like it crashes when it shutdowns for the restart .... dunno if this is the cause of something, and there's also that my Laptop's Back light for the monitor doesn't work anymore... last time i reformatted from trojan cinmus cause of time troubles the screen worked for 2 weeks before i updated then it stop working again... i dunno if its fixable...

 

Hmmm OK this could be due to a number of issuies and not Malware related. Unfortunately this is not my sphere of expertise if you will as I only provide Anti-Malware support so my best suggestion with regard to this would be seek assistance with the matter in this part of the forum:-

 

Laptops and Netbooks

 

By all means include a link to this topic:-

 

http://forums.pcpitstop.com/index.php?/topic/193785-help-get-rid-of-baidu/
And mention I advised you seek assistance etc if you so wish.

 

Next:

 

Any other issues remaining?

Share this post


Link to post
Share on other sites

Hi. :)

 

Nope, Everything seems fine now, Thank you :D

OK and you're welcome.

 

Congratulations your computer appears to be malware free!

 

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

 

Importance of Regular System Maintenance:

 

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

 

Help! My computer is slow!

 

Also so is this:

 

What to do if your Computer is running slowly

 

Uninstall ComboFix:

 

  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image
Clean up with OTL:

 

  • Right-click OTL and select Run as Administrator to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

 

Any left over merely delete yourself and empty the Recycle Bin.

 

Now some advice for on-line safety:

 

Malwarebyte's Anti-Malware:

 

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

 

Other installed security software:

 

Your presently installed security application, Avast automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

 

I advise you also run a complete scan with this also once per week.

 

Erunt:

 

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

 

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

 

Keep your system updated:

 

Microsoft releases patches for Windows and other products regularly:

 

  • Click on Start(Vista Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Be careful when opening attachments and downloading files:

 

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.

Never open emails from unknown senders.

Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.

Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

 

Stop malicious scripts:

 

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

 

Avoid Peer to Peer software:

 

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

 

Hosts File:

 

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

 

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

 

Here are some Hosts files:

 

Only use one of the above!

 

Install WinPatrol:

 

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

 

Download it from here.

 

You can find information about how WinPatrol works here.

 

Next:

 

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

 

Any questions? Feel free to ask, if not stay safe!

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

 

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...