Jump to content


Photo
- - - - -

Help needed


  • This topic is locked This topic is locked
33 replies to this topic

#1 JiaWen

JiaWen

    New Member

  • Members
  • Pip
  • 21 posts

Posted 11 June 2011 - 03:55 AM

Vista Security is giving me troubles and it has taken over my computer, anyone here can offer me assistance on how to remove them?

#2 JiaWen

JiaWen

    New Member

  • Members
  • Pip
  • 21 posts

Posted 11 June 2011 - 05:58 AM

Vista Security Alerts keep poping up and the Spyware doctor i downloaded couldnt start scan.. can anyone assist me here?

#3 kahdah

kahdah

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,058 posts
  • Gender:Male
  • Location:Florida

Posted 11 June 2011 - 07:37 AM

Hello JiaWen

Welcome to Malwarebytes.
=====================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#4 JiaWen

JiaWen

    New Member

  • Members
  • Pip
  • 21 posts

Posted 11 June 2011 - 01:17 PM

OTL logfile created on: 12/6/2011 2:09:52 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Aaron\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

892.45 Mb Total Physical Memory | 152.91 Mb Available Physical Memory | 17.13% Memory free
2.00 Gb Paging File | 0.73 Gb Available in Paging File | 36.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.63 Gb Total Space | 41.90 Gb Free Space | 30.01% Space Free | Partition Type: NTFS
Drive D: | 9.42 Gb Total Space | 1.18 Gb Free Space | 12.52% Space Free | Partition Type: NTFS
Drive E: | 54.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KB | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Aaron\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Users\Aaron\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Qvod Terminal) -- C:\Program Files\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)


========== Driver Services (SafeList) ==========

DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys ()
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (smartNIC) -- C:\Windows\System32\drivers\smartnic.sys (CATC (Computer Access Technology Corp.))


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ds.koramgame.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://game.ds.koramgame.com/?sid=s1|http://www.facebook.com/media/set/?set=a.187244370170.245970.788565170#!/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {916ab64c-bc3e-471b-8e60-29551922a7ba}:1.300.222
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..keyword.URL: "http://search.freeca...h.yahoo.com&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/13 07:41:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/02/25 23:51:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 02:47:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 00:11:51 | 000,000,000 | ---D | M]

[2009/02/25 18:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions
[2009/02/25 18:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/06/11 20:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions
[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (MouseHunt Toolbar) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}
[2011/06/12 11:42:52 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\vshare@toolbar
[2009/04/27 20:11:54 | 000,001,768 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\searchplugins\search-the-web.xml
[2011/04/07 02:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/01 02:47:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/23 14:19:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/21 19:51:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2011/05/01 02:47:21 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011/05/01 02:47:21 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/05/21 19:51:24 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/06 12:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2011/05/01 02:47:23 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/12/22 12:44:28 | 000,107,864 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npww.dll
[2010/10/13 03:18:37 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/10/13 03:18:37 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/10/13 03:18:37 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/10/13 03:18:37 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/10/13 03:18:37 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/10/13 03:18:37 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/10/13 03:18:37 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCM_MUI] C:\Program Files\CyberLink\PowerCinema\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImationFlashDetect.lnk = C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe ()
O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\??.lnk = C:\Program Files\Funshion Online\Funshion\Funshion.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.1.58 202.156.1.68 202.156.1.78
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/07 18:46:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/09/18 06:02:45 | 000,000,154 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2e8239f3-d1c8-11de-ad69-00301a007166}\Shell - "" = Autorun
O33 - MountPoints2\{2e8239f3-d1c8-11de-ad69-00301a007166}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
O33 - MountPoints2\{2e8239f3-d1c8-11de-ad69-00301a007166}\Shell\Open\command - "" = Boot.exe e
O33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell - "" = Autorun
O33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
O33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell\Open\command - "" = Boot.exe e
O33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell - "" = Autorun
O33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
O33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell\Open\command - "" = Boot.exe e
O33 - MountPoints2\{fc2a0878-9911-11de-9021-00301a007166}\Shell - "" = AutoRun
O33 - MountPoints2\{fc2a0878-9911-11de-9021-00301a007166}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{fca6173b-e764-11dd-baa6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fca6173b-e764-11dd-baa6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2010/09/18 05:57:30 | 022,862,464 | R--- | M] (Cisco Consumer Products LLC)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/12 02:07:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2011/06/11 16:42:40 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\PCTools
[2011/06/11 16:41:14 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\PC ToolFix
[2011/06/11 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/06/11 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/06/11 16:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/11 16:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/06/11 05:18:36 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Malwarebytes
[2011/06/11 05:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/11 05:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/10 20:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2011/06/10 19:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2010/08/21 17:22:21 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe3C45.dll
[6 C:\Users\Aaron\Desktop\*.tmp files -> C:\Users\Aaron\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/12 02:08:13 | 000,302,592 | ---- | M] () -- C:\Users\Aaron\Desktop\mppf510d.exe
[2011/06/12 02:08:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2011/06/12 01:47:53 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/12 01:47:53 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/12 01:39:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000UA.job
[2011/06/11 19:47:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/11 19:47:44 | 936,480,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/11 18:59:40 | 000,011,148 | -HS- | M] () -- C:\Users\Aaron\AppData\Local\417ya3snt1
[2011/06/11 18:59:40 | 000,011,148 | -HS- | M] () -- C:\ProgramData\417ya3snt1
[2011/06/11 16:39:32 | 002,936,953 | ---- | M] () -- C:\Users\Aaron\Desktop\pcttFixTool.zip
[2011/06/11 05:08:10 | 000,000,128 | ---- | M] () -- C:\ProgramData\~33021688r
[2011/06/11 05:08:10 | 000,000,112 | ---- | M] () -- C:\ProgramData\~33021688
[2011/06/11 05:00:39 | 000,000,392 | ---- | M] () -- C:\ProgramData\33021688
[2011/06/10 22:21:56 | 000,001,878 | ---- | M] () -- C:\Users\Aaron\funshion.ini
[2011/06/10 04:49:37 | 000,002,044 | ---- | M] () -- C:\Users\Aaron\Desktop\Google Chrome.lnk
[2011/06/10 04:49:37 | 000,002,006 | ---- | M] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/10 04:04:09 | 000,000,392 | ---- | M] () -- C:\ProgramData\34332408
[2011/06/10 04:01:43 | 000,000,112 | ---- | M] () -- C:\ProgramData\~34332408
[2011/06/10 03:53:57 | 000,000,136 | ---- | M] () -- C:\ProgramData\~34332408r
[2011/06/05 08:39:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000Core.job
[2011/06/04 00:25:32 | 000,007,052 | ---- | M] () -- C:\Users\Aaron\AppData\Local\d3d9caps.dat
[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/05/24 02:12:05 | 000,119,808 | ---- | M] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 C:\Users\Aaron\Desktop\*.tmp files -> C:\Users\Aaron\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/12 02:08:09 | 000,302,592 | ---- | C] () -- C:\Users\Aaron\Desktop\mppf510d.exe
[2011/06/11 16:40:24 | 000,527,360 | ---- | C] () -- C:\Users\Aaron\Desktop\refdbe.dat
[2011/06/11 16:40:24 | 000,035,384 | ---- | C] () -- C:\Users\Aaron\Desktop\tedbe.dat
[2011/06/11 16:40:24 | 000,000,464 | ---- | C] () -- C:\Users\Aaron\Desktop\tedbwe.dat
[2011/06/11 16:38:36 | 002,936,953 | ---- | C] () -- C:\Users\Aaron\Desktop\pcttFixTool.zip
[2011/06/11 15:59:07 | 000,011,148 | -HS- | C] () -- C:\Users\Aaron\AppData\Local\417ya3snt1
[2011/06/11 15:59:07 | 000,011,148 | -HS- | C] () -- C:\ProgramData\417ya3snt1
[2011/06/11 07:03:56 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
[2011/06/11 04:58:19 | 000,000,128 | ---- | C] () -- C:\ProgramData\~33021688r
[2011/06/11 04:58:18 | 000,000,112 | ---- | C] () -- C:\ProgramData\~33021688
[2011/06/11 04:57:57 | 000,000,392 | ---- | C] () -- C:\ProgramData\33021688
[2011/06/10 20:16:22 | 000,001,918 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
[2011/06/10 03:53:57 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34332408r
[2011/06/10 03:53:51 | 000,000,112 | ---- | C] () -- C:\ProgramData\~34332408
[2011/06/10 03:46:29 | 000,000,392 | ---- | C] () -- C:\ProgramData\34332408
[2011/02/05 13:48:21 | 000,000,132 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/08/25 18:28:06 | 000,001,054 | ---- | C] () -- C:\Windows\System32\funshion.ini
[2010/05/15 15:07:47 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/20 18:34:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 18:34:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/29 14:15:25 | 000,000,008 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\NMM-MetaData.db
[2009/07/13 20:13:24 | 000,011,355 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\SmarThruOptions.xml
[2009/07/13 20:13:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2009/07/13 20:12:45 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2009/07/13 20:12:28 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2009/07/13 20:12:25 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2009/07/13 20:10:05 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2009/07/13 20:09:48 | 000,110,592 | ---- | C] () -- C:\Windows\Wiainst.exe
[2009/07/13 20:09:01 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2009/07/13 20:09:01 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll
[2009/07/13 20:09:01 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll
[2009/07/13 20:09:00 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll
[2009/07/13 20:07:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sse1ml3.dll
[2009/06/07 17:20:10 | 000,002,562 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\wklnhst.dat
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/15 16:01:11 | 000,119,808 | ---- | C] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/12 14:32:10 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/02/26 13:26:59 | 000,007,052 | ---- | C] () -- C:\Users\Aaron\AppData\Local\d3d9caps.dat
[2009/02/25 19:00:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/07 18:47:48 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/11/07 18:25:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/07 18:25:45 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/05/11 17:30:16 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/05/11 17:27:58 | 002,107,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2007/03/29 22:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006/11/02 20:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:44:53 | 003,701,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 18:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/02/22 19:19:35 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\AnvSoft
[2010/01/16 16:23:48 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\DAEMON Tools Lite
[2011/06/12 11:42:50 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\GetRightToGo
[2009/08/10 16:59:48 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\GrabPro
[2010/01/24 02:37:28 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\LimeWire
[2009/07/29 14:15:25 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Nokia
[2009/04/23 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\OpenOffice.org
[2011/03/30 02:02:22 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Orbit
[2009/02/25 23:57:41 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\PC Suite
[2011/06/11 16:42:40 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\PCTools
[2011/06/12 11:42:52 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\PPStream
[2009/07/13 20:13:26 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\SmarThru4
[2011/05/30 22:10:59 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Sports Interactive
[2010/06/12 22:19:24 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\StreamTorrent
[2010/03/25 00:47:45 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Template
[2009/06/04 03:44:59 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\The Creative Assembly
[2011/06/12 11:42:52 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\uTorrent
[2010/09/02 14:47:13 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Xilisoft Corporation
[2011/06/10 04:33:08 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Aaron\Desktop\Beyond - Hai Guo Tian Kong @ Lunar.AVI:TOC.WMV
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

#5 JiaWen

JiaWen

    New Member

  • Members
  • Pip
  • 21 posts

Posted 11 June 2011 - 01:26 PM

OTL Extras logfile created on: 12/6/2011 2:09:53 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Aaron\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

892.45 Mb Total Physical Memory | 152.91 Mb Available Physical Memory | 17.13% Memory free
2.00 Gb Paging File | 0.73 Gb Available in Paging File | 36.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.63 Gb Total Space | 41.90 Gb Free Space | 30.01% Space Free | Partition Type: NTFS
Drive D: | 9.42 Gb Total Space | 1.18 Gb Free Space | 12.52% Space Free | Partition Type: NTFS
Drive E: | 54.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KB | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS?????
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ??????


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E29CA61A-DE4B-4E7F-AD9B-758177478470}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F25B5290-E853-4682-AB11-E9BFC4968BD8}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{097D9C09-D4AD-4FE0-943D-44822413DFBD}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{0ACDFACD-C68F-4011-A9CE-79E483A20C42}" = protocol=17 | dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe |
"{0C5B5748-3A3D-4B83-98B3-6B83B59BEFA0}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1143A62D-3AC3-4D91-8329-584E8EE81B6E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{12C00EB1-76DD-4D52-B477-823ECD969A80}" = protocol=6 | dir=in | app=c:\nexon\counter-strike online\bin\cstrike-online.exe |
"{189F8405-75BD-4309-B231-BEE9A16D7724}" = protocol=6 | dir=in | app=c:\programdata\nexonjp\ngm\ngm.exe |
"{1E1D0459-D78E-4D90-AA7F-C5C472F6A3B4}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{2874E554-9577-477B-8047-6FABBABB7C69}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{335D74BC-6647-47FA-AF3B-BE59B0B2E459}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{36D604A3-B683-4A39-989B-59DA4A95FD95}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{36F34C82-A6EC-45E9-9B02-BD0CE59C4302}" = protocol=17 | dir=in | app=c:\programdata\nexonjp\ngm\ngm.exe |
"{451693BB-4084-4165-9256-3886ED53AA8B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4DFC9D42-E78F-4F9B-B850-9E1DF8A8664B}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |
"{51E22B0D-45CB-417F-B6A8-D72C9418B0F7}" = protocol=17 | dir=in | app=c:\program files\funshion online\funshion\funshionupgrade.exe |
"{5987822D-5C4F-4C2F-9FFE-96F43DE24184}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6A5EDFBE-DFF9-4591-8EDF-22BCEC4A3694}" = protocol=17 | dir=in | app=c:\programdata\nexonjp\503\nmservice.exe |
"{6AE0B8EF-8521-40E9-9EE2-9B840FB844BA}" = protocol=17 | dir=in | app=c:\blackshot\blackshot\system\blackshot.exe |
"{6DE1AAB2-7DF1-4C0E-9DBF-B59CE52F4A95}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{70507030-7979-4882-85C2-67CE6CF3F7B8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{78AB1BCC-2B99-4D69-8A5B-E18A09FE43C0}" = protocol=6 | dir=in | app=c:\programdata\nexonjp\503\nmservice.exe |
"{78EA120C-AB98-4A38-8AC2-6E23CEAC3C36}" = protocol=6 | dir=in | app=c:\program files\funshion online\funshion\funshionupgrade.exe |
"{7AC4A470-791D-4850-895B-A3088AE7856A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7F6F58F2-2A4A-4071-BFDD-90C6481500D4}" = protocol=17 | dir=in | app=c:\nexon\counter-strike online\bin\cstrike-online.exe |
"{892FD816-243E-456F-AC63-40E92F242AC2}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A18AA76C-4702-4352-AAAE-5C45C33FD06A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{B359E4E0-CEEE-40A0-BE4C-EFF80E90289C}" = protocol=17 | dir=in | app=c:\program files\6\6\ku6speedupper.exe |
"{B645D3FB-A547-4839-A026-5A23500679D4}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |
"{B7183B06-179B-4FC2-BEC2-BB2A3EC433F7}" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
"{BE003DF4-76AC-4717-88C3-99C43F1869B0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{C0B0BCF6-ABBD-44D4-9C34-7BA0D82DD148}" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe |
"{C2BF45B4-4FC4-4EA2-BD50-D18E9F7F4254}" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe |
"{D4DAD80E-FDC9-44C9-9CC4-44259C544195}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DCD807A2-C43F-4B20-BA65-24AC5E47BA3E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E0DED028-43B9-40E8-96BC-168C99D33071}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E6E55C3D-A67E-4486-BCC1-80AC6A944835}" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
"{EBB8A8DE-48D7-4896-915C-E91ABAB813C6}" = protocol=6 | dir=in | app=c:\blackshot\blackshot\system\blackshot.exe |
"{EC50DDBB-AD50-4279-91BA-663FF65AE076}" = protocol=6 | dir=in | app=c:\program files\6\6\ku6speedupper.exe |
"{F5B05913-B5B6-4CB5-B6E3-690322E291E1}" = protocol=6 | dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe |
"TCP Query User{0CAC69D9-2A11-455C-A76C-C7103B2E1C02}C:\program files\funshion online\funshion\funshionservice.exe" = protocol=6 | dir=in | app=c:\program files\funshion online\funshion\funshionservice.exe |
"TCP Query User{28C03A4C-6B9D-4184-B6B0-3A1AF2AEFEAB}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{2901EF49-9A0F-4FF1-A91C-68E0DBBF5EE1}C:\program files\trademanager\aliim.exe" = protocol=6 | dir=in | app=c:\program files\trademanager\aliim.exe |
"TCP Query User{2C03FF0E-47D2-40E1-96D3-F308DAE09AD1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{50FE9B23-AA7F-4C6D-91E3-B880B68E47A2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{7B92A943-E873-4220-A895-A83433F35067}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"TCP Query User{83189ECC-C4F8-4FEB-9BF1-AFF6503D1D82}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{8E2BAD9D-CB16-47EF-A707-B0007E00C1C2}C:\program files\funshion online\funshion\funshionservice.exe" = protocol=6 | dir=in | app=c:\program files\funshion online\funshion\funshionservice.exe |
"TCP Query User{9AB91846-77DA-4E56-BC6B-651B5083BF39}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{E9D68B38-507A-4E5C-9835-ACE284424292}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"TCP Query User{EB224BC6-3005-47D3-93D5-68076209D9A0}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{FD513386-275C-4FD1-801E-6D6F749F47CB}C:\program files\qvodplayer\qvodterminal.exe" = protocol=6 | dir=in | app=c:\program files\qvodplayer\qvodterminal.exe |
"UDP Query User{178C9D92-0C39-4926-9D86-8416389A2589}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{2EBFB3AA-9DD2-4D9C-98D6-E99570E8A13F}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"UDP Query User{43AC87EC-39EC-4D8F-AAFE-032F7DE589EA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{45D2C685-5830-4924-A8FA-5846FDD5F78A}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"UDP Query User{5729C6AA-58F2-4B0E-8E06-DFCA48790770}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7C397C34-6C58-40D2-8DDB-2182CCBC3C54}C:\program files\funshion online\funshion\funshionservice.exe" = protocol=17 | dir=in | app=c:\program files\funshion online\funshion\funshionservice.exe |
"UDP Query User{7F046384-068E-43F9-B133-1866FF314D9F}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{9461D8EC-85FA-4E83-B6CB-51E0DD2BD801}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{977973CC-A8E3-4C34-ABCF-E9A5500E9070}C:\program files\qvodplayer\qvodterminal.exe" = protocol=17 | dir=in | app=c:\program files\qvodplayer\qvodterminal.exe |
"UDP Query User{B24D3D9C-9F95-4127-A1E4-C12EB94AB2E9}C:\program files\trademanager\aliim.exe" = protocol=17 | dir=in | app=c:\program files\trademanager\aliim.exe |
"UDP Query User{E5742108-E001-4A88-BAD5-5CC8B8C47FA8}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{F2C911AA-0B04-4CCE-B36A-6AC463FAE9A1}C:\program files\funshion online\funshion\funshionservice.exe" = protocol=17 | dir=in | app=c:\program files\funshion online\funshion\funshionservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D53DF17-8AED-4ACE-A474-002372AAB399}" = Logitech QuickCam
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2016015-8323-4AF8-8B3E-F56239D7D59D}" = HP Demo
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco Connect" = Cisco Connect
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Digital Editions" = Adobe Digital Editions
"Funshion" = ??
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PhotoScape" = PhotoScape
"PPSGame" = PPSϷ V1.0.1.270
"PPStream" = PPStream V2.7.0.1210 Final
"QcDrv" = Logitech Camera Driver
"QvodPlayer" = QvodPlayer v3.0
"Samsung SCX-4300 Series" = Samsung SCX-4300 Series
"Shattered Galaxy" = Shattered Galaxy
"StreamTorrent 1.0" = StreamTorrent 1.0
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = Torrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/9/2010 12:12:03 PM | Computer Name = KB | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 18/9/2010 12:12:04 PM | Computer Name = KB | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 18/9/2010 12:12:04 PM | Computer Name = KB | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 18/9/2010 12:12:04 PM | Computer Name = KB | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 18/9/2010 12:12:04 PM | Computer Name = KB | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 18/9/2010 12:16:17 PM | Computer Name = KB | Source = WinMgmt | ID = 10
Description =

Error - 18/9/2010 12:38:13 PM | Computer Name = KB | Source = Application Error | ID = 1000
Description = Faulting application MDCrashReportTool.exe, version 17.671.0.86, time
stamp 0x4c0ed8cb, faulting module ntdll.dll, version 6.0.6001.18000, time stamp
0x4791a7a6, exception code 0xc0000005, fault offset 0x000681cb, process id 0xe08,
application start time 0x01cb574fe1e9af40.

Error - 18/9/2010 12:38:57 PM | Computer Name = KB | Source = Application Error | ID = 1000
Description = Faulting application MDCrashReportTool.exe, version 17.671.0.86, time
stamp 0x4c0ed8cb, faulting module ntdll.dll, version 6.0.6001.18000, time stamp
0x4791a7a6, exception code 0xc0000005, fault offset 0x000681cb, process id 0xe70,
application start time 0x01cb574ffc66fee0.

Error - 18/9/2010 12:43:45 PM | Computer Name = KB | Source = Application Error | ID = 1000
Description = Faulting application MDCrashReportTool.exe, version 17.671.0.86, time
stamp 0x4c0ed8cb, faulting module ntdll.dll, version 6.0.6001.18000, time stamp
0x4791a7a6, exception code 0xc0000005, fault offset 0x000404c1, process id 0x1388,
application start time 0x01cb5750a82a8da0.

Error - 22/9/2010 1:53:55 AM | Computer Name = KB | Source = Application Hang | ID = 1002
Description = The program HPHC.exe version 3.1.6.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 275c Start Time: 01cb5a1a4134d228 Termination Time: 880

[ OSession Events ]
Error - 18/7/2010 4:47:50 AM | Computer Name = KB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 534 seconds with 240 seconds of active time. This session ended with a crash.

Error - 10/3/2011 11:08:01 AM | Computer Name = KB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 13/7/2009 7:50:25 AM | Computer Name = KB | Source = HTTP | ID = 15016
Description =

Error - 13/7/2009 8:07:42 AM | Computer Name = KB | Source = Service Control Manager | ID = 7000
Description =

Error - 13/7/2009 8:13:13 AM | Computer Name = KB | Source = Service Control Manager | ID = 7000
Description =

Error - 13/7/2009 7:33:13 PM | Computer Name = KB | Source = HTTP | ID = 15016
Description =

Error - 13/7/2009 7:34:46 PM | Computer Name = KB | Source = Service Control Manager | ID = 7000
Description =

Error - 14/7/2009 1:38:04 AM | Computer Name = KB | Source = HTTP | ID = 15016
Description =

Error - 14/7/2009 1:39:39 AM | Computer Name = KB | Source = Service Control Manager | ID = 7000
Description =

Error - 14/7/2009 1:41:49 AM | Computer Name = KB | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.2 for the Network Card with network
address 00301A007166 has been denied by the DHCP server 172.17.0.50 (The DHCP Server
sent a DHCPNACK message).

Error - 14/7/2009 2:59:08 AM | Computer Name = KB | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume HP.

Error - 14/7/2009 2:59:08 AM | Computer Name = KB | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume HP.


< End of report >

#6 JiaWen

JiaWen

    New Member

  • Members
  • Pip
  • 21 posts

Posted 11 June 2011 - 02:30 PM

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-12 03:27:10
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST3160815AS rev.3.CHJ
Running: mppf510d.exe; Driver: C:\Users\Aaron\AppData\Local\Temp\pgldqpow.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 841F0BF8
INT 0x51 ? 841F0BF8
INT 0x51 ? 841F0BF8
INT 0x52 ? 85E47F00
INT 0x72 ? 85E47F00
INT 0x82 ? 841F0BF8
INT 0x92 ? 841F0BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spgy.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 86F7341B 5 Bytes JMP 85E474E0
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8AA0B340, 0x3DA8C7, 0xE8000020]
.text aor9p4l1.SYS 8A900000 22 Bytes [82, C3, A1, 82, 6C, C2, A1, ...]
.text aor9p4l1.SYS 8A900017 137 Bytes [00, 32, 47, 78, 80, 3D, 45, ...]
.text aor9p4l1.SYS 8A9000A1 43 Bytes [10, AF, 82, 74, 06, A9, 82, ...]
.text aor9p4l1.SYS 8A9000CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text aor9p4l1.SYS 8A9000DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806886D6] \SystemRoot\System32\Drivers\spgy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80688042] \SystemRoot\System32\Drivers\spgy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80688800] \SystemRoot\System32\Drivers\spgy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806880C0] \SystemRoot\System32\Drivers\spgy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068813E] \SystemRoot\System32\Drivers\spgy.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80697B90] \SystemRoot\System32\Drivers\spgy.sys
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortWritePortUchar] 838A926F
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8A9240
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortMoveMemory] [8B108910] \SystemRoot\system32\DRIVERS\nvlddmkm.sys (NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.21 /NVIDIA Corporation)
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\aor9p4l1.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74527817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7457A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7452BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7451F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7451E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74558395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7452DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7451FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7451FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [745ACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7454C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7451D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74516853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7451687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74522AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00832F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00832D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00832CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00832CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01682F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01682D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01682CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01682CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[1540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00412F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[1540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00412D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[1540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00412CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[1540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00412CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\CyberLink\PowerCinema\PCMService.exe[2004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01642F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\CyberLink\PowerCinema\PCMService.exe[2004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01642D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\CyberLink\PowerCinema\PCMService.exe[2004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01642CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\CyberLink\PowerCinema\PCMService.exe[2004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01642CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01452F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01452D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01452CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01452CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe[2480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00902F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe[2480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00902D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe[2480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00902CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe[2480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00902CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00262F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00262D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00262CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00262CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3132] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3132] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3132] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3132] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\hp\support\hpsysdrv.exe[3148] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00292F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\hp\support\hpsysdrv.exe[3148] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00292D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\hp\support\hpsysdrv.exe[3148] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00292CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\hp\support\hpsysdrv.exe[3148] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00292CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[3152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01532F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[3152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01532D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[3152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01532CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[3152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01532CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\mppf510d.exe[3324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00952F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\mppf510d.exe[3324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00952D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\mppf510d.exe[3324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00952CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\mppf510d.exe[3324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00952CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3416] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3416] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [008F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3416] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3416] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3848] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3848] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3848] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3848] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00682F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00682D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00682CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00682CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00972F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00972D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00972CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00972CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\hp\kbd\kbd.exe[4252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\hp\kbd\kbd.exe[4252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\hp\kbd\kbd.exe[4252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\hp\kbd\kbd.exe[4252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[5612] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00872F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[5612] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00872D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[5612] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00872CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[5612] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00872CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84F091F8
Device \Driver\volmgr \Device\VolMgrControl 84F061F8
Device \Driver\usbohci \Device\USBPDO-0 85E321F8
Device \Driver\PCI_PNP5056 \Device\00000044 spgy.sys
Device \Driver\usbehci \Device\USBPDO-1 85E341F8
Device \Driver\USBSTOR \Device\00000057 85F0B1F8
Device \Driver\volmgr \Device\HarddiskVolume1 84F061F8
Device \Driver\USBSTOR \Device\00000058 85F0B1F8
Device \Driver\volmgr \Device\HarddiskVolume2 84F061F8
Device \Driver\USBSTOR \Device\00000059 85F0B1F8
Device \Driver\cdrom \Device\CdRom0 85E491F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 84F081F8
Device \Driver\atapi \Device\Ide\IdePort0 84F081F8
Device \Driver\atapi \Device\Ide\IdePort1 84F081F8
Device \Driver\atapi \Device\Ide\IdePort2 84F081F8
Device \Driver\atapi \Device\Ide\IdePort3 84F081F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-5 84F081F8
Device \Driver\volmgr \Device\HarddiskVolume3 84F061F8
Device \Driver\cdrom \Device\CdRom1 85E491F8
Device \Driver\volmgr \Device\HarddiskVolume4 84F061F8
Device \Driver\volmgr \Device\HarddiskVolume5 84F061F8
Device \Driver\volmgr \Device\HarddiskVolume6 84F061F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8B5F2500
Device \Driver\Smb \Device\NetbiosSmb 8B5F51F8
Device \Driver\USBSTOR \Device\0000005a 85F0B1F8
Device \Driver\USBSTOR \Device\0000005b 85F0B1F8
Device \Driver\iScsiPrt \Device\RaidPort0 85F481F8
Device \Driver\usbohci \Device\USBFDO-0 85E321F8
Device \Driver\sptd \Device\1488007063 spgy.sys
Device \Driver\usbehci \Device\USBFDO-1 85E341F8
Device \Driver\netbt \Device\NetBT_Tcpip_{EBC8DF4E-F823-4914-B7BC-5091D316D8E2} 8B5F2500
Device \Driver\aor9p4l1 \Device\Scsi\aor9p4l11 85F491F8
Device \Driver\aor9p4l1 \Device\Scsi\aor9p4l11Port5Path0Target0Lun0 85F491F8
Device \FileSystem\cdfs \Cdfs 85F031F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCD 0xC7 0x3A 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x25 0xB0 0x9E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x76 0xFD 0xD1 0x3F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA0 0x5A 0x94 0xCA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCD 0xC7 0x3A 0x25 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x25 0xB0 0x9E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x76 0xFD 0xD1 0x3F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA0 0x5A 0x94 0xCA ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PPS
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PPS@InstallLocation D:\PPS.tv\PPSGame

---- EOF - GMER 1.0.15 ----

#7 kahdah

kahdah

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,058 posts
  • Gender:Male
  • Location:Florida

Posted 11 June 2011 - 03:25 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O33 - MountPoints2\{2e8239f3-d1c8-11de-ad69-00301a007166}\Shell\Open\command - "" = Boot.exe 
    [2011/06/11 18:59:40 | 000,011,148 | -HS- | M] () -- C:\Users\Aaron\AppData\Local\417ya3snt1
    [2011/06/11 18:59:40 | 000,011,148 | -HS- | M] () -- C:\ProgramData\417ya3snt1
    [2011/06/10 04:04:09 | 000,000,392 | ---- | M] () -- C:\ProgramData\34332408
    [2011/06/10 04:01:43 | 000,000,112 | ---- | M] () -- C:\ProgramData\~34332408
    [2011/06/10 03:53:57 | 000,000,136 | ---- | M] () -- C:\ProgramData\~34332408r
    [2011/06/11 04:58:19 | 000,000,128 | ---- | C] () -- C:\ProgramData\~33021688r
    [2011/06/11 04:58:18 | 000,000,112 | ---- | C] () -- C:\ProgramData\~33021688
    [2011/06/11 04:57:57 | 000,000,392 | ---- | C] () -- C:\ProgramData\33021688
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Malwarebytes' Anti-Malware=================================
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Online scan=================================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#8 JiaWen

JiaWen

    New Member

  • Members
  • Pip
  • 21 posts

Posted 11 June 2011 - 03:59 PM

Hi, im on a blue screen now and it gives a warning that application (OTL) cannot be used as my computer is affected...

#9 kahdah

kahdah

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,058 posts
  • Gender:Male
  • Location:Florida

Posted 11 June 2011 - 04:05 PM

Were you able to apply any fix yet?

If not please boot into safe mode to do the steps.
You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Then do the OTL step then reboot into normal mode again and do the other steps.
If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 JiaWen

JiaWen

    New Member

  • Members
  • Pip
  • 21 posts

Posted 11 June 2011 - 04:19 PM

Hi, nope im not on any fix yet, alright doing OTL scan now :)

#11 JiaWen

JiaWen

    New Member

  • Members
  • Pip
  • 21 posts

Posted 11 June 2011 - 04:47 PM

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e8239f3-d1c8-11de-ad69-00301a007166}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e8239f3-d1c8-11de-ad69-00301a007166}\ not found.
File Boot.exe not found.
C:\Users\Aaron\AppData\Local\417ya3snt1 moved successfully.
C:\ProgramData\417ya3snt1 moved successfully.
C:\ProgramData\34332408 moved successfully.
C:\ProgramData\~34332408 moved successfully.
C:\ProgramData\~34332408r moved successfully.
C:\ProgramData\~33021688r moved successfully.
C:\ProgramData\~33021688 moved successfully.
C:\ProgramData\33021688 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Aaron
->Temp folder emptied: 3077564588 bytes
->Temporary Internet Files folder emptied: 76995941 bytes
->Java cache emptied: 50788676 bytes
->FireFox cache emptied: 50851065 bytes
->Google Chrome cache emptied: 16404498 bytes
->Apple Safari cache emptied: 26380288 bytes
->Flash cache emptied: 2826471 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5178170495 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8,087.00 mb


OTL by OldTimer - Version 3.2.24.0 log created on 06122011_051845

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#12 JiaWen

JiaWen

    New Member

  • Members
  • Pip
  • 21 posts

Posted 11 June 2011 - 05:03 PM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

12/6/2011 5:58:53 AM
mbam-log-2011-06-12 (05-58-53).txt

Scan type: Quick scan
Objects scanned: 152645
Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 37

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fsp (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Funshion Task (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\funshion online (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\skin (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Aaron\funshion (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Aaron\funshion\ini (Adware.Funshion) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\System32\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\cook.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\CoreAAC.ax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\coreavc.ax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\crashreport.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\dbghelp.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\drvc.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\Dump.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\Encrypt.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\fpsrv.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\fptassrv.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\funshion-install.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\Funshion.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\funshiongame2.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\funshionplugin2.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\funshionservice.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\funshionupgrade.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\Funshop2.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\getmacaddress.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\langresenamerican.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\pncrt.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\pndx5032.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\quality.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\rmoc3260.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\routersetting.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\uninstall.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\upnp.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\skin\taskdown.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\skin\taskpause.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\skin\taskplaying.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\skin\taskstop.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\skin\taskupload.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Aaron\funshion\install.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Aaron\funshion\KB_info.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Aaron\funshion\ini\httpfile.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Aaron\funshion\ini\temp_config.ini (Adware.Funshion) -> Quarantined and deleted successfully.

#13 JiaWen

JiaWen

    New Member

  • Members
  • Pip
  • 21 posts

Posted 12 June 2011 - 11:22 AM

Also meanwhile im getting ''Hard Drive Failure'' : The system has detected a problem with one or more installed IDE / SATA hard disks & recommends me to restart my com.

#14 kahdah

kahdah

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,058 posts
  • Gender:Male
  • Location:Florida

Posted 12 June 2011 - 11:38 AM

Did you do the eset scan?
I need to see the log instructions are in my previous post.
For now though just open OTL and click the run scan button.
Post the new OTL.txt that opens.
If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 JiaWen

JiaWen

    New Member

  • Members
  • Pip
  • 21 posts

Posted 12 June 2011 - 11:41 AM

once i restart my computer the virus seems to take over my desktop only leaving one icon, which is the windows vista restore icon

#16 JiaWen

JiaWen

    New Member

  • Members
  • Pip
  • 21 posts

Posted 12 June 2011 - 12:13 PM

OTL logfile created on: 13/6/2011 12:51:44 AM - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = J:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

892.45 Mb Total Physical Memory | 306.04 Mb Available Physical Memory | 34.29% Memory free
2.00 Gb Paging File | 1.16 Gb Available in Paging File | 58.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.63 Gb Total Space | 49.09 Gb Free Space | 35.16% Space Free | Partition Type: NTFS
Drive D: | 9.42 Gb Total Space | 1.18 Gb Free Space | 12.52% Space Free | Partition Type: NTFS
Drive E: | 54.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 3.74 Gb Total Space | 3.69 Gb Free Space | 98.63% Space Free | Partition Type: FAT32

Computer Name: KB | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - J:\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\35905272.exe (Microsoft Corporation)
PRC - C:\ProgramData\SwPGvtLdJxoV.exe (Microsoft Corporation)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
PRC - C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - J:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Qvod Terminal) -- C:\Program Files\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys ()
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (smartNIC) -- C:\Windows\System32\drivers\smartnic.sys (CATC (Computer Access Technology Corp.))


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ds.koramgame.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://game.ds.koramgame.com/?sid=s1|http://www.facebook.com/media/set/?set=a.187244370170.245970.788565170#!/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {916ab64c-bc3e-471b-8e60-29551922a7ba}:1.300.222
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..keyword.URL: "http://search.freeca...h.yahoo.com&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/13 07:41:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/02/25 23:51:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 02:47:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 00:11:51 | 000,000,000 | ---D | M]

[2009/02/25 18:38:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions
[2009/02/25 18:38:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/06/12 06:03:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions
[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] (TradeManager-Plugin) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] (MouseHunt Toolbar) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}
[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] (vShare Plugin) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\extensions\vshare@toolbar
[2009/04/27 20:11:54 | 000,001,768 | -H-- | M] () -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\searchplugins\search-the-web.xml
[2011/04/07 02:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/01 02:47:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/23 14:19:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/21 19:51:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2011/05/01 02:47:21 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011/05/01 02:47:21 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/05/21 19:51:24 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/06 12:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2011/05/01 02:47:23 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/08/05 14:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/12/22 12:44:28 | 000,107,864 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npww.dll
[2010/10/13 03:18:37 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/10/13 03:18:37 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/10/13 03:18:37 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/10/13 03:18:37 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/10/13 03:18:37 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/10/13 03:18:37 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/10/13 03:18:37 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCM_MUI] C:\Program Files\CyberLink\PowerCinema\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SwPGvtLdJxoV] C:\ProgramData\SwPGvtLdJxoV.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImationFlashDetect.lnk = File not found
O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\??.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.1.58 202.156.1.68 202.156.1.78
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/07 18:46:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/09/18 06:02:45 | 000,000,154 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell - "" = Autorun
O33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
O33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell\Open\command - "" = Boot.exe e
O33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell - "" = Autorun
O33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
O33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell\Open\command - "" = Boot.exe e
O33 - MountPoints2\{fc2a0878-9911-11de-9021-00301a007166}\Shell - "" = AutoRun
O33 - MountPoints2\{fc2a0878-9911-11de-9021-00301a007166}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{fca6173b-e764-11dd-baa6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fca6173b-e764-11dd-baa6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2010/09/18 05:57:30 | 022,862,464 | R--- | M] (Cisco Consumer Products LLC)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/13 00:23:45 | 000,000,000 | -H-D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Restore
[2011/06/13 00:23:17 | 000,386,048 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\35905272.exe
[2011/06/13 00:14:03 | 000,492,544 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\SwPGvtLdJxoV.exe
[2011/06/12 05:54:47 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/12 05:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/12 05:54:42 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/12 05:51:27 | 009,435,312 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Aaron\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/12 05:18:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/12 04:04:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\lB08200NoDkD08200
[2011/06/12 02:07:36 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2011/06/11 16:42:40 | 000,000,000 | -H-D | C] -- C:\Users\Aaron\AppData\Roaming\PCTools
[2011/06/11 16:41:14 | 000,000,000 | -H-D | C] -- C:\Users\Aaron\Desktop\PC ToolFix
[2011/06/11 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/06/11 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/06/11 16:35:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\TEMP
[2011/06/11 16:34:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\PC Tools
[2011/06/11 05:18:36 | 000,000,000 | -H-D | C] -- C:\Users\Aaron\AppData\Roaming\Malwarebytes
[2011/06/11 05:18:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011/06/11 05:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/10 20:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2011/06/10 19:29:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Cisco Systems
[2010/08/21 17:22:21 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe3C45.dll
[6 C:\Users\Aaron\Desktop\*.tmp files -> C:\Users\Aaron\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/13 00:53:21 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/13 00:53:21 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/13 00:49:45 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~35905272r
[2011/06/13 00:49:45 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~35905272
[2011/06/13 00:48:08 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/13 00:48:08 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/13 00:48:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/13 00:48:00 | 936,517,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/13 00:23:46 | 000,000,595 | -H-- | M] () -- C:\Users\Aaron\Desktop\Windows Vista Restore.lnk
[2011/06/13 00:23:32 | 000,000,336 | -H-- | M] () -- C:\ProgramData\35905272
[2011/06/13 00:23:19 | 000,386,048 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\35905272.exe
[2011/06/13 00:14:01 | 000,492,544 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\SwPGvtLdJxoV.exe
[2011/06/12 23:39:00 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000UA.job
[2011/06/12 08:39:00 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000Core.job
[2011/06/12 05:49:40 | 009,435,312 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\Aaron\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/12 05:46:37 | 000,002,587 | -H-- | M] () -- C:\Users\Aaron\Desktop\Microsoft Office Word 2007.lnk
[2011/06/12 03:27:10 | 000,000,452 | -H-- | M] () -- C:\Users\Aaron\Desktop\Results.lnk
[2011/06/12 02:08:13 | 000,302,592 | ---- | M] () -- C:\mppf510d.exe
[2011/06/12 02:08:09 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2011/06/11 16:39:32 | 002,936,953 | -H-- | M] () -- C:\Users\Aaron\Desktop\pcttFixTool.zip
[2011/06/10 22:21:56 | 000,001,878 | -H-- | M] () -- C:\Users\Aaron\funshion.ini
[2011/06/10 04:49:37 | 000,002,044 | -H-- | M] () -- C:\Users\Aaron\Desktop\Google Chrome.lnk
[2011/06/04 00:25:32 | 000,007,052 | -H-- | M] () -- C:\Users\Aaron\AppData\Local\d3d9caps.dat
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/05/24 02:12:05 | 000,119,808 | -H-- | M] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 C:\Users\Aaron\Desktop\*.tmp files -> C:\Users\Aaron\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/13 00:48:00 | 936,517,632 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/13 00:36:10 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~35905272r
[2011/06/13 00:36:10 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~35905272
[2011/06/13 00:23:46 | 000,000,595 | -H-- | C] () -- C:\Users\Aaron\Desktop\Windows Vista Restore.lnk
[2011/06/13 00:23:32 | 000,000,336 | -H-- | C] () -- C:\ProgramData\35905272
[2011/06/12 03:27:10 | 000,000,452 | -H-- | C] () -- C:\Users\Aaron\Desktop\Results.lnk
[2011/06/12 02:08:09 | 000,302,592 | ---- | C] () -- C:\mppf510d.exe
[2011/06/11 16:40:24 | 000,527,360 | -H-- | C] () -- C:\Users\Aaron\Desktop\refdbe.dat
[2011/06/11 16:40:24 | 000,035,384 | -H-- | C] () -- C:\Users\Aaron\Desktop\tedbe.dat
[2011/06/11 16:40:24 | 000,000,464 | -H-- | C] () -- C:\Users\Aaron\Desktop\tedbwe.dat
[2011/06/11 16:38:36 | 002,936,953 | -H-- | C] () -- C:\Users\Aaron\Desktop\pcttFixTool.zip
[2011/06/10 20:16:22 | 000,001,918 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
[2011/02/05 13:48:21 | 000,000,132 | -H-- | C] () -- C:\Users\Aaron\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/05/15 15:07:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/20 18:34:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 18:34:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/29 14:15:25 | 000,000,008 | -H-- | C] () -- C:\Users\Aaron\AppData\Roaming\NMM-MetaData.db
[2009/07/13 20:13:24 | 000,011,355 | -H-- | C] () -- C:\Users\Aaron\AppData\Roaming\SmarThruOptions.xml
[2009/07/13 20:13:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2009/07/13 20:12:45 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2009/07/13 20:12:28 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2009/07/13 20:12:25 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2009/07/13 20:10:05 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2009/07/13 20:09:48 | 000,110,592 | ---- | C] () -- C:\Windows\Wiainst.exe
[2009/07/13 20:09:01 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2009/07/13 20:09:01 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll
[2009/07/13 20:09:01 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll
[2009/07/13 20:09:00 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll
[2009/07/13 20:07:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sse1ml3.dll
[2009/06/07 17:20:10 | 000,002,562 | -H-- | C] () -- C:\Users\Aaron\AppData\Roaming\wklnhst.dat
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/15 16:01:11 | 000,119,808 | -H-- | C] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/12 14:32:10 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/02/26 13:26:59 | 000,007,052 | -H-- | C] () -- C:\Users\Aaron\AppData\Local\d3d9caps.dat
[2009/02/25 19:00:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/07 18:47:48 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/11/07 18:25:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/07 18:25:45 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/05/11 17:30:16 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/05/11 17:27:58 | 002,107,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2007/03/29 22:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006/11/02 20:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:44:53 | 003,701,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 18:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/02/22 19:19:35 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\AnvSoft
[2010/01/16 16:23:48 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\DAEMON Tools Lite
[2011/06/12 11:42:50 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\GetRightToGo
[2009/08/10 16:59:48 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\GrabPro
[2010/01/24 02:37:28 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\LimeWire
[2009/07/29 14:15:25 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\Nokia
[2009/04/23 14:22:48 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\OpenOffice.org
[2011/03/30 02:02:22 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\Orbit
[2009/02/25 23:57:41 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\PC Suite
[2011/06/11 16:42:40 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\PCTools
[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\PPStream
[2009/07/13 20:13:26 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\SmarThru4
[2011/05/30 22:10:59 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\Sports Interactive
[2010/06/12 22:19:24 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\StreamTorrent
[2010/03/25 00:47:45 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\Template
[2009/06/04 03:44:59 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\The Creative Assembly
[2011/06/12 11:42:52 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\uTorrent
[2010/09/02 14:47:13 | 000,000,000 | -H-D | M] -- C:\Users\Aaron\AppData\Roaming\Xilisoft Corporation
[2011/06/13 00:44:25 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Aaron\Desktop\Beyond - Hai Guo Tian Kong @ Lunar.AVI:TOC.WMV
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

#17 kahdah

kahdah

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,058 posts
  • Gender:Male
  • Location:Florida

Posted 12 June 2011 - 12:34 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    PRC - C:\ProgramData\35905272.exe (Microsoft Corporation)
    PRC - C:\ProgramData\SwPGvtLdJxoV.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [SwPGvtLdJxoV] C:\ProgramData\SwPGvtLdJxoV.exe (Microsoft Corporation)
    O33 - MountPoints2\{aa165b2e-4d11-11de-80b9-00301a007166}\Shell\Open\command - "" = Boot.exe 
    O33 - MountPoints2\{cf8cd1ce-e21b-11de-b108-00301a007166}\Shell\Open\command - "" = Boot.exe 
    [2011/06/13 00:23:45 | 000,000,000 | -H-D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Restore
    [2011/06/13 00:23:17 | 000,386,048 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\35905272.exe
    [2011/06/13 00:14:03 | 000,492,544 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\SwPGvtLdJxoV.exe
    [2011/06/12 04:04:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\lB08200NoDkD08200
    [2011/06/13 00:49:45 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~35905272r
    [2011/06/13 00:49:45 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~35905272
    [2011/06/13 00:23:46 | 000,000,595 | -H-- | M] () -- C:\Users\Aaron\Desktop\Windows Vista Restore.lnk
    [2011/06/13 00:23:32 | 000,000,336 | -H-- | C] () -- C:\ProgramData\35905272
    
    :Commands
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
=================
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your C:\Drive if you cannot save it there then choose Documents instead.


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#18 JiaWen

JiaWen

    New Member

  • Members
  • Pip
  • 21 posts

Posted 12 June 2011 - 01:58 PM

hmm the OTL scan didnt give me a log am doing the ComboFix now, is it in chinese words?

#19 JiaWen

JiaWen

    New Member

  • Members
  • Pip
  • 21 posts

Posted 12 June 2011 - 02:02 PM

ComboFix 11-06-11.01 - Aaron 6/2011 Mon 2:28.1.2 - x86
????: C:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( ?????? )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpe3C45.dll
c:\programdata\lB08200NoDkD08200
c:\programdata\lB08200NoDkD08200\lB08200NoDkD08200
c:\programdata\lB08200NoDkD08200\lB08200NoDkD08200.exe
c:\windows\system32\jusched.exe
.
.
((((((((((((((((((((((((( 2011-05-12 ? 2011-06-12 ????? )))))))))))))))))))))))))))))))
.
.
2011-06-12 18:41 . 2011-06-12 18:41 -------- d-----w- c:\users\Aaron\AppData\Local\temp
2011-06-12 18:41 . 2011-06-12 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-12 18:21 . 2011-06-12 18:21 -------- d-----w- C:\32788R22FWJFW
2011-06-12 17:22 . 2011-06-12 17:22 -------- d-----w- c:\users\Aaron\AppData\Roaming\SUPERAntiSpyware.com
2011-06-12 17:22 . 2011-06-12 17:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-12 17:22 . 2011-06-12 17:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-10 12:15 . 2011-06-10 12:44 -------- d-----w- c:\program files\Cisco Systems
2011-06-10 11:29 . 2011-06-10 11:29 -------- d--h--w- c:\programdata\Cisco Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( ??????????? ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 11:14 . 2009-10-03 00:16 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( ????? ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*??* ???????????????
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-06-11 90112]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2008-03-20 151552]
"PCM_MUI"="c:\program files\CyberLink\PowerCinema\MUITransfer\MUIStartMenu.exe" [2008-03-20 222504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 780312]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ImationFlashDetect.lnk - c:\users\Aaron\AppData\Local\Temp\Imation\ImationFlashDetect.exe [N/A]
??.lnk - c:\program files\Funshion Online\Funshion\Funshion.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\???6]
c:\program files\?6?\????6\Ku6SpeedUpper.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 14:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 07:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 04:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPS Accelerator]
2010-02-24 03:25 214408 ----a-w- d:\pps.tv\PPStream\PPSAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 14:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2009-03-06 09:50 552960 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-07 02:13 26211624 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 16:29 1242448 ---ha-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 Qvod Terminal;Qvod Terminal;c:\program files\QvodPlayer\QvodTerminal.exe [2009-03-04 524288]
R3 smartNIC;smartNIC PnP Network Adapter device driver;c:\windows\system32\DRIVERS\smartnic.sys [2000-03-07 35694]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-16 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-03 5120]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
???? ??? ????
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000Core.job
- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-04 16:06]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226222967-264647855-1037863666-1000UA.job
- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-04 16:06]
.
.
------- ????? -------
.
uStart Page = hxxp://ds.koramgame.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=84&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: taobao.com
Trusted Zone: webscache.com
TCP: DhcpNameServer = 218.186.1.58 202.156.1.68 202.156.1.78
FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\87b22jmf.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://game.ds.koramgame.com/?sid=s1|http://www.facebook.com/media/set/?set=a.187244370170.245970.788565170#!/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: MouseHunt Toolbar: {916ab64c-bc3e-471b-8e60-29551922a7ba} - %profile%\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}
FF - Ext: TradeManager-Plugin: {4D144BC3-23FB-47de-90C5-63CCB0139CCF} - %profile%\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-13 02:41
Windows 6.0.6002 Service Pack 2 NTFS
.
???????? ???
.
????????? ???
.
???????? ???
.
????
??????: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1226222967-264647855-1037863666-1000\Software\SecuROM\License information*]
"datasecu"=hex:f5,12,09,46,0c,4e,6d,d9,77,1d,27,5b,ea,fb,bb,be,f0,c5,92,87,92,
4e,15,c5,dc,95,ee,32,a1,72,35,96,66,ca,a3,a8,73,88,14,04,20,70,52,60,22,a2,\
"rkeysecu"=hex:fd,8e,33,eb,bd,85,e5,47,8f,a4,0c,8c,d3,da,a6,4c
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
????: 2011-06-13 02:59:03
ComboFix-quarantined-files.txt 2011-06-12 18:58
.
Pre-Run: 52,223,574,016 bytes free
Post-Run: 56,652,029,952 bytes free
.
- - End Of File - - 5C2ADA6C35D4D5CAD7DED7AE0F25E6A2

#20 kahdah

kahdah

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,058 posts
  • Gender:Male
  • Location:Florida

Posted 12 June 2011 - 02:07 PM

Great now please do the following:
ESET OnlineScan
  • Click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users