Jump to content


Photo

Window Vista


  • This topic is locked This topic is locked
20 replies to this topic

#1 yiren1

yiren1

    Advanced Member

  • Full Member
  • PipPipPip
  • 212 posts

Posted 23 May 2010 - 02:55 AM

Recently, my computer boots up slower then before. i had run avast free full system scan but does not found anything. Here's the HijackThis's log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:20 PM, on 23/5/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVGLS\avgtray.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\AnVir Task Manager\AnVir.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.sg.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/application.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVGLS\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVGLS\avgtray.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AnVir Task Manager] "C:\Program Files\AnVir Task Manager\AnVir.exe" Minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcp...s/PCPitStop.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...S.cab109791.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1255756908135
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcp...DiskMD3Ctrl.dll
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcp...opAntiVirus.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVGLS\avgpp.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG LinkScanner® WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVGLS\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IntelDHSvcConf - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing)
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - (no file)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Silicon Integrated Systems - (no file)
O23 - Service: TipCtrl - Unknown owner - C:\Program Files\uTIPu\TipCtrl.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

--
End of file - 13549 bytes

Here's the MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4132

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

23/5/2010 3:55:01 PM
mbam-log-2010-05-23 (15-55-01).txt

Scan type: Quick scan
Objects scanned: 131674
Time elapsed: 5 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Yiren

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,490 posts

Posted 25 May 2010 - 03:46 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,241 posts

Posted 26 May 2010 - 06:58 PM

Hello and Welcome to the forums. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your computer problem today.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • As a Vista, I will require that all the programs I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programs may fail to do their job properly.

I am not seeing anything from your HJT log, but lets dig a little deeper.

Step 1
We need to update your version of HijackThis to the latest release.
Please uninstall or delete the version you already have on your computer.

Click here to download HijackThis.
Save HJTInstall.exe to your Desktop.
Double click on theHJTInstall.msi icon to start the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis
After the final dialogue box it will launch HijackThis.

Click on the scan button. It will scan and then ask you to save the log.
Save the log, and post me it in your next reply.

Step 2
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 3
Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.
  • Please download RootRepeal.zip from here.
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
    Posted Image
  • Select ALL of the checkboxes and then click OK and it will start scanning your system.
    Posted Image
  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.
NOTE! Please remove any e-mail address in the RootRepeal report (if present).

Step 4
Download OTS to your Desktop and double-click on it to extract the files. It will create a folder named OTS on your desktop.
  • Open the OTS folder and double-click on OTS.exe to start the program. Make sure you close all other programs and don't use the PC while the scan runs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here along with the checkup.txt and RootRepeal log. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in post for the OTS log.

Edited by MoNsTeReNeRgY22, 26 May 2010 - 07:01 PM.

CompTIA A+ Certified IT Technician
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.


#4 yiren1

yiren1

    Advanced Member

  • Full Member
  • PipPipPip
  • 212 posts

Posted 27 May 2010 - 12:09 AM

had download the latest HijackThis but i cannot 'right click' 'run as Administrator'. it does not appear 'run as administrator'.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:34:57 PM, on 27/5/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVGLS\avgtray.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AnVir Task Manager\AnVir.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.sg.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/application.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVGLS\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVGLS\avgtray.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AnVir Task Manager] "C:\Program Files\AnVir Task Manager\AnVir.exe" Minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcp...s/PCPitStop.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...S.cab109791.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1255756908135
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcp...DiskMD3Ctrl.dll
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcp...opAntiVirus.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVGLS\avgpp.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG LinkScanner® WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVGLS\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IntelDHSvcConf - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing)
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - (no file)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Silicon Integrated Systems - (no file)
O23 - Service: TipCtrl - Unknown owner - C:\Program Files\uTIPu\TipCtrl.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

--
End of file - 13332 bytes


Security Check

Results of screen317's Security Check version 0.99.4
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
TuneUp Utilities 2009
CCleaner (remove only)
Wise Disk Cleaner Professional v5.2
Wise Registry Cleaner 4 Free 4.92
Java™ 6 Update 20
Adobe Flash Player 10.0.32.18
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgnsx.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:


``````````End of Log````````````
Yiren

#5 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,241 posts

Posted 27 May 2010 - 12:22 AM

Hi,

Can you please post the OTS log and the RootRepeal log.

CompTIA A+ Certified IT Technician
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.


#6 yiren1

yiren1

    Advanced Member

  • Full Member
  • PipPipPip
  • 212 posts

Posted 27 May 2010 - 12:23 AM

RootRepeal still scanning.. ^^
Yiren

#7 yiren1

yiren1

    Advanced Member

  • Full Member
  • PipPipPip
  • 212 posts

Posted 27 May 2010 - 12:43 AM

Got error when scanning RootRepeal. the error i had attach, please take a look at it..
Yiren

#8 yiren1

yiren1

    Advanced Member

  • Full Member
  • PipPipPip
  • 212 posts

Posted 27 May 2010 - 01:01 AM

OTS log:

[code=auto:0]
OTS logfile created on: 27/5/2010 1:46:04 PM - Run 1
OTS by OldTimer - Version 3.1.31.0 Folder = C:\Users\yipeng\Searches\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.57 Gb Total Space | 39.65 Gb Free Space | 29.47% Space Free | Partition Type: NTFS
Drive D: | 88.55 Gb Total Space | 42.86 Gb Free Space | 48.40% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YIREN-PC
Current User Name: yipeng
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\yipeng\Searches\Downloads\OTS.exe -> [2010/05/27 13:44:22 | 000,640,000 | ---- | M] (OldTimer Tools)
avastui.exe -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe -> [2010/05/07 04:59:42 | 002,815,192 | ---- | M] (ALWIL Software)
avastsvc.exe -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/05/07 04:59:38 | 000,040,384 | ---- | M] (ALWIL Software)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.)
tuprogst.exe -> C:\Windows\System32\TUProgSt.exe -> [2010/04/02 14:13:57 | 000,604,488 | ---- | M] (TuneUp Software)
videoacceleratorservice.exe -> C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -> [2010/02/07 11:51:04 | 000,300,656 | ---- | M] (Speedbit Ltd.)
videoacceleratorengine.exe -> C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe -> [2010/02/07 11:51:04 | 000,140,920 | ---- | M] (Speedbit Ltd.)
wlcomm.exe -> C:\Program Files\Windows Live\Contacts\wlcomm.exe -> [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation)
wlidsvc.exe -> C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -> [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation)
wlidsvcm.exe -> C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE -> [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation)
avgtray.exe -> C:\Program Files\AVG\AVGLS\avgtray.exe -> [2009/07/29 23:00:30 | 001,950,488 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> C:\Program Files\AVG\AVGLS\avgnsx.exe -> [2009/06/29 21:18:28 | 000,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVGLS\avgwdsvc.exe -> [2009/06/29 21:18:27 | 000,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.)
seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
conime.exe -> C:\Windows\System32\conime.exe -> [2009/04/11 14:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation)
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2008/01/19 15:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation)
rocketdock.exe -> C:\Program Files\RocketDock\RocketDock.exe -> [2007/09/02 13:58:52 | 000,495,616 | ---- | M] ()
alertservice.exe -> C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -> [2006/11/18 22:01:26 | 000,195,032 | ---- | M] (Intel® Corporation)
iaantmon.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2006/11/16 07:57:58 | 000,081,920 | ---- | M] (Intel Corporation)
dqlwinservice.exe -> C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -> [2006/10/30 00:03:30 | 000,208,896 | ---- | M] ()
intelhctagent.exe -> C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe -> [2006/09/27 01:56:00 | 000,423,424 | ---- | M] (Intel Corporation)

[Modules - Safe List]
ots.exe -> C:\Users\yipeng\Searches\Downloads\OTS.exe -> [2010/05/27 13:44:22 | 000,640,000 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll -> [2009/04/11 14:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation)
msscript.ocx -> C:\Windows\System32\msscript.ocx -> [2008/01/19 15:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(TipCtrl) TipCtrl [On_Demand | Stopped] -> -> File not found
(SiteAdvisor Service) SiteAdvisor Service [Auto | Stopped] -> -> File not found
(OAcat) Online Armor Helper Service [On_Demand | Stopped] -> -> File not found
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [On_Demand | Stopped] -> -> File not found
(avast! Web Scanner) avast! Web Scanner [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/05/07 04:59:38 | 000,040,384 | ---- | M] (ALWIL Software)
(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/05/07 04:59:38 | 000,040,384 | ---- | M] (ALWIL Software)
(avast! Antivirus) avast! Antivirus [Auto | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/05/07 04:59:38 | 000,040,384 | ---- | M] (ALWIL Software)
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.)
(TuneUp.ProgramStatisticsSvc) TuneUp Program Statistics Service [Auto | Running] -> C:\Windows\System32\TUProgSt.exe -> [2010/04/02 14:13:57 | 000,604,488 | ---- | M] (TuneUp Software)
(TuneUp.Defrag) TuneUp Drive Defrag Service [On_Demand | Stopped] -> C:\Windows\System32\TuneUpDefragService.exe -> [2010/04/02 14:13:56 | 000,361,288 | ---- | M] (TuneUp Software)
(VideoAcceleratorService) VideoAcceleratorService [Auto | Running] -> C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -> [2010/02/07 11:51:04 | 000,300,656 | ---- | M] (Speedbit Ltd.)
(UxTuneUp) TuneUp Theme Extension [Auto | Running] -> C:\Windows\System32\uxtuneup.dll -> [2009/11/16 19:25:48 | 000,029,000 | ---- | M] (TuneUp Software)
(npggsvc) nProtect GameGuard Service [On_Demand | Stopped] -> C:\Windows\System32\GameMon.des -> [2009/10/29 05:20:00 | 003,390,312 | ---- | M] (INCA Internet Co., Ltd.)
(FontCache) Windows Font Cache Service [On_Demand | Stopped] -> C:\Windows\System32\FntCache.dll -> [2009/09/25 09:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation)
(ReflectService) Macrium Reflect Image Mounting Service [On_Demand | Stopped] -> C:\Program Files\Macrium\Reflect\ReflectService.exe -> [2009/08/25 12:16:36 | 000,220,128 | ---- | M] ()
(wlidsvc) Windows Live ID Sign-in Assistant [Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation)
(avg8wd) AVG LinkScanner® WatchDog [Auto | Running] -> C:\Program Files\AVG\AVGLS\avgwdsvc.exe -> [2009/06/29 21:18:27 | 000,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
(OMSI download service) Sony Ericsson OMSI download service [On_Demand | Stopped] -> C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -> [2009/04/30 11:23:26 | 000,090,112 | ---- | M] ()
(ServiceLayer) ServiceLayer [On_Demand | Stopped] -> C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -> [2009/03/04 11:25:12 | 000,621,056 | ---- | M] (Nokia.)
(WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/19 15:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation)
(Acer HomeMedia Connect Service) Acer HomeMedia Connect Service [On_Demand | Stopped] -> C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -> [2007/04/05 09:54:08 | 000,266,343 | ---- | M] (CyberLink)
(eDataSecurity Service) eDataSecurity Service [On_Demand | Stopped] -> C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -> [2007/02/07 15:04:26 | 000,457,512 | ---- | M] (HiTRSUT)
(eRecoveryService) eRecovery Service [On_Demand | Stopped] -> C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -> [2007/01/31 18:18:42 | 000,053,248 | ---- | M] (Acer Inc.)
(AcerMemUsageCheckService) ePerformance Service [On_Demand | Stopped] -> C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -> [2006/12/30 08:51:56 | 000,028,672 | ---- | M] ()
(AlertService) Intel® Alert Service [Auto | Running] -> C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -> [2006/11/18 22:01:26 | 000,195,032 | ---- | M] (Intel® Corporation)
(Remote UI Service) Intel® Remoting Service [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -> [2006/11/18 22:00:48 | 000,550,872 | ---- | M] (Intel® Corporation)
(MCLServiceATL) Intel® Application Tracker [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -> [2006/11/18 22:00:06 | 000,174,552 | ---- | M] (Intel® Corporation)
(IntelDHSvcConf) IntelDHSvcConf [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -> [2006/11/18 21:59:50 | 000,036,312 | ---- | M] (Intel® Corporation)
(ISSM) Intel® Software Services Manager [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -> [2006/11/18 21:59:38 | 000,081,880 | ---- | M] (Intel® Corporation)
(IAANTMON) Intel® Matrix Storage Event Monitor [Auto | Running] -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2006/11/16 07:57:58 | 000,081,920 | ---- | M] (Intel Corporation)
(DQLWinService) DQLWinService [Auto | Running] -> C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -> [2006/10/30 00:03:30 | 000,208,896 | ---- | M] ()

[Driver Services - Safe List]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/05/24 21:20:29 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\Windows\System32\drivers\aswTdi.sys -> [2010/05/07 04:39:23 | 000,046,672 | ---- | M] (ALWIL Software)
(aswSP) aswSP [Kernel | System | Running] -> C:\Windows\System32\drivers\aswSP.sys -> [2010/05/07 04:39:00 | 000,164,048 | ---- | M] (ALWIL Software)
(aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\System32\drivers\aswRdr.sys -> [2010/05/07 04:34:27 | 000,023,376 | ---- | M] (ALWIL Software)
(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2010/05/07 04:34:10 | 000,051,792 | ---- | M] (ALWIL Software)
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2010/05/07 04:33:47 | 000,019,024 | ---- | M] (ALWIL Software)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -> [2010/03/10 13:55:13 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2010/03/10 13:55:13 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(bbcap) bbcap [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\bbcap.sys -> [2010/02/26 11:28:26 | 000,004,096 | ---- | M] (Windows ® Codename Longhorn DDK provider)
(sptd) sptd [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\sptd.sys -> [2009/12/25 12:46:58 | 000,717,296 | ---- | M] ()
(smserial) smserial [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\smserial.sys -> [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2009/08/31 18:18:50 | 002,760,224 | ---- | M] (Realtek Semiconductor Corp.)
(PSMounter) Macrium Reflect Image Explorer Service [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\psmounter.sys -> [2009/08/25 12:16:16 | 000,032,224 | ---- | M] (Macrium Software)
(AvgLdx86) AVG LinkScanner® AVI Loader Driver x86 [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgldx86.sys -> [2009/07/15 20:58:24 | 000,253,576 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG LinkScanner® Network Redirector [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgtdix.sys -> [2009/06/29 21:18:33 | 000,108,296 | ---- | M] (AVG Technologies CZ, s.r.o.)
(PSI) PSI [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\psi_mf.sys -> [2009/06/17 20:20:34 | 000,012,648 | ---- | M] (Secunia)
(ggsemc) SEMC USB Flash Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ggsemc.sys -> [2009/06/16 12:53:27 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications)
(ggflt) SEMC USB Flash Driver Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ggflt.sys -> [2009/06/16 12:53:27 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications)
(USB_RNDIS) Thomson ST Remote NDIS Device Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usb8023.sys -> [2009/04/11 12:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation)
(RMCAST) RMCAST (Pgm) Protocol Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rmcast.sys -> [2009/04/11 12:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation)
(RTSTOR) Realtek USB 2.0 Card Reader [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTSTOR.sys -> [2009/04/08 03:53:12 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.)
(R300) R300 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\atikmdag.sys -> [2009/02/26 06:59:51 | 004,385,792 | ---- | M] (ATI Technologies Inc.)
(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\atikmdag.sys -> [2009/02/26 06:59:51 | 004,385,792 | ---- | M] (ATI Technologies Inc.)
(e1express) Intel® PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\e1e6032.sys -> [2008/12/04 22:55:40 | 000,217,728 | ---- | M] (Intel Corporation)
(s0017mdm) Sony Ericsson Device 0017 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s0017mdm.sys -> [2008/10/21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation)
(s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s0017unic.sys -> [2008/10/21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation)
(s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s0017mgmt.sys -> [2008/10/21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation)
(s0017obex) Sony Ericsson Device 0017 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s0017obex.sys -> [2008/10/21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation)
(s0017bus) Sony Ericsson Device 0017 driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s0017bus.sys -> [2008/10/21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation)
(s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s0017nd5.sys -> [2008/10/21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation)
(s0017mdfl) Sony Ericsson Device 0017 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s0017mdfl.sys -> [2008/10/21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation)
(pssnap) Paramount Software Snapshot Filter [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\pssnap.sys -> [2008/05/20 09:32:40 | 000,015,328 | ---- | M] (Macrium Software)
(MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MREMP50.sys -> [2008/04/02 09:48:40 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MRESP50.sys -> [2008/04/02 09:48:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\MODEMCSA.sys -> [2008/01/19 13:57:16 | 000,018,432 | ---- | M] (Microsoft Corporation)
(seehcri) Sony Ericsson seehcri Device Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\seehcri.sys -> [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications)
(IntelDH) IntelDH Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\IntelDH.sys -> [2007/08/10 14:05:38 | 000,005,504 | ---- | M] (Intel Corporation)
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\NTIDrvr.sys -> [2007/04/13 11:02:48 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.)
(PSDNServ) PSDNSERVER [Kernel | Boot | Running] -> C:\Windows\system32\drivers\PSDNServ.sys -> [2007/02/07 15:04:54 | 000,016,680 | ---- | M] (HiTRUST)
(psdvdisk) psdvdisk [Kernel | Boot | Running] -> C:\Windows\system32\drivers\psdvdisk.sys -> [2007/02/07 15:04:50 | 000,060,712 | ---- | M] (HiTRUST)
(PSDFilter) PSDFilter [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\psdfilter.sys -> [2007/02/07 15:04:48 | 000,020,264 | ---- | M] (HiTRUST)
(int15) int15 [Kernel | Auto | Running] -> C:\Acer\Empowering Technology\eRecovery\int15.sys -> [2006/12/07 18:12:02 | 000,076,584 | ---- | M] ()
(TSHWMDTCP) TSHWMDTCP [File_System | On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -> [2006/11/18 22:01:08 | 000,018,904 | ---- | M] ()
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 17:51:45 | 000,900,712 | ---- | M] (QLogic Corporation)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 17:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 17:51:34 | 000,316,520 | ---- | M] (Emulex)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 17:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 17:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 17:51:25 | 000,232,040 | ---- | M] (Intel Corporation)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 17:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 17:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 17:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 17:50:35 | 000,106,088 | ---- | M] (QLogic Corporation)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 17:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 17:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.)
(nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 17:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 17:50:19 | 000,045,160 | ---- | M] (IBM Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 17:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 17:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 17:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 17:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 17:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 17:50:10 | 000,065,640 | ---- | M] (LSI Logic)
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 17:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 17:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 17:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 17:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 17:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 17:50:05 | 000,065,640 | ---- | M] (LSI Logic)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 17:50:05 | 000,035,944 | ---- | M] (LSI Logic)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 17:50:04 | 000,065,640 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 17:50:03 | 000,034,920 | ---- | M] (LSI Logic)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 17:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 17:49:56 | 000,031,848 | ---- | M] (LSI Logic)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 17:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 17:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 17:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 17:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 16:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 16:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 16:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 16:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 16:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 16:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 15:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies)
(E1G60) Intel® PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2006/11/02 15:30:54 | 000,117,760 | ---- | M] (Intel Corporation)
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\system32\drivers\iastor.sys -> [2006/11/01 04:46:36 | 000,250,368 | ---- | M] (Intel Corporation)
(nmsunidr) UniDriver for NMS [Kernel | Auto | Running] -> C:\Windows\System32\drivers\nmsunidr.sys -> [2006/10/20 06:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.)
(nmsgopro) GoProto Protocol Driver for NMS [Kernel | Auto | Running] -> C:\Windows\System32\drivers\nmsgopro.sys -> [2006/09/28 07:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.)
(WSVD) WSVD [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\WSVD.sys -> [2006/09/19 16:47:04 | 000,080,744 | ---- | M] (Wasay)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://en.sg.acer.yahoo.com ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo....=utf-8&fr=b1ie7 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.msn.com/ ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://g.msn.com/0SE...S01?FORM=TOOLBR ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
HKEY_CURRENT_USER\: "AutoConfigURL" -> http://localhost:9000/application.pac ->
< FireFox Settings [Prefs.js] > -> C:\Users\yipeng\AppData\Roaming\Mozilla\FireFox\Profiles\nlyyw4q0.default\prefs.js ->
browser.search.defaultenginename -> "Google" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "www.download.com" ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.364 ->
extensions.enabledItems -> {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 ->
extensions.enabledItems -> dendzones@captaincaveman.nl:1.5.0.2 ->
extensions.enabledItems -> {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9 ->
extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 ->
extensions.enabledItems -> {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.3 ->
extensions.enabledItems -> {20291fcc-1471-46c8-8213-5911f5ce6d67}:1.6.4 ->
extensions.enabledItems -> tabprogressbar@studio17.wordpress.com:0.6 ->
extensions.enabledItems -> tabscope@xuldev.org:0.3.2 ->
extensions.enabledItems -> {0fa2149e-bb2c-4ac2-a8d3-479599819475}:1.6 ->
extensions.enabledItems -> {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2 ->
extensions.enabledItems -> {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
extensions.enabledItems -> firefox@tvunetworks.com:2 ->
extensions.enabledItems -> 5 ->
extensions.enabledItems -> 3 ->
extensions.enabledItems -> 1 ->
extensions.enabledItems -> {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 ->
extensions.enabledItems -> Strata40@SpewBoy.au:0.6.2 ->
< FireFox Settings [User.js] > -> C:\Users\yipeng\AppData\Roaming\Mozilla\FireFox\Profiles\nlyyw4q0.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\Program Files\AVG\AVGLS\Firefox [C:\PROGRAM FILES\AVG\AVGLS\FIREFOX] -> [2009/12/19 10:02:20 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/05/03 20:44:20 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/05/03 20:44:20 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\yipeng\AppData\Roaming\mozilla\Extensions -> [2009/05/30 21:58:08 | 000,000,000 | ---D | M]
-> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions -> [2010/05/27 01:26:48 | 000,000,000 | ---D | M]
URL Fixer -> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475} -> [2010/01/16 22:54:05 | 000,000,000 | ---D | M]
No name found -> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41} -> [2010/01/24 11:13:05 | 000,000,000 | ---D | M]
Site Launcher -> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\{20291fcc-1471-46c8-8213-5911f5ce6d67} -> [2010/03/19 01:30:22 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant -> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/04/27 20:52:08 | 000,000,000 | ---D | M]
Google Toolbar for Firefox -> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2010/04/28 23:15:37 | 000,000,000 | ---D | M]
IE Tab -> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} -> [2009/06/04 16:51:48 | 000,000,000 | ---D | M]
WOT -> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2010/05/12 23:43:21 | 000,000,000 | ---D | M]
WOT -> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(20) -> [2009/06/28 00:02:23 | 000,000,000 | ---D | M]
WOT -> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(227) -> [2009/11/05 22:38:57 | 000,000,000 | ---D | M]
DownloadHelper -> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2010/04/16 22:54:41 | 000,000,000 | ---D | M]
Fasterfox -> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91} -> [2009/08/07 23:55:55 | 000,000,000 | ---D | M]
LinkExtend -> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702} -> [2010/04/21 00:32:29 | 000,000,000 | ---D | M]
Adblock Plus -> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/05/01 20:50:46 | 000,000,000 | ---D | M]
Greasemonkey -> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> [2010/04/09 23:55:21 | 000,000,000 | ---D | M]
User Agent Switcher -> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} -> [2009/07/16 19:34:02 | 000,000,000 | ---D | M]
SearchPreview -> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} -> [2010/05/11 23:25:06 | 000,000,000 | ---D | M]
-> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\dendzones@captaincaveman.nl -> [2010/02/10 10:21:17 | 000,000,000 | ---D | M]
-> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\firefox@tvunetworks.com -> [2010/04/28 11:40:01 | 000,000,000 | ---D | M]
-> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\kosa@kallout.com -> [2009/12/05 14:56:31 | 000,000,000 | ---D | M]
-> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\searchrecs@veoh.com -> [2009/07/12 16:29:46 | 000,000,000 | ---D | M]
-> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\SkipScreen@SkipScreen(226) -> [2009/11/05 22:38:57 | 000,000,000 | ---D | M]
-> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\Strata40@SpewBoy.au -> [2010/04/21 00:32:17 | 000,000,000 | ---D | M]
-> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\tabprogressbar@studio17.wordpress.com -> [2010/01/24 11:28:14 | 000,000,000 | ---D | M]
-> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\tabscope@xuldev.org -> [2010/04/16 22:54:41 | 000,000,000 | ---D | M]
-> C:\Users\yipeng\AppData\Roaming\mozilla\Firefox\Profiles\nlyyw4q0.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions -> [2010/04/21 00:32:17 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
warech.xml -> C:\Users\yipeng\AppData\Roaming\Mozilla\FireFox\Profiles\nlyyw4q0.default\searchplugins\warech.xml -> [2009/07/01 00:43:35 | 000,001,685 | ---- | M] ()
youtube.xml -> C:\Users\yipeng\AppData\Roaming\Mozilla\FireFox\Profiles\nlyyw4q0.default\searchplugins\youtube.xml -> [2009/07/01 00:41:25 | 000,004,140 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/05/16 14:43:39 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/04/19 22:23:30 | 000,000,000 | ---D | M]
< HOSTS File > ([2006/09/19 05:41:30 | 000,000,761 | ---- | M] - 20 lines) -> C:\Windows\System32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{000123B4-9B42-4900-B3F7-F4B073EFC214} [HKLM] -> C:\Program Files\Orbitdownloader\orbitcth.dll [Octh Class] -> [2010/05/07 14:33:10 | 000,240,912 | ---- | M] (Orbitdownloader.com)
{053F9267-DC04-4294-A72C-58F732D338C0} [HKLM] -> C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [HP Print Clips] -> [2007/03/02 16:52:08 | 000,177,768 | R--- | M] (Hewlett-Packard Co.)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVGLS\avgssie.dll [AVG Safe Search] -> [2009/11/04 17:36:51 | 001,164,568 | ---- | M] (AVG Technologies CZ, s.r.o.)
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 11:36:18 | 000,137,600 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/02/05 10:21:39 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/02/05 10:23:54 | 000,812,528 | ---- | M] (Google Inc.)
{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} [HKLM] -> C:\Program Files\WOT\WOT.dll [WOT Helper] -> [2009/04/15 13:20:12 | 001,667,744 | ---- | M] ()
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/05 10:21:39 | 000,279,664 | ---- | M] (Google Inc.)
"{71576546-354D-41c9-AAE8-31F2EC22BF0D}" [HKLM] -> C:\Program Files\WOT\WOT.dll [WOT] -> [2009/04/15 13:20:12 | 001,667,744 | ---- | M] ()
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [HKLM] -> C:\Program Files\Orbitdownloader\GrabPro.dll [Grab Pro] -> [2010/05/07 14:33:10 | 000,666,816 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" [HKLM] -> C:\Windows\System32\eDStoolbar.dll [Acer eDataSecurity Management] -> [2007/02/07 14:51:48 | 000,151,552 | ---- | M] (HiTRUST)
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/05 10:21:39 | 000,279,664 | ---- | M] (Google Inc.)
WebBrowser\\"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" [HKLM] -> C:\Program Files\WOT\WOT.dll [WOT] -> [2009/04/15 13:20:12 | 001,667,744 | ---- | M] ()
WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [HKLM] -> C:\Program Files\Orbitdownloader\GrabPro.dll [Grab Pro] -> [2010/05/07 14:33:10 | 000,666,816 | ---- | M] ()
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avast5" -> C:\Program Files\Alwil Software\Avast5\avastUI.exe ["C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui] -> [2010/05/07 04:59:42 | 002,815,192 | ---- | M] (ALWIL Software)
"AVG8_TRAY" -> C:\Program Files\AVG\AVGLS\avgtray.exe [C:\PROGRA~1\AVG\AVGLS\avgtray.exe] -> [2009/07/29 23:00:30 | 001,950,488 | ---- | M] (AVG Technologies CZ, s.r.o.)
"NMSSupport" -> C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe ["C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup] -> [2006/09/27 01:56:00 | 000,423,424 | ---- | M] (Intel Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AnVir Task Manager" -> C:\Program Files\AnVir Task Manager\AnVir.exe ["C:\Program Files\AnVir Task Manager\AnVir.exe" Minimized] -> [2010/04/02 15:23:04 | 003,283,680 | ---- | M] (AnVir Software)
"RocketDock" -> C:\Program Files\RocketDock\RocketDock.exe ["C:\Program Files\RocketDock\RocketDock.exe"] -> [2007/09/02 13:58:52 | 000,495,616 | ---- | M] ()
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009/05/30 21:57:32 | 000,039,408 | ---- | M] (Google Inc.)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel
\Control Panel\\"SecChangeSettings" -> [0] -> File not found
\Control Panel\\"ConnectionsTab" -> [0] -> File not found
\Control Panel\\"SecurityTab" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions
\Restrictions\\"NoTheaterMode" -> [0] -> File not found
\Restrictions\\"NoFileOpen" -> [0] -> File not found
\Restrictions\\"NoFileNew" -> [0] -> File not found
\Restrictions\\"NoFavorites" -> [0] -> File not found
\Restrictions\\"NoBrowserSaveAs" -> [0] -> File not found
\Restrictions\\"NoBrowserOptions" -> [0] -> File not found
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" -> [0] -> File not found
\\"EnableShellExecuteHooks" -> [1] -> File not found
\\"NoResolveTrack" -> [1] -> File not found
\\"NoPropertiesMyComputer" -> [0] -> File not found
\\"NoViewContextMenu" -> [0] -> File not found
\\"NoFileAssociate" -> [0] -> File not found
\\"NoFind" -> [0] -> File not found
\\"NoClose" -> [0] -> File not found
\\"StartMenuLogoff" -> [0] -> File not found
\\"NoSMHelp" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"NoDispCPL" -> [0] -> File not found
\\"NoDispBackgroundPage" -> [0] -> File not found
\\"NoDispSettingsPage" -> [0] -> File not found
\\"NoDispScrSavPage" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Download by Orbit -> C:\Program Files\Orbitdownloader\orbitmxt.dll [res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201] -> [2010/05/07 14:33:10 | 000,101,568 | ---- | M] (Orbitdownloader.com)
&Grab video by Orbit -> C:\Program Files\Orbitdownloader\orbitmxt.dll [res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204] -> [2010/05/07 14:33:10 | 000,101,568 | ---- | M] (Orbitdownloader.com)
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2009/10/30 08:29:08 | 002,146,304 | ---- | M] (Google Inc.)
Do&wnload selected by Orbit -> C:\Program Files\Orbitdownloader\orbitmxt.dll [res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203] -> [2010/05/07 14:33:10 | 000,101,568 | ---- | M] (Orbitdownloader.com)
Down&load all by Orbit -> C:\Program Files\Orbitdownloader\orbitmxt.dll [res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202] -> [2010/05/07 14:33:10 | 000,101,568 | ---- | M] (Orbitdownloader.com)
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> [2010/02/05 10:21:56 | 000,848,896 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{58ECB495-38F0-49cb-A538-10282ABF65E7}:{E763472E-A716-4CD9-89BD-DBDA6122F741} [HKLM] -> C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll [Button: HP Clipbook] -> [2007/03/02 16:53:20 | 000,153,192 | R--- | M] (Hewlett-Packard Co.)
{700259D7-1666-479a-93B1-3250410481E8}:{A93C41D8-01F8-4F8B-B14C-DE20B117E636} [HKLM] -> C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll [Button: HP Smart Select] -> [2007/03/02 16:53:20 | 000,153,192 | R--- | M] (Hewlett-Packard Co.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6539 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://download.micr.../OGAControl.cab [Office Genuine Advantage Validation Tool] ->
{0E5F0222-96B9-11D3-8997-00104BD12D94} [HKLM] -> http://utilities.pcp...s/PCPitStop.CAB [PCPitstop Utility] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macr...director/sw.cab [Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.micr...heckControl.cab [Windows Genuine Advantage Validation Tool] ->
{20A60F0D-9AFA-4515-A0FD-83BD84642501} [HKLM] -> http://messenger.zon...kr.cab56986.cab [Checkers Class] ->
{48884C41-EFAC-433D-958A-9FADAC41408E} [HKLM] -> https://www.e-games....GamesPlugin.cab [EGamesPlugin Class] ->
{4A85DBE0-BFB2-4119-8401-186A7C6EB653} [HKLM] -> http://messenger.zon...S.cab109791.cab [] ->
{5D6F45B3-9043-443D-A792-115447494D24} [HKLM] -> http://messenger.zon...1/GAME_UNO1.cab [UnoCtrl Class] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.micros...b?1255756908135 [WUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_20] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.ma...r/ultrashim.cab [Reg Error: Value error.] ->
{94E5218F-9737-4FC2-8457-567B1FF23DC0} [HKLM] -> http://utilities.pcp...DiskMD3Ctrl.dll [diskhealth Class] ->
{A553720A-BFED-4EA4-A71F-7EFCA690A1F7} [HKLM] -> http://utilities.pcp...opAntiVirus.dll [PCPitstop AntiVirus] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zon...nt.cab56907.cab [MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_20] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_20] ->
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [HKLM] -> http://www.adobe.com...obat/nos/gp.cab [get_atlcom Class] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.m...ash/swflash.cab [Shockwave Flash Object] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.ad...Plus/1.6/gp.cab [Reg Error: Value error.] ->
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> http://messenger.zon...er.cab56986.cab [Minesweeper Flags Class] ->
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [HKLM] -> http://utilities.pcp.../pcpitstop2.dll [PCPitstop Exam] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.254 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{01550282-20E1-47A2-A450-B88968ACF9F2}\\DhcpNameServer -> 192.168.1.254 (Thomson ST Remote NDIS Device) ->
{59CCE7AB-7123-42B8-AA1E-AED13F759FB8}\\DhcpNameServer -> 192.168.1.254 (Intel® PRO/1000 PL Network Connection) ->
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
"User Stylesheet" ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2009/09/03 14:21:42 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
igfxcui -> -> File not found
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"{E31004D1-A431-41B8-826F-E902F9D95C81}" [HKLM] -> C:\Windows\System32\DreamScene.dll [Windows DreamScene] -> [2007/04/24 18:47:52 | 000,122,880 | ---- | M] (Microsoft Corporation)
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ ->
taskmgr.exe -> C:\Program Files\AnVir Task Manager\AnVir.exe [Debugger: "C:\Program Files\AnVir Task Manager\AnVir.exe"] -> [2010/04/02 15:23:04 | 003,283,680 | ---- | M] (AnVir Software)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{4F07DA45-8170-4859-9B5F-037EF2970034}" [HKLM] -> Reg Error: Key error. [OA Shell Helper]
Yiren

#9 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,241 posts

Posted 27 May 2010 - 01:14 AM

Are you sure there is no Run as Administrator? Here is two ways to do it.

Run a program as administrator from the graphical interface
You can also run a program as administrator right from a program icon. Instead of double-clicking the program icon to launch it, right-click the icon and choose Run as Administrator from the shortcut menu.

Set a program to always run as administrator
If you have a program that you run frequently, you can set the program to always run as administrator. To do this, use the following steps:
Right-click the program icon and click Properties.
On the Property sheet, click the Compatibility tab.
Under Privilege Level, select the Run this program as an administrator check box, and then click OK.

CompTIA A+ Certified IT Technician
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.


#10 yiren1

yiren1

    Advanced Member

  • Full Member
  • PipPipPip
  • 212 posts

Posted 27 May 2010 - 01:22 AM

Are you sure there is no Run as Administrator? Here is two ways to do it.

Run a program as administrator from the graphical interface
You can also run a program as administrator right from a program icon. Instead of double-clicking the program icon to launch it, right-click the icon and choose Run as Administrator from the shortcut menu.

Set a program to always run as administrator
If you have a program that you run frequently, you can set the program to always run as administrator. To do this, use the following steps:
Right-click the program icon and click Properties.
On the Property sheet, click the Compatibility tab.
Under Privilege Level, select the Run this program as an administrator check box, and then click OK.


Yes. i find it weird too. First way, cannot find. second way also cannot. please see the attached file..

Attached Thumbnails

  • Hijackthis.JPG

Edited by yiren1, 27 May 2010 - 01:23 AM.

Yiren

#11 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,241 posts

Posted 27 May 2010 - 02:11 AM

Can you make sure that the user account your loggen in as is an administrator? See this link for more information.
http://www.vistax64....count-type.html

CompTIA A+ Certified IT Technician
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.


#12 yiren1

yiren1

    Advanced Member

  • Full Member
  • PipPipPip
  • 212 posts

Posted 27 May 2010 - 02:22 AM

For your information, i am an administrator but unable to see the 'run as administrator'. only the HijackThis seems have this problem, the rest are still fine.. Had reinstall the program but still the same. so what's the problem?

Edited by yiren1, 27 May 2010 - 02:23 AM.

Yiren

#13 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,241 posts

Posted 27 May 2010 - 02:35 AM

Mhmmm, ok didn't know that. When RootRepeal didn't run, was it run as an administrator?

CompTIA A+ Certified IT Technician
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.


#14 yiren1

yiren1

    Advanced Member

  • Full Member
  • PipPipPip
  • 212 posts

Posted 27 May 2010 - 02:39 AM

Mhmmm, ok didn't know that. When RootRepeal didn't run, was it run as an administrator?


yes.. whats the solution for this??
Yiren

#15 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,241 posts

Posted 27 May 2010 - 02:47 AM

Ok, lets try a different tool then. Make sure to run it as an administrator if you can.

Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to Desktop.

Please close any open programs/windows!

Open the program and click on the Rootkit/Malware tab.
http://www.gmer.net/files.php

Make sure all the boxes on the right of the screen are checked, apart from 'Show All'.
Posted Image

Click on Scan (1).
Posted Image

When the scan has run click Copy (2) and paste the results (if any) into this thread.

CompTIA A+ Certified IT Technician
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.


#16 yiren1

yiren1

    Advanced Member

  • Full Member
  • PipPipPip
  • 212 posts

Posted 27 May 2010 - 03:18 AM

GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-27 16:16:08
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\yipeng\AppData\Local\Temp\pwrcrpow.sys


---- System - GMER 1.0.15 ----

INT 0x52 ? 88256BF8
INT 0x62 ? 88256BF8
INT 0x82 ? 86A22BF8
INT 0x82 ? 88256BF8
INT 0x82 ? 86A22BF8
INT 0x92 ? 86A1EBF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8E5D3AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8E5D38EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8E5D3A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 83783DF0 7 Bytes JMP 8E5D3A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 837EF28F 5 Bytes JMP 8E5CF536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 83848038 5 Bytes JMP 8E5D0EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 838498C3 7 Bytes JMP 8E5D38EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 838A9892 7 Bytes JMP 8E5D3ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? System32\Drivers\spvx.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8D803000, 0x2585E6, 0xE8000020]
.text USBPORT.SYS!DllUnload 89B5741B 5 Bytes JMP 882561D8

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] kernel32.dll!FindResourceExA 769B2575 7 Bytes JMP 2806C4C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] kernel32.dll!FindResourceA 769B2653 5 Bytes JMP 2806C430 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] kernel32.dll!CreateEventA 769D44C0 5 Bytes JMP 2806BF90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] kernel32.dll!LockResource 769D68DF 5 Bytes JMP 2806C670 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] kernel32.dll!FindResourceExW 769D69FD 7 Bytes JMP 2806C3B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] kernel32.dll!LoadResource 769D6ADB 7 Bytes JMP 2806C550 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] kernel32.dll!FindResourceW 769D7FA1 5 Bytes JMP 2806C330 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] kernel32.dll!SizeofResource 769D7FBF 7 Bytes JMP 2806C600 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] ADVAPI32.dll!CryptDeriveKey 7623FCAE 7 Bytes JMP 2806BAA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] ADVAPI32.dll!CryptDecrypt 7623FE91 7 Bytes JMP 2806BB00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] USER32.dll!CreateDialogParamW 76A772A2 5 Bytes JMP 2806FC80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] USER32.dll!SetWindowPlacement 76A77963 5 Bytes JMP 2806FB30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] USER32.dll!SetWindowRgn 76A7A221 7 Bytes JMP 2806FBD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] USER32.dll!LoadImageW 76A7C9E5 5 Bytes JMP 280702E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] USER32.dll!LoadIconW 76A7DA9F 5 Bytes JMP 28070460 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] USER32.dll!CreateWindowExW 76A81305 5 Bytes JMP 2806DB70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] USER32.dll!GetWindowLongW 76A8F8BF 7 Bytes JMP 28070590 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] USER32.dll!PeekMessageW 76A9045A 5 Bytes JMP 2806E590 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] USER32.dll!TrackPopupMenuEx 76AA0CE7 5 Bytes JMP 2806EC10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] USER32.dll!MessageBoxIndirectW 76ACD5D3 5 Bytes JMP 2806FE80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] WS2_32.dll!closesocket 76F3330C 5 Bytes JMP 28074BA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] WS2_32.dll!recv 76F3343A 5 Bytes JMP 28074580 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] WS2_32.dll!WSASend 76F34496 5 Bytes JMP 280749D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] WS2_32.dll!send 76F3659B 5 Bytes JMP 28074860 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] WS2_32.dll!WSARecv 76F38400 5 Bytes JMP 280746B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] SHELL32.dll!Shell_NotifyIconW 75728626 5 Bytes JMP 2806D260 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] ole32.dll!CoRegisterClassObject 76CA7DB6 5 Bytes JMP 2806C9D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] ole32.dll!CoCreateInstance 76CE9EA6 5 Bytes JMP 2806CC50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] ole32.dll!CoInitializeEx 76CEAD63 5 Bytes JMP 2806C8D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] WININET.dll!InternetReadFile 76BB654B 5 Bytes JMP 28073800 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] WININET.dll!InternetCloseHandle 76BB9088 5 Bytes JMP 28073940 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] WININET.dll!HttpOpenRequestA 76BBD508 5 Bytes JMP 280736A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1748] WININET.dll!HttpSendRequestA 76BCEE89 5 Bytes JMP 280738A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8948D6D2] \SystemRoot\System32\Drivers\spvx.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8948D040] \SystemRoot\System32\Drivers\spvx.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8948D7FC] \SystemRoot\System32\Drivers\spvx.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8948D0BE] \SystemRoot\System32\Drivers\spvx.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8948D13C] \SystemRoot\System32\Drivers\spvx.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[648] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00140002
IAT C:\Windows\system32\services.exe[648] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00140000
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73C37817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C8A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C3BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C2F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73C375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C2E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73C68395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73C3DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C2FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C2FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73CBCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73C5C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C2D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C26853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C2687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C32AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 86A241F8
Device \Driver\volmgr \Device\VolMgrControl 86A201F8
Device \Driver\usbuhci \Device\USBPDO-0 882551F8
Device \Driver\usbuhci \Device\USBPDO-1 882551F8
Device \Driver\usbuhci \Device\USBPDO-2 882551F8
Device \Driver\usbuhci \Device\USBPDO-3 882551F8
Device \Driver\usbehci \Device\USBPDO-4 882621F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\volmgr \Device\HarddiskVolume1 86A201F8
Device \Driver\volmgr \Device\HarddiskVolume2 86A201F8
Device \Driver\cdrom \Device\CdRom0 8826E1F8
Device \Driver\volmgr \Device\HarddiskVolume3 86A201F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 86A231F8
Device \Driver\iaStor \Device\Ide\iaStor0 [896B8FA0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 86A231F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [896B8FA0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\netbt \Device\NetBt_Wins_Export 888E61F8
Device \Driver\Smb \Device\NetbiosSmb 888E8500
Device \Driver\netbt \Device\NetBT_Tcpip_{59CCE7AB-7123-42B8-AA1E-AED13F759FB8} 888E61F8
Device \Driver\iScsiPrt \Device\RaidPort0 882931F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 882551F8
Device \Driver\usbuhci \Device\USBFDO-1 882551F8
Device \Driver\usbuhci \Device\USBFDO-2 882551F8
Device \Driver\usbuhci \Device\USBFDO-3 882551F8
Device \Driver\usbehci \Device\USBFDO-4 882621F8
Device \FileSystem\cdfs \Cdfs 85F471F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application@Sources MSDMine?DfSdk?Df?DfS
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application@Sources MSDMine?DfSdk?Df?DfS
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Application@Sources MSDMine?DfSdk?Df?DfS
Reg HKLM\SYSTEM\ControlSet004\Services\Eventlog\Application@Sources MSDMine?DfSdk?Df?DfS
Reg HKLM\SYSTEM\ControlSet005\Services\Eventlog\Application@Sources MSDMine?DfSdk?Df?DfS
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application@Sources MSDMine?DfSdk?Df?DfS
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet010\Services\Eventlog\Application@Sources MSDMine?DfSdk?Df?DfS
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2775447698-2230008805-802012217-1001@RefCount 14

---- EOF - GMER 1.0.15 ----

Found any malware/rootkit?
Yiren

#17 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,241 posts

Posted 27 May 2010 - 05:33 PM

Hello,

Not seeing really anything to worry about, just a little cleaning up to do and some final checks.

Step 1
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{cb0bbe60-5529-11df-aea0-001bb9772905} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0bbe60-5529-11df-aea0-001bb9772905}\shell\AutoRun\command ->
YN -> \{cb0bbe60-5529-11df-aea0-001bb9772905}\shell\AutoRun\command\\"" -> [s1.exe]
YN -> \{cb0bbe60-5529-11df-aea0-001bb9772905} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0bbe60-5529-11df-aea0-001bb9772905}\shell\open\Command ->
YN -> \{cb0bbe60-5529-11df-aea0-001bb9772905}\shell\open\Command\\"" -> [s1.exe]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Step 2
Download TFC by OldTimer to your Desktop.
  • Please double-click TFC.exe to run it.
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
    Let it run uninterrupted till it has finished.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine to ensure a complete clean.

Step 3
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 4
Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your Desktop.
    • Double click on the Posted Image icon on your Desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply along with the checkup.txt and the new OTS log.
  • Push the Posted Image button.
  • Push Posted Image

CompTIA A+ Certified IT Technician
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.


#18 yiren1

yiren1

    Advanced Member

  • Full Member
  • PipPipPip
  • 212 posts

Posted 28 May 2010 - 01:34 AM

OTS
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0bbe60-5529-11df-aea0-001bb9772905}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0bbe60-5529-11df-aea0-001bb9772905}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0bbe60-5529-11df-aea0-001bb9772905}\shell\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0bbe60-5529-11df-aea0-001bb9772905}\shell\AutoRun\command not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0bbe60-5529-11df-aea0-001bb9772905}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0bbe60-5529-11df-aea0-001bb9772905}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0bbe60-5529-11df-aea0-001bb9772905}\shell\open\Command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0bbe60-5529-11df-aea0-001bb9772905}\shell\open\Command not found.
< End of fix log >
OTS by OldTimer - Version 3.1.31.0 fix logfile created on 05282010_143219

Security Check
Results of screen317's Security Check version 0.99.4
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner (remove only)
Wise Disk Cleaner Professional v5.2
Wise Registry Cleaner 4 Free 4.92
Java™ 6 Update 20
Adobe Flash Player 10.0.32.18
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgnsx.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Anything else that i need to do?

Attached Thumbnails

  • Eset online scanner results.JPG

Edited by yiren1, 28 May 2010 - 10:26 AM.

Yiren

#19 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,241 posts

Posted 28 May 2010 - 05:47 PM

Nice job your log looks clean!
Please use the following suggestions to help prevent reinfection.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

System Restore maintains a backup of your programs and may also backup infections. I recommend using one of the following links, according to your Operating System, on how to disable and then enable System Restore.
Windows XP
Windows Vista
Windows 7

The following is a list of tools and utilities that I like to suggest to people to help keep from getting infected again. As a note, all of the tools and utilities mentioned are either free or have free versions available.

ThreatFire - Great antivirus supplement when using a free security program approach using behavior-based security.
**Tutorial on installing & using this product can be found HERE**

FileHippo.com Update Checker - Stay up to date on all of your applications with this powerful tool that will scan, detect, check, and secure the applications installed on your computer.

WOT Web of Trust - Warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory.

MVPS Hosts file - This handy download replaces your current HOSTS file with one containing well known ad sites and other bad/malicous sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

TFC Cleaner - Great tool to help speed up your computer and knock out malware that like to reside in temporary folders.

Internet Browser - Internet Explorer is not the safest nor the fastest internew browser anymore. There are way better alternatives out there that are faster, more secure, and have many more useful features. I recommend Opera or Google Chrome

It is important to run only one of each type of protection program in resident mode at a time since conflicts can make them less effective. This would mean only one resident antivirus, firewall and scanning type of anti-spyware. Programs like Spyware Blaster and MBAM do not conflict with any of these since they don't have a real time scanning engine that would conflict.

Windows Updates - It is highly recommended to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Finally, I strongly recommend Posted Image How did I get infected in the first place? (by Tony Klein)
Good luck and safe surfing :)

CompTIA A+ Certified IT Technician
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.


#20 yiren1

yiren1

    Advanced Member

  • Full Member
  • PipPipPip
  • 212 posts

Posted 29 May 2010 - 02:03 AM

Thanks for your help.. ^_^
Yiren

#21 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,241 posts

Posted 29 May 2010 - 03:46 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying HERE with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

CompTIA A+ Certified IT Technician
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button