• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.

yiren1

Full Member
  • Content count

    207
  • Joined

  • Last visited

About yiren1

  • Rank
    Advanced Member
  • Birthday 05/28/1984

Profile Information

  • Gender
    Male
  • Location
    singapore
  1. Hi lance_yien , Sorry for the late reply. I had replace my video card, it seems okay now ( No flashes ) but i now experiencing short beeping sound from the CPU. After second tries, it was able to boots up. May i know what went wrong? Thanks
  2. Hi lance_yien, Sorry for the late reply. I had uninstalled the ComboFix. When i starts my PC today, my Avast Internet Security is disabled and i could not enable the services is had run. is there any malware left over?
  3. It's still flashes when I tried on my TV enabled PC Input with new DVI cable. Most likely that my video card faulty?
  4. Hi lance_yien, There's no yellow exclamation point at the Windows Device Manager. For the changing of the Monitor, i do not have extra monitor but i do have a TV had have PC Input. i will do it tomorrow as its already midnight over here...
  5. Hi lance_yien , Seems to work, does not hang on the Pool Data today.. Hope that it won't hang on the next few days.. But i now currently experiencing monitor keep on flashing, i did not do anything to it.. It happened ON and OFF.. What should i do?
  6. Had done repairing the corrupted MBR using BootRec /fixmbr command. *My LCD screen keep flashing at times, it's happens before i tried to repair the MBR. *My computer still experiencing Hanged on Pool Data before i tried repairing the MBR. Please help!!
  7. Hi lance_yien, I'm back,Sorry for the long wait.. 1) Had run Disk Check utility but i was AFK(away from keyboard) when it was scanning. so i did not know the results. 2) System File Check utility results shows that 'Window Resource Protection did not find any intergrity violations. 3) Startup Repair utility did not found any problem.. Is it because of my hardware problem or hard disk?
  8. I had update my Java. Is there anything else need me to do? *just now when i tried to switch on my PC, it still happens to hang at the Verifying DMI Pool Data. May i know why is this so?? thanks
  9. In case you need the log file, i will post it as i am unable to use my PC til next Monday as i am on duty. Sorry about that. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8021 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 26/10/2011 7:12:23 PM mbam-log-2011-10-26 (19-12-23).txt Scan type: Quick scan Objects scanned: 175091 Time elapsed: 4 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:14:39 PM, on 26/10/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtDtC0B0BzyyByBtBzytDyDyEzzyDyByEtN0D0TzutBtDtCtCtDzztDzy&cr=1778702111 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [AnVir Task Manager Free] "C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe" Minimized O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{2DCB39BD-7A0D-42F9-AB83-676DA7624539}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CS1\Services\Tcpip\..\{2DCB39BD-7A0D-42F9-AB83-676DA7624539}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CS2\Services\Tcpip\..\{2DCB39BD-7A0D-42F9-AB83-676DA7624539}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CS3\Services\Tcpip\..\{2DCB39BD-7A0D-42F9-AB83-676DA7624539}: NameServer = 8.26.56.26,156.154.70.22 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10006 bytes
  10. Here's the ComboFix log file requested ComboFix 11-10-25.03 - Yiren 26/10/2011 18:46:02.3.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.65.1033.18.2046.1054 [GMT 8:00] Running from: c:\users\Yiren\Downloads\ComboFix.exe Command switches used :: c:\users\Yiren\Desktop\CFScript.txt AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Yiren\AppData\Local\COMODO . . ((((((((((((((((((((((((( Files Created from 2011-09-26 to 2011-10-26 ))))))))))))))))))))))))))))))) . . 2011-10-26 10:52 . 2011-10-26 10:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-25 16:22 . 2011-09-06 20:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-10-25 16:22 . 2011-09-06 20:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-10-25 16:21 . 2011-09-06 20:39 140120 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-10-25 16:21 . 2011-09-06 20:37 258392 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-10-25 16:21 . 2011-09-06 20:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-10-25 16:21 . 2011-09-06 20:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-10-25 16:21 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-10-25 16:21 . 2011-09-06 20:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-10-25 16:21 . 2011-07-04 11:12 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2011-10-25 16:21 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr 2011-10-25 16:21 . 2011-09-06 20:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-10-25 16:18 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D115F1B-D7DB-4938-9F07-BBE7104412E4}\mpengine.dll 2011-10-24 14:28 . 2011-10-24 14:28 388096 ----a-r- c:\users\Yiren\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-10-24 14:28 . 2011-10-24 14:28 -------- d-----w- c:\program files (x86)\Trend Micro 2011-10-24 13:59 . 2011-10-24 14:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-10-23 07:22 . 2011-10-23 07:22 -------- d-----w- C:\VritualRoot 2011-10-23 03:36 . 2011-10-23 03:36 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2011-10-22 08:49 . 2011-10-26 02:51 -------- d-----w- c:\users\Yiren\AppData\Roaming\QuickScan 2011-10-15 09:01 . 2011-10-15 09:01 -------- d-----w- c:\program files\iPod 2011-10-15 09:01 . 2011-10-15 09:02 -------- d-----w- c:\program files\iTunes 2011-10-15 08:58 . 2011-10-15 08:58 -------- d-----w- c:\program files\Bonjour 2011-10-15 08:58 . 2011-10-15 08:58 -------- d-----w- c:\program files (x86)\Bonjour 2011-10-12 11:16 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-12 11:16 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-12 11:16 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-12 11:16 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-12 11:16 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys 2011-10-12 11:13 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-12 11:13 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-12 11:13 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-12 11:13 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-10 11:48 . 2011-10-10 11:48 -------- d-----w- c:\program files (x86)\MSXML 4.0 2011-10-09 12:21 . 2011-10-09 12:24 -------- d-----w- c:\users\Yiren\AppData\Roaming\HP 2011-10-09 12:21 . 2011-10-09 12:21 -------- d-----w- c:\programdata\WEBREG 2011-10-09 12:16 . 2011-10-09 12:16 -------- d-----w- c:\programdata\HP Product Assistant 2011-10-09 12:14 . 2011-10-09 12:14 -------- d-----w- c:\program files (x86)\Common Files\HP 2011-10-09 12:14 . 2011-10-09 12:14 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard 2011-10-09 12:13 . 2011-10-09 12:16 -------- d-----w- c:\program files (x86)\HP 2011-10-09 12:12 . 2011-10-09 12:21 -------- d-----w- c:\programdata\HP 2011-10-09 12:12 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll 2011-10-09 12:12 . 2009-07-08 10:51 540672 ----a-w- c:\windows\system32\hppldcoi.dll 2011-10-09 12:12 . 2009-07-08 10:51 859136 ----a-w- c:\windows\system32\hpowiax4.dll 2011-10-09 12:12 . 2009-07-08 10:51 488960 ----a-w- c:\windows\system32\hpovst11.dll 2011-10-09 12:12 . 2009-07-08 10:51 1295360 ----a-w- c:\windows\system32\hpotiop4.dll 2011-10-06 14:52 . 2005-12-31 18:01 -------- d-----w- c:\users\Yiren\AppData\Local\MediaMonkey 2011-10-06 14:52 . 2011-10-06 14:52 -------- d-----w- c:\program files (x86)\MediaMonkey 2011-10-03 14:31 . 2011-10-03 14:31 -------- d-----w- c:\programdata\Hewlett-Packard 2011-10-03 14:31 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll 2011-10-01 08:52 . 2011-10-01 08:52 -------- d-----w- c:\users\Yiren\AppData\Roaming\GRETECH 2011-10-01 08:06 . 2011-10-01 08:06 -------- d-----w- c:\program files (x86)\GRETECH 2011-10-01 07:59 . 2011-10-01 07:59 -------- d-----w- c:\users\Yiren\AppData\Local\MPlayer 2011-10-01 07:56 . 2011-10-01 07:56 -------- d-----w- c:\programdata\OEM Links 2011-10-01 07:56 . 2011-10-01 07:56 -------- d-----w- C:\MININT 2011-10-01 02:05 . 2011-10-13 13:34 -------- d-----w- c:\program files (x86)\FinalWire . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-18 12:22 . 2011-09-17 15:43 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-10-13 12:01 . 2011-07-24 05:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-24 03:12 . 2011-09-24 03:12 74703 ----a-w- c:\windows\SysWow64\mfc45.dll 2011-09-17 15:51 . 2011-09-17 15:51 12872 ----a-w- c:\windows\system32\bootdelete.exe 2011-09-06 20:45 . 2011-07-24 04:28 254400 ----a-w- c:\windows\system32\aswBoot.exe 2011-08-30 15:05 . 2011-08-30 15:05 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-30 15:05 . 2011-08-30 15:05 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-08-30 15:05 . 2011-08-30 15:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll 2011-08-30 15:05 . 2011-08-30 15:05 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-08-30 15:05 . 2011-08-30 15:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-08-30 15:05 . 2011-08-30 15:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-08-30 15:05 . 2011-08-30 15:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-08-30 15:05 . 2011-08-30 15:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll 2011-08-18 04:09 . 2011-08-18 04:09 516096 ----a-w- c:\windows\system32\Funshion.scr 2011-08-08 07:01 . 2011-09-24 03:15 14848 ----a-w- c:\windows\system32\smrgdf.exe 2011-08-08 07:01 . 2011-09-24 03:15 45568 ----a-w- c:\windows\system32\iolobtdfg.exe 2011-08-08 06:18 . 2011-09-24 03:15 2141832 ----a-w- c:\windows\system32\Incinerator64.dll 2011-08-08 06:18 . 2011-09-24 03:15 2083464 ----a-w- c:\windows\SysWow64\Incinerator32.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-10-25_16.54.23 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2011-10-25 16:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-10-26 10:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-10-25 16:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-10-26 10:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-10-25 16:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-10-26 10:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-07-23 17:16 . 2011-10-26 10:34 35490 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-10-26 10:33 42008 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-07-23 08:24 . 2011-10-26 10:33 12730 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1656126944-2305136724-4169105457-1001_UserData.bin + 2011-07-23 08:18 . 2011-10-26 10:32 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-07-23 08:18 . 2011-10-25 16:33 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-07-23 08:18 . 2011-10-26 10:32 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-07-23 08:18 . 2011-10-25 16:33 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-10-25 16:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-10-26 10:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2011-10-26 10:37 88160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-07-24 03:37 . 2011-10-26 07:40 3562 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2011-07-24 03:37 . 2011-10-22 17:34 3562 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2011-10-25 16:32 . 2011-10-25 16:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-10-26 10:32 . 2011-10-26 10:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-10-26 10:32 . 2011-10-26 10:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-10-25 16:32 . 2011-10-25 16:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 05:12 . 2011-10-26 10:32 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:12 . 2011-10-25 16:33 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:01 . 2011-10-26 08:46 229632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-10-25 16:32 229632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-10-23 03:59 . 2011-10-26 07:40 579936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat - 2011-10-23 03:59 . 2011-10-24 15:17 579936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat + 2009-07-14 04:45 . 2011-10-26 07:42 5985562 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2011-10-15 09:20 5985562 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2011-10-26 07:31 . 2011-08-30 04:21 12872704 c:\windows\SysWOW64\shell32.dll + 2009-07-14 02:34 . 2011-10-26 07:40 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat - 2009-07-14 02:34 . 2006-01-01 08:11 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat + 2011-10-26 07:31 . 2011-08-30 05:25 14173184 c:\windows\system32\shell32.dll - 2011-07-23 18:06 . 2011-10-25 16:32 16640284 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1656126944-2305136724-4169105457-1001-8192.dat + 2011-07-23 18:06 . 2011-10-26 08:46 16640284 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1656126944-2305136724-4169105457-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnVir Task Manager Free"="c:\program files (x86)\AnVir Task Manager Free\AnVir.exe" [2010-04-02 1733856] "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-09-06 127192] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2011-07-24 265928] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-10-26 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2011-07-24 10:47] . 2011-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1656126944-2305136724-4169105457-1001Core.job - c:\users\Yiren\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-24 06:05] . 2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1656126944-2305136724-4169105457-1001UA.job - c:\users\Yiren\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-24 06:05] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtDtC0B0BzyyByBtBzytDyDyEzzyDyByEtN0D0TzutBtDtCtCtDzztDzy&cr=1778702111 uInternet Settings,ProxyOverride = *.local IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202 LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{2DCB39BD-7A0D-42F9-AB83-676DA7624539}: NameServer = 8.26.56.26,156.154.70.22 FF - ProfilePath - c:\users\Yiren\AppData\Roaming\Mozilla\Firefox\Profiles\h6djvdc0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.download.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: nglayout.initialpaint.delay - 50 FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 . . [HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . Completion time: 2011-10-26 18:55:54 ComboFix-quarantined-files.txt 2011-10-26 10:55 ComboFix2.txt 2011-10-26 02:46 ComboFix3.txt 2011-10-25 16:57 . Pre-Run: 79,567,421,440 bytes free Post-Run: 79,884,574,720 bytes free . - - End Of File - - 17BE12488A7455D42E43E9BA2CDAA13F
  11. Here's the BitDefender online virus scan log file: QuickScan Beta 32-bit v0.9.9.99 ------------------------------- Scan date: Wed Oct 26 10:51:24 2011 Machine ID: 4CA48574 No infection found. ------------------- Processes --------- Microsoft® Windows® Operating System 4836 C:\Windows\SysWOW64\ctfmon.exe (verified) AnVir Task Manager Free 1832 C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe (verified) avast! Antivirus 2932 C:\Program Files\AVAST Software\Avast\AvastUI.exe (verified) Google Chrome 1052 C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe (verified) Google Chrome 1920 C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe (verified) Google Chrome 2328 C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe (verified) Google Chrome 2444 C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe (verified) Google Chrome 3088 C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe (verified) Google Chrome 3136 C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe (verified) Google Chrome 3188 C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe (verified) Google Chrome 3880 C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe (verified) Google Chrome 4144 C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe (verified) iTunes 1296 C:\Program Files (x86)\iTunes\iTunesHelper.exe (verified) Microsoft® Windows® Operating System 2688 C:\Windows\SysWOW64\rundll32.exe Network activity ---------------- Process chrome.exe (3136) connected on port 80 (HTTP) --> 74.125.239.13 Process chrome.exe (3136) connected on port 80 (HTTP) --> 72.233.61.123 Process chrome.exe (3136) connected on port 443 (HTTP over SSL) --> 74.125.31.105 Process chrome.exe (3136) connected on port 443 (HTTP over SSL) --> 74.125.127.120 Process chrome.exe (3136) connected on port 443 (HTTP over SSL) --> 74.125.239.5 Process chrome.exe (3136) connected on port 443 (HTTP over SSL) --> 74.125.239.14 Process chrome.exe (3136) connected on port 443 (HTTP over SSL) --> 74.125.127.120 Process chrome.exe (3136) connected on port 443 (HTTP over SSL) --> 74.125.239.25 Process chrome.exe (3136) connected on port 443 (HTTP over SSL) --> 74.125.127.96 Process chrome.exe (3136) connected on port 443 (HTTP over SSL) --> 66.132.220.119 Process chrome.exe (3136) connected on port 443 (HTTP over SSL) --> 66.132.220.119 Process chrome.exe (3136) connected on port 443 (HTTP over SSL) --> 74.125.239.1 Process chrome.exe (3136) connected on port 443 (HTTP over SSL) --> 74.125.239.1 Autoruns and critical files --------------------------- COMODO livePCsupport C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe Windows® Internet Explorer c:\windows\syswow64\webcheck.dll (verified) AnVir Task Manager Free C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe (verified) Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (verified) avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe (verified) Google Update C:\Users\Yiren\AppData\Local\Google\Update\GoogleUpdate.exe (verified) iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe (verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe (verified) RocketDock.exe C:\Program Files (x86)\RocketDock\RocketDock.exe (verified) Windows Live Messenger C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe Browser plugins --------------- Google Update C:\Users\Yiren\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (unsigned) frozen.dll C:\Users\Yiren\AppData\Roaming\Mozilla\Firefox\Profiles\h6djvdc0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll (unsigned) googletoolbar-ff3.dll C:\Users\Yiren\AppData\Roaming\Mozilla\Firefox\Profiles\h6djvdc0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll (unsigned) googletoolbar-ff4.dll C:\Users\Yiren\AppData\Roaming\Mozilla\Firefox\Profiles\h6djvdc0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll (unsigned) Java Platform SE 6 U26 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll (unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll (unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll (unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll (unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll (unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll (unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll (unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (verified) avast! WebRep c:\program files\avast software\avast\aswwebrepie.dll (verified) BitDefender QuickScan C:\Users\Yiren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.99_0\npqscan.dll (verified) Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll (verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll (verified) DivX Plus Web Player HTML5 <video> c:\program files (x86)\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll (verified) DivX VOD Helper Plug-in C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (verified) DivX Web Player C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (verified) Foxit Reader Plugin for Mozilla C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (verified) HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll (verified) HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll (verified) Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll (verified) Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (verified) Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (verified) Microsoft® Windows Media Player Firefox C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll (verified) npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll (verified) NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll (verified) Picasa C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (verified) sblsp C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (verified) Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll (verified) Windows Live Messenger Companion c:\program files (x86)\windows live\companion\companioncore.dll (verified) Windows Live Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (verified) Windows® Internet Explorer c:\windows\syswow64\ieframe.dll Missing files ------------- File not found: C:\Windows\system32\Funshion.scr --> HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" Scan ---- MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll MD5: 71ca1c180b92456d638263e9ed6d2636 C:\Program Files (x86)\SpeedBit Video Accelerator\Collector.dll MD5: 8669cc40fa4efe7f7c8df6b6d7b13b26 C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe MD5: 7f783fb8a82e7042417ac73dd73e1add C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe MD5: 8c2044169be2224c8a7cb8e81e7581af C:\Users\Yiren\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll MD5: 8c3de46457b62e82035bfb1cba29fd7d C:\Users\Yiren\AppData\Roaming\Mozilla\Firefox\Profiles\h6djvdc0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll MD5: 182bc06b8cddb225f1d9444e0af88003 C:\Users\Yiren\AppData\Roaming\Mozilla\Firefox\Profiles\h6djvdc0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll MD5: eb28fe2670c1670cd077c3976f6a68f7 C:\Users\Yiren\AppData\Roaming\Mozilla\Firefox\Profiles\h6djvdc0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll MD5: 56ceed370508f69a1ba04939bd1badda C:\Windows\system32\MSUTB.dll MD5: b5506b451bfe7148eca7056bda2970bd C:\Windows\system32\RICHED32.DLL MD5: 181f69bc9c406b7fb5c0ade8031630ac C:\Windows\system32\wpdshext.dll MD5: 4a3cdcef8ed41b221f3dbef5792fb52d C:\Windows\SysWOW64\ctfmon.exe MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll No file uploaded. Scan finished - communication took 2 sec Total traffic - 0.00 MB sent, 0.11 KB recvd Scanned 335 files and modules - 8 seconds ==============================================================================
  12. Here's the Combo fix log file: ComboFix 11-10-25.03 - Yiren 26/10/2011 10:35:20.2.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.65.1033.18.2046.1249 [GMT 8:00] Running from: c:\users\Yiren\Downloads\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-09-26 to 2011-10-26 ))))))))))))))))))))))))))))))) . . 2011-10-26 02:42 . 2011-10-26 02:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-25 16:22 . 2011-09-06 20:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-10-25 16:22 . 2011-09-06 20:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-10-25 16:21 . 2011-09-06 20:39 140120 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-10-25 16:21 . 2011-09-06 20:37 258392 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-10-25 16:21 . 2011-09-06 20:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-10-25 16:21 . 2011-09-06 20:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-10-25 16:21 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-10-25 16:21 . 2011-09-06 20:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-10-25 16:21 . 2011-07-04 11:12 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2011-10-25 16:21 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr 2011-10-25 16:21 . 2011-09-06 20:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-10-25 16:18 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D115F1B-D7DB-4938-9F07-BBE7104412E4}\mpengine.dll 2011-10-24 14:28 . 2011-10-24 14:28 388096 ----a-r- c:\users\Yiren\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-10-24 14:28 . 2011-10-24 14:28 -------- d-----w- c:\program files (x86)\Trend Micro 2011-10-24 13:59 . 2011-10-24 14:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-10-23 10:07 . 2011-10-23 10:07 -------- d-----w- c:\users\Yiren\AppData\Local\COMODO 2011-10-23 07:22 . 2011-10-23 07:22 -------- d-----w- C:\VritualRoot 2011-10-23 03:53 . 2011-10-24 15:11 -------- d-----w- c:\programdata\Comodo 2011-10-23 03:39 . 2011-10-25 05:43 -------- d-----w- c:\programdata\Comodo Downloader 2011-10-23 03:36 . 2011-10-23 03:53 -------- d-----w- c:\program files\COMODO 2011-10-23 03:36 . 2011-10-23 03:36 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2011-10-22 09:02 . 2011-10-22 09:02 -------- d-----w- c:\program files (x86)\ESET 2011-10-22 08:49 . 2011-10-22 08:49 -------- d-----w- c:\users\Yiren\AppData\Roaming\QuickScan 2011-10-15 09:01 . 2011-10-15 09:01 -------- d-----w- c:\program files\iPod 2011-10-15 09:01 . 2011-10-15 09:02 -------- d-----w- c:\program files\iTunes 2011-10-15 08:58 . 2011-10-15 08:58 -------- d-----w- c:\program files\Bonjour 2011-10-15 08:58 . 2011-10-15 08:58 -------- d-----w- c:\program files (x86)\Bonjour 2011-10-12 11:16 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-12 11:16 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-12 11:16 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-12 11:16 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-12 11:16 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys 2011-10-12 11:13 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-12 11:13 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-12 11:13 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-12 11:13 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-10 11:48 . 2011-10-10 11:48 -------- d-----w- c:\program files (x86)\MSXML 4.0 2011-10-09 12:21 . 2011-10-09 12:24 -------- d-----w- c:\users\Yiren\AppData\Roaming\HP 2011-10-09 12:21 . 2011-10-09 12:21 -------- d-----w- c:\programdata\WEBREG 2011-10-09 12:16 . 2011-10-09 12:16 -------- d-----w- c:\programdata\HP Product Assistant 2011-10-09 12:14 . 2011-10-09 12:14 -------- d-----w- c:\program files (x86)\Common Files\HP 2011-10-09 12:14 . 2011-10-09 12:14 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard 2011-10-09 12:13 . 2011-10-09 12:16 -------- d-----w- c:\program files (x86)\HP 2011-10-09 12:12 . 2011-10-09 12:21 -------- d-----w- c:\programdata\HP 2011-10-09 12:12 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll 2011-10-09 12:12 . 2009-07-08 10:51 540672 ----a-w- c:\windows\system32\hppldcoi.dll 2011-10-09 12:12 . 2009-07-08 10:51 859136 ----a-w- c:\windows\system32\hpowiax4.dll 2011-10-09 12:12 . 2009-07-08 10:51 488960 ----a-w- c:\windows\system32\hpovst11.dll 2011-10-09 12:12 . 2009-07-08 10:51 1295360 ----a-w- c:\windows\system32\hpotiop4.dll 2011-10-06 14:52 . 2005-12-31 18:01 -------- d-----w- c:\users\Yiren\AppData\Local\MediaMonkey 2011-10-06 14:52 . 2011-10-06 14:52 -------- d-----w- c:\program files (x86)\MediaMonkey 2011-10-03 14:31 . 2011-10-03 14:31 -------- d-----w- c:\programdata\Hewlett-Packard 2011-10-03 14:31 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll 2011-10-01 08:52 . 2011-10-01 08:52 -------- d-----w- c:\users\Yiren\AppData\Roaming\GRETECH 2011-10-01 08:06 . 2011-10-01 08:06 -------- d-----w- c:\program files (x86)\GRETECH 2011-10-01 07:59 . 2011-10-01 07:59 -------- d-----w- c:\users\Yiren\AppData\Local\MPlayer 2011-10-01 07:56 . 2011-10-01 07:56 -------- d-----w- c:\programdata\OEM Links 2011-10-01 07:56 . 2011-10-01 07:56 -------- d-----w- C:\MININT 2011-10-01 02:05 . 2011-10-13 13:34 -------- d-----w- c:\program files (x86)\FinalWire . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-18 12:22 . 2011-09-17 15:43 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-10-13 12:01 . 2011-07-24 05:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-24 03:12 . 2011-09-24 03:12 74703 ----a-w- c:\windows\SysWow64\mfc45.dll 2011-09-17 15:51 . 2011-09-17 15:51 12872 ----a-w- c:\windows\system32\bootdelete.exe 2011-09-06 20:45 . 2011-07-24 04:28 254400 ----a-w- c:\windows\system32\aswBoot.exe 2011-08-30 15:05 . 2011-08-30 15:05 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-30 15:05 . 2011-08-30 15:05 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-08-30 15:05 . 2011-08-30 15:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll 2011-08-30 15:05 . 2011-08-30 15:05 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-08-30 15:05 . 2011-08-30 15:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-08-30 15:05 . 2011-08-30 15:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-08-30 15:05 . 2011-08-30 15:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-08-30 15:05 . 2011-08-30 15:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll 2011-08-18 04:09 . 2011-08-18 04:09 516096 ----a-w- c:\windows\system32\Funshion.scr 2011-08-08 07:01 . 2011-09-24 03:15 14848 ----a-w- c:\windows\system32\smrgdf.exe 2011-08-08 07:01 . 2011-09-24 03:15 45568 ----a-w- c:\windows\system32\iolobtdfg.exe 2011-08-08 06:18 . 2011-09-24 03:15 2141832 ----a-w- c:\windows\system32\Incinerator64.dll 2011-08-08 06:18 . 2011-09-24 03:15 2083464 ----a-w- c:\windows\SysWow64\Incinerator32.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-10-25_16.54.23 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2011-10-25 16:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-10-26 02:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-10-26 02:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-10-25 16:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-10-25 16:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-10-26 02:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2011-10-26 02:22 41804 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-07-23 08:24 . 2011-10-26 02:22 12690 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1656126944-2305136724-4169105457-1001_UserData.bin - 2011-07-23 08:24 . 2011-10-25 16:35 12690 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1656126944-2305136724-4169105457-1001_UserData.bin + 2011-07-23 08:18 . 2011-10-26 02:21 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-07-23 08:18 . 2011-10-25 16:33 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-07-23 08:18 . 2011-10-25 16:33 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-07-23 08:18 . 2011-10-26 02:21 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-10-26 02:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-10-25 16:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-10-25 16:32 . 2011-10-25 16:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-10-25 16:32 . 2011-10-26 02:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-10-25 16:32 . 2011-10-25 16:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-25 16:32 . 2011-10-26 02:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:12 . 2011-10-25 16:33 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:12 . 2011-10-26 02:21 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnVir Task Manager Free"="c:\program files (x86)\AnVir Task Manager Free\AnVir.exe" [2010-04-02 1733856] "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736] "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 184120] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-09-06 127192] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2011-07-24 265928] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 161080] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-10-26 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2011-07-24 10:47] . 2011-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1656126944-2305136724-4169105457-1001Core.job - c:\users\Yiren\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-24 06:05] . 2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1656126944-2305136724-4169105457-1001UA.job - c:\users\Yiren\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-24 06:05] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtDtC0B0BzyyByBtBzytDyDyEzzyDyByEtN0D0TzutBtDtCtCtDzztDzy&cr=1778702111 uInternet Settings,ProxyOverride = *.local IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202 LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{2DCB39BD-7A0D-42F9-AB83-676DA7624539}: NameServer = 8.26.56.26,156.154.70.22 FF - ProfilePath - c:\users\Yiren\AppData\Roaming\Mozilla\Firefox\Profiles\h6djvdc0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.download.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: nglayout.initialpaint.delay - 50 FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . . [HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:c6,e9,f6,73,5f,92,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,62,50,d6,b5,cf,6d,42,97,1a,26,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,62,50,d6,b5,cf,6d,42,97,1a,26,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-10-26 10:46:16 ComboFix-quarantined-files.txt 2011-10-26 02:46 ComboFix2.txt 2011-10-25 16:57 . Pre-Run: 80,109,047,808 bytes free Post-Run: 79,788,339,200 bytes free . - - End Of File - - 9C61B7BFC680CE97F8D9D398EC925488 Is there any you need me to do?
  13. I yesterday switch on my computer and notice that my Comodo Internet Premium had gone. I did not uninstalled it. So i installed back my Avast Internet Security back. Here's my DDS log file that u had requested: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Yiren at 10:23:01 on 2011-10-26 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.65.1033.18.2046.931 [GMT 8:00] . AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskeng.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\sppsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\Yiren\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtDtC0B0BzyyByBtBzytDyDyEzzyDyByEtN0D0TzutBtDtCtCtDzztDzy&cr=1778702111 uInternet Settings,ProxyOverride = *.local BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [AnVir Task Manager Free] "C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe" Minimized uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [Google Update] "C:\Users\Yiren\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll LSP: C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{2DCB39BD-7A0D-42F9-AB83-676DA7624539} : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{2DCB39BD-7A0D-42F9-AB83-676DA7624539} : DhcpNameServer = 192.168.2.1 192.168.2.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Yiren\AppData\Roaming\Mozilla\Firefox\Profiles\h6djvdc0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.download.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Yiren\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: nglayout.initialpaint.delay - 50 FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 . ============= SERVICES / DRIVERS =============== . R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?] R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?] R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-10-26 44768] R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2011-10-26 127192] R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-5-26 161080] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-9-24 722616] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-7-30 155344] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] . =============== File Associations =============== . JSEFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2011-10-26 02:21:10 -------- d-sh--w- C:\$RECYCLE.BIN 2011-10-25 16:46:08 98816 ----a-w- C:\Windows\sed.exe 2011-10-25 16:46:08 518144 ----a-w- C:\Windows\SWREG.exe 2011-10-25 16:46:08 256000 ----a-w- C:\Windows\PEV.exe 2011-10-25 16:46:08 208896 ----a-w- C:\Windows\MBR.exe 2011-10-25 16:35:44 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1D115F1B-D7DB-4938-9F07-BBE7104412E4}\offreg.dll 2011-10-25 16:21:58 140120 ----a-w- C:\Windows\System32\drivers\aswFW.sys 2011-10-25 16:21:43 258392 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys 2011-10-25 16:21:40 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2011-10-25 16:21:39 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2011-10-25 16:21:26 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys 2011-10-25 16:21:23 41184 ----a-w- C:\Windows\avastSS.scr 2011-10-25 16:18:06 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1D115F1B-D7DB-4938-9F07-BBE7104412E4}\mpengine.dll 2011-10-25 16:14:30 -------- d-----w- C:\Users\Yiren\AppData\Local\{292DCF22-EB50-44A7-BF1A-BB5C828F3E9D} 2011-10-25 16:14:17 -------- d-----w- C:\Users\Yiren\AppData\Local\{67237F42-AE3A-4F48-BF11-DEA710CCCFE7} 2011-10-24 14:28:00 388096 ----a-r- C:\Users\Yiren\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-10-24 14:28:00 -------- d-----w- C:\Program Files (x86)\Trend Micro 2011-10-24 13:59:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2011-10-24 13:46:38 -------- d-----w- C:\Users\Yiren\AppData\Local\{5F330364-2DBB-4F38-A37D-36C30AA3D8D6} 2011-10-24 13:46:25 -------- d-----w- C:\Users\Yiren\AppData\Local\{7CBEC43F-72B7-41BB-B7C7-379EBEE8C157} 2011-10-23 10:07:41 -------- d-----w- C:\Users\Yiren\AppData\Local\COMODO 2011-10-23 07:22:12 -------- d-----w- C:\VritualRoot 2011-10-23 03:53:33 -------- d-----w- C:\ProgramData\Comodo 2011-10-23 03:39:00 -------- d-----w- C:\ProgramData\Comodo Downloader 2011-10-23 03:36:06 -------- d-----w- C:\Program Files\COMODO 2011-10-23 03:36:05 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll 2011-10-23 03:24:33 -------- d-----w- C:\Users\Yiren\AppData\Local\{09745FB4-D330-4F58-982F-F2067324DCB9} 2011-10-23 03:24:20 -------- d-----w- C:\Users\Yiren\AppData\Local\{385345D2-99A9-49BC-BE51-9C79644A106D} 2011-10-23 03:11:20 -------- d-----w- C:\Users\Yiren\AppData\Local\{792886E5-3E27-46E6-A87F-552E981084D0} 2011-10-23 01:58:19 -------- d-----w- C:\Users\Yiren\AppData\Local\{FE8D8490-34B4-455A-A6FF-88E71C1DFAB7} 2011-10-22 09:02:17 -------- d-----w- C:\Program Files (x86)\ESET 2011-10-22 08:49:00 -------- d-----w- C:\Users\Yiren\AppData\Roaming\QuickScan 2011-10-22 02:33:29 -------- d-----w- C:\Users\Yiren\AppData\Local\{1E18FC40-F052-435B-AD3E-F3274C512D2B} 2011-10-22 02:33:01 -------- d-----w- C:\Users\Yiren\AppData\Local\{59FE223C-FD7B-4D49-9567-6A65281A1090} 2011-10-20 10:57:00 -------- d-----w- C:\Users\Yiren\AppData\Local\{46D91248-654F-4092-8439-3F0C4A134253} 2011-10-19 12:17:02 -------- d-----w- C:\Users\Yiren\AppData\Local\{6E5778CA-372C-4E7F-A8E5-63D23D35A219} 2011-10-19 12:16:46 -------- d-----w- C:\Users\Yiren\AppData\Local\{2FC85EA1-B8BE-4CEE-9A59-B8BE69A21B59} 2011-10-17 11:58:22 -------- d-----w- C:\Users\Yiren\AppData\Local\{5781431E-E0BD-4FAE-B9C1-1711E22DC013} 2011-10-16 04:50:57 -------- d-----w- C:\Users\Yiren\AppData\Local\{854E4E23-C15E-4669-B03E-582EA3D80DB4} 2011-10-16 04:50:45 -------- d-----w- C:\Users\Yiren\AppData\Local\{0926FC18-F764-4085-A470-699B85BA27FE} 2011-10-16 00:41:39 -------- d-----w- C:\Users\Yiren\AppData\Local\{A3F02E56-29BC-4BEE-8010-1B3EAA2D62E3} 2011-10-15 09:01:45 -------- d-----w- C:\Program Files\iPod 2011-10-15 09:01:43 -------- d-----w- C:\Program Files\iTunes 2011-10-15 08:58:21 -------- d-----w- C:\Program Files\Bonjour 2011-10-15 08:58:21 -------- d-----w- C:\Program Files (x86)\Bonjour 2011-10-15 04:24:18 -------- d-----w- C:\Users\Yiren\AppData\Local\{F017B01E-4332-41A7-8B35-B42D93102DF8} 2011-10-15 04:24:03 -------- d-----w- C:\Users\Yiren\AppData\Local\{4194FF2C-D8C8-4F30-A41D-15559DEE8A46} 2011-10-14 14:04:32 -------- d-----w- C:\Users\Yiren\AppData\Local\{48EDCDE6-6FDA-43FF-99B7-0683ED5C37E2} 2011-10-14 14:00:19 -------- d-----w- C:\Users\Yiren\AppData\Local\{9E966C35-EB95-4080-B3BD-8DECC4EFF7B6} 2011-10-14 14:00:05 -------- d-----w- C:\Users\Yiren\AppData\Local\{4A2FCA78-7FE2-4D43-95F3-659A8A2114FE} 2011-10-13 12:00:55 -------- d-----w- C:\Users\Yiren\AppData\Local\{B23C275D-0004-47C3-BCC3-97726264ACE1} 2011-10-13 12:00:44 -------- d-----w- C:\Users\Yiren\AppData\Local\{0CA2909D-CBE3-48FB-A2A0-52F433A871D8} 2011-10-13 11:40:45 -------- d-----w- C:\Users\Yiren\AppData\Local\{3CD6DBEA-A363-47D5-BC9E-C3E4C9059F8E} 2011-10-13 11:40:33 -------- d-----w- C:\Users\Yiren\AppData\Local\{EA05E25D-4C6C-45D6-9F80-97EDDF956DD0} 2011-10-12 11:16:33 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2011-10-12 11:16:33 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-10-12 11:16:33 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-10-12 11:16:33 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2011-10-12 11:16:16 3138048 ----a-w- C:\Windows\System32\win32k.sys 2011-10-12 11:13:34 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-10-12 11:13:33 861696 ----a-w- C:\Windows\System32\oleaut32.dll 2011-10-12 11:13:33 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-10-12 11:13:33 331776 ----a-w- C:\Windows\System32\oleacc.dll 2011-10-12 11:10:41 -------- d-----w- C:\Users\Yiren\AppData\Local\{4D8B9ED0-BE1E-43B1-AC25-21F51B5CBB0E} 2011-10-12 11:10:30 -------- d-----w- C:\Users\Yiren\AppData\Local\{37582E64-60BD-4B76-B2DB-9422E9D4F339} 2011-10-12 11:03:01 -------- d-----w- C:\Users\Yiren\AppData\Local\{80B0C834-BA12-47D3-9042-D4324A2977D1} 2011-10-11 11:25:13 -------- d-----w- C:\Users\Yiren\AppData\Local\{A6EDD9CF-FBC9-428A-A0A3-655C28B5F64E} 2011-10-11 11:25:02 -------- d-----w- C:\Users\Yiren\AppData\Local\{7C7433C9-555F-4F5F-A521-BD16E0C63C3F} 2011-10-10 11:48:51 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2011-10-10 11:41:11 -------- d-----w- C:\Users\Yiren\AppData\Local\{4D935DBA-E4DE-40E9-8B5C-EA4C1E92AFC4} 2011-10-10 11:40:58 -------- d-----w- C:\Users\Yiren\AppData\Local\{D543DE55-F0AB-4A0E-A1C1-C8F5666B5B00} 2011-10-09 12:21:25 -------- d-----w- C:\ProgramData\WEBREG 2011-10-09 12:14:41 -------- d-----w- C:\Program Files (x86)\Common Files\HP 2011-10-09 12:14:21 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard 2011-10-09 12:13:42 -------- d-----w- C:\Program Files (x86)\HP 2011-10-09 12:12:11 642360 ----a-w- C:\Windows\System32\hpzids40.dll 2011-10-09 12:12:11 540672 ----a-w- C:\Windows\System32\hppldcoi.dll 2011-10-09 12:12:10 859136 ----a-w- C:\Windows\System32\hpowiax4.dll 2011-10-09 12:12:10 488960 ----a-w- C:\Windows\System32\hpovst11.dll 2011-10-09 12:12:10 1295360 ----a-w- C:\Windows\System32\hpotiop4.dll 2011-10-09 01:58:49 -------- d-----w- C:\Users\Yiren\AppData\Local\{C9C28FAD-4E79-4C75-850E-D9E069684CC1} 2011-10-08 03:35:06 -------- d-----w- C:\Users\Yiren\AppData\Local\{BD3F90BC-89CB-4798-8D25-E44615A6A3EF} 2011-10-08 03:34:54 -------- d-----w- C:\Users\Yiren\AppData\Local\{24A985D8-6890-496A-8E6B-38FBBD5EE7C5} 2011-10-07 11:43:05 -------- d-----w- C:\Users\Yiren\AppData\Local\{75C0F269-77B6-4285-A363-CC722A02DCD9} 2011-10-07 11:42:53 -------- d-----w- C:\Users\Yiren\AppData\Local\{C8ED6586-2AAB-4D00-8DB1-76CE271BD606} 2011-10-06 14:52:16 -------- d-----w- C:\Users\Yiren\AppData\Local\MediaMonkey 2011-10-06 14:52:12 -------- d-----w- C:\Program Files (x86)\MediaMonkey 2011-10-06 12:35:28 -------- d-----w- C:\Users\Yiren\AppData\Local\{56691418-7F0D-41EE-86AC-E742327A6366} 2011-10-05 11:47:56 -------- d-----w- C:\Users\Yiren\AppData\Local\{BDCAEC01-8DD8-4EB3-93A0-ACAB0A593A7F} 2011-10-05 11:47:45 -------- d-----w- C:\Users\Yiren\AppData\Local\{AE81C464-EADE-4DB8-8203-5719D73FF16F} 2011-10-04 12:32:33 -------- d-----w- C:\Users\Yiren\AppData\Local\{2ADB0F38-D732-460B-BEEE-7585B3BFB64B} 2011-10-04 12:32:19 -------- d-----w- C:\Users\Yiren\AppData\Local\{F9C01E78-53AC-4BF6-8BAE-C8404B92D24B} 2011-10-03 14:31:08 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll 2011-10-03 10:59:24 -------- d-----w- C:\Users\Yiren\AppData\Local\{712213C7-EF4B-438B-B8FD-A2D01357AF67} 2011-10-03 10:59:12 -------- d-----w- C:\Users\Yiren\AppData\Local\{0D17D355-53DF-4753-B580-BA111882179F} 2011-10-02 02:02:21 -------- d-----w- C:\Users\Yiren\AppData\Local\{FD9176D2-BD7A-4342-B00D-857E0DD3C616} 2011-10-02 02:02:08 -------- d-----w- C:\Users\Yiren\AppData\Local\{E16D734F-3BA3-4735-AF02-77B6C6D33442} 2011-10-01 13:36:47 -------- d-----w- C:\Users\Yiren\AppData\Local\{5F351FB3-3AEE-4F60-AFCC-7644C7EF8E1B} 2011-10-01 13:36:29 -------- d-----w- C:\Users\Yiren\AppData\Local\{52EE4DD7-D54A-436F-B507-43868B62ECFF} 2011-10-01 08:06:38 -------- d-----w- C:\Program Files (x86)\GRETECH 2011-10-01 07:59:19 -------- d-----w- C:\Users\Yiren\AppData\Local\MPlayer 2011-10-01 07:56:36 -------- d-----w- C:\ProgramData\OEM Links 2011-10-01 07:56:35 -------- d-----w- C:\MININT 2011-10-01 02:05:44 -------- d-----w- C:\Program Files (x86)\FinalWire 2011-10-01 01:35:59 -------- d-----w- C:\Users\Yiren\AppData\Local\{25265930-EE01-4F4D-88DE-962DAFBF6DFA} 2011-10-01 01:35:46 -------- d-----w- C:\Users\Yiren\AppData\Local\{C8FB0453-B797-44FC-9551-FD62D86959AA} 2011-09-30 07:46:39 -------- d-----w- C:\Users\Yiren\AppData\Local\{F85EC64B-E320-484C-B85A-8112A6EE864D} 2011-09-29 08:02:32 -------- d-----w- C:\Users\Yiren\AppData\Local\{A3F33704-E1AE-465E-8C0D-82E037DB4510} 2011-09-29 08:02:18 -------- d-----w- C:\Users\Yiren\AppData\Local\{61C0EB35-677F-4360-B0D9-C0571785ACB3} 2011-09-26 12:03:30 -------- d-----w- C:\Users\Yiren\AppData\Local\{671EE722-70AD-406E-B33C-60CEF88FD71B} 2011-09-26 12:03:15 -------- d-----w- C:\Users\Yiren\AppData\Local\{4EEC86E3-DEAD-4B13-91C4-CDFDA4F77436} . ==================== Find3M ==================== . 2011-10-18 12:22:15 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys 2011-10-13 12:01:02 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-24 03:12:06 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll 2011-09-17 15:51:28 12872 ----a-w- C:\Windows\System32\bootdelete.exe 2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll 2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-08-30 15:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe 2011-08-30 15:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll 2011-08-30 15:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll 2011-08-30 15:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll 2011-08-30 15:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2011-08-30 15:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-08-30 15:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll 2011-08-30 15:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll 2011-08-18 04:09:34 516096 ----a-w- C:\Windows\System32\Funshion.scr 2011-08-08 07:01:40 14848 ----a-w- C:\Windows\System32\smrgdf.exe 2011-08-08 07:01:34 45568 ----a-w- C:\Windows\System32\iolobtdfg.exe 2011-08-08 06:18:18 2141832 ----a-w- C:\Windows\System32\Incinerator64.dll 2011-08-08 06:18:16 2083464 ----a-w- C:\Windows\SysWow64\Incinerator32.dll . ============= FINISH: 10:27:41.93 ===============
  14. 1) Unable to run DDS as Comodo Internet Premium blocks it. Here's the Security Check: Results of screen317's Security Check version 0.99.24 Windows 7 x64 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 iolo technologies' System Mechanic WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: MVPS Hosts File Malwarebytes' Anti-Malware TuneUp Companion 2.2.5 Java 6 Update 26 Out of date Java installed! Adobe Flash Player 11.0.1.152 ```````````````````````````````` Process Check: objlist.exe by Laurent Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe ``````````End of Log```````````` The Security check did not detect that i had installed Comodo Internet Premium. Here's the MBAM log file: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8011 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 24/10/2011 10:49:21 PM mbam-log-2011-10-24 (22-49-21).txt Scan type: Quick scan Objects scanned: 174318 Time elapsed: 8 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 19 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 8 Files Infected: 45 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{F9BC0421-BB5C-447D-8547-BB45AFA80A4D} (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AddressSearch.JsObject.1 (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AddressSearch.JsObject (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75} (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ASBarBroker.BDBroker.1 (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ASBarBroker.BDBroker (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AddressSearch.SnavHttpProtocol.1 (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AddressSearch.SnavHttpProtocol (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\fsp (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Funshion Task (Adware.Funshion) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funshion (Adware.Funshion) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Folders Infected: c:\program files (x86)\funshion online (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\funshionaddr (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\icon (Adware.Funshion) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\Funshion (Adware.Funshion) -> Quarantined and deleted successfully. c:\Users\Yiren\funshion (Adware.Funshion) -> Quarantined and deleted successfully. c:\Users\Yiren\funshion\ini (Adware.Funshion) -> Quarantined and deleted successfully. c:\Users\Yiren\funshion\update (Adware.Funshion) -> Quarantined and deleted successfully. Files Infected: c:\program files (x86)\funshion online\Funshion\funshionaddr\funshionaddr.dll (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\funshionaddr\asbarbroker.exe (Adware.Funshion) -> Quarantined and deleted successfully. c:\Users\Yiren\AppData\Roaming\microsoft\internet explorer\quick launch\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully. c:\Windows\System32\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully. c:\Windows\SysWOW64\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully. c:\Users\Yiren\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\cook.dll (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\CoreAAC.ax (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\coreavc.ax (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\crashreport.exe (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\dbghelp.dll (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\drvc.dll (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\Dump.dll (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\fpsrv.dll (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\fptassrv.dll (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\funshion-install.ico (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\Funshion.exe (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\FunShion.ini (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\funshiongame2.ico (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\funshionplugin2.dll (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\funshionservice.exe (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\funshionupgrade.exe (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\Funshop2.ico (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\getmacaddress.dll (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\langresenamerican.dll (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\pncrt.dll (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\pndx5032.dll (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\quality.dll (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\rmoc3260.dll (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\uninstall.exe (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\icon\MP4.ico (Adware.Funshion) -> Quarantined and deleted successfully. c:\program files (x86)\funshion online\Funshion\icon\RMVB.ico (Adware.Funshion) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\Funshion\funshion use help.lnk (Adware.Funshion) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\Funshion\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\Funshion\Pop Game.lnk (Adware.Funshion) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\Funshion\shopping sites.lnk (Adware.Funshion) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\Funshion\uninstall funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\Funshion\update history.lnk (Adware.Funshion) -> Quarantined and deleted successfully. c:\Users\Yiren\funshion\install.ini (Adware.Funshion) -> Quarantined and deleted successfully. c:\Users\Yiren\funshion\yiren-pc_info.ini (Adware.Funshion) -> Quarantined and deleted successfully. c:\Users\Yiren\funshion\ini\httpfile.ini (Adware.Funshion) -> Quarantined and deleted successfully. c:\Users\Yiren\funshion\ini\temp_config.ini (Adware.Funshion) -> Quarantined and deleted successfully. c:\Users\Yiren\funshion\update\Pop Game.lnk (Adware.Funshion) -> Quarantined and deleted successfully. c:\Users\Yiren\funshion\update\shopping sites.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
  15. hi, i would like to check whether my computer have malware.. Here's the log file: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8004 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 23/10/2011 7:53:56 PM mbam-log-2011-10-23 (19-53-56).txt Scan type: Quick scan Objects scanned: 173700 Time elapsed: 7 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:54:49 PM, on 23/10/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Users\Yiren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Yiren\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtDtC0B0BzyyByBtBzytDyDyEzzyDyByEtN0D0TzutBtDtCtCtDzztDzy&cr=1778702111 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [AnVir Task Manager Free] "C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe" Minimized O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{2DCB39BD-7A0D-42F9-AB83-676DA7624539}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CS1\Services\Tcpip\..\{2DCB39BD-7A0D-42F9-AB83-676DA7624539}: NameServer = 8.26.56.26,156.154.70.22 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10375 bytes And at times, my computer fail to boots up. It happens to hang on the Verifying DMI Pool Data. It happens alot of times but i did not installed any new hardware.. Please help~