Jump to content


Photo
- - - - -

can't remove homepage in IE & chrome


  • This topic is locked This topic is locked
19 replies to this topic

#1 erikiholloman

erikiholloman

    Member

  • Members
  • PipPipPip
  • 55 posts

Posted 10 September 2013 - 10:28 AM

Dear guestolo,
 
there was sometimes me haven't chat with you.
 
Kindly need your expertise to solve my comp. problem.
 
Problem:
Can't remove the home page in the IE and Chrome.
~every time below link will shown to my homepage. Attached HIjackthis log file FYI.
Bro, your help will be deeply appreciated. Thanks.
 
 
 
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:23:47 AM, on 9/11/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Program Files\D-Link\DWA-123\ALPBCSVC.exe
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\iQIYI\QiyiService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\QvodPlayer\QvodTerminal.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PPStream\PPSKernel.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
 
O2 - BHO: CrossriderApp0034362 - {11111111-1111-1111-1111-110311431162} - C:\Program Files\HDvid Codec V1\HDvid Codec V1-bho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: QvodGameExtend - {94C3E4BB-A261-4A83-B437-EA6F7A28CA68} - C:\Program Files\Kuaiwan\QvodGameExtend.dll
O2 - BHO: A4A90076-33D2-E65C-558E-75B41A2B8C68 Class - {A4A90076-33D2-E65C-558E-75B41A2B8C68} - C:\Program Files\addr\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\AddressBar.dll
O2 - BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files\QvodPlayer\QvodExtend\5.0.95.0\QvodExtend.dll
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NTRedirect] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Windows xp\Application Data\BabSolution\Shared\enhancedNT.dll",Run
O4 - HKUS\S-1-5-19\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe (User 'Default user')
O8 - Extra context menu item: 使用快播按图找片 - C:\Program Files\QvodPlayer\AddIn\ImgSeed.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B44AD91F-9084-47ED-BFD0-4C5FEE5FCF25}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBF7827C-2DE6-48DD-BFC5-D8B619D1E10C}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: kuwo - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0C} - (no file)
O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\261562~1.220\{c16c1~1\browse~1.dll 
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrowserDefendert - Unknown owner - C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
O23 - Service: D-Link DWA-123_PBC_WPS Service (D-Link DWA-123_PBC_WPS) - Unknown owner - C:\Program Files\D-Link\DWA-123\ALPBCSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: IQIYI Video Platform Service (QiyiService) - BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD. - C:\Program Files\iQIYI\QiyiService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
 
--
End of file - 8377 bytes
 

  • swinainkida and hanson200 like this

#2 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 10 September 2013 - 10:46 AM

Please do the following:
Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

In addition:
Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#3 erikiholloman

erikiholloman

    Member

  • Members
  • PipPipPip
  • 55 posts

Posted 10 September 2013 - 11:27 AM

 OTL.txt
 
OTL logfile created on: 9/11/2013 1:01:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Windows xp\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.42 Mb Total Physical Memory | 601.15 Mb Available Physical Memory | 62.72% Memory free
2.26 Gb Paging File | 1.97 Gb Available in Paging File | 87.16% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 27.26 Gb Free Space | 55.83% Space Free | Partition Type: NTFS
Drive F: | 25.68 Gb Total Space | 25.02 Gb Free Space | 97.42% Space Free | Partition Type: FAT32
 
Computer Name: INTEL-8271358DF | User Name: Windows xp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/09/11 01:00:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Windows xp\Desktop\OTL.exe
PRC - [2013/09/06 19:59:46 | 000,458,832 | ---- | M] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.) -- C:\Program Files\iQIYI\QiyiService.exe
PRC - [2013/08/22 19:29:32 | 001,261,184 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\Program Files\QvodPlayer\QvodTerminal.exe
PRC - [2013/08/19 18:10:25 | 000,164,816 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/08/19 18:10:18 | 001,601,488 | ---- | M] (APN) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2013/08/13 22:41:17 | 002,838,480 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
PRC - [2013/08/05 18:15:22 | 004,105,080 | ---- | M] (PPStream Inc.) -- C:\Program Files\PPStream\PPSKernel.exe
PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/08/16 15:51:30 | 000,061,440 | ---- | M] () -- C:\Program Files\D-Link\DWA-123\ALPBCSVC.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/08/22 17:19:31 | 000,187,888 | ---- | M] () -- C:\Documents and Settings\Windows xp\Application Data\BabSolution\Shared\enhancedNT.dll
MOD - [2013/08/21 19:03:42 | 004,218,288 | ---- | M] () -- C:\Program Files\QvodPlayer\QvodRes.dll
MOD - [2013/08/13 22:41:17 | 002,838,480 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
MOD - [2013/08/13 22:40:06 | 002,699,216 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
MOD - [2013/08/01 23:29:20 | 000,138,880 | ---- | M] () -- C:\Program Files\QvodPlayer\NetUtil.dll
MOD - [2013/07/17 17:28:28 | 000,261,760 | ---- | M] () -- C:\Program Files\QMovie\QvodShellIconImp.dll
MOD - [2013/07/07 21:08:40 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\ANPDApi.dll
MOD - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
MOD - [2010/08/16 15:51:30 | 000,061,440 | ---- | M] () -- C:\Program Files\D-Link\DWA-123\ALPBCSVC.exe
MOD - [2003/05/15 14:43:24 | 000,119,808 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/09/06 19:59:46 | 000,458,832 | ---- | M] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.) [Auto | Running] -- C:\Program Files\iQIYI\QiyiService.exe -- (QiyiService)
SRV - [2013/08/19 18:10:25 | 000,164,816 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/08/13 22:41:17 | 002,838,480 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/11/19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/16 15:51:30 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\DWA-123\ALPBCSVC.exe -- (D-Link DWA-123_PBC_WPS)
SRV - [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/01/26 15:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/01/26 15:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/01/26 15:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/01/24 18:36:52 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8139.SYS -- (rtl8139)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/07/07 21:08:40 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANPD.SYS -- (ANPD)
DRV - [2012/12/07 18:27:50 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2012/01/06 10:23:10 | 001,224,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Drt2870.sys -- (rt2870)
DRV - [2008/04/24 00:30:33 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007/10/18 18:28:52 | 000,052,224 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViPrt.sys -- (ViPrt)
DRV - [2007/10/18 18:28:30 | 000,016,896 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViBus.sys -- (ViBus)
DRV - [2007/10/16 18:38:30 | 004,615,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/09/21 17:49:10 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2007/07/11 13:08:46 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2006/01/03 15:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2005/03/23 11:00:57 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/16 14:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/09/21 19:53:18 | 002,278,784 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/09/01 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/04/13 20:14:12 | 000,070,144 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se...120698&tsp=4986
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.co...002018_4_hao_pg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0CC000E04D6DD155&affID=120698&tsp=4986
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com.my/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enMY374
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=ppsbaibu_oem_dg&ch=33
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: [email protected] removed for spamming:12.0.0.374
FF - prefs.js..extensions.enabledAddons: [email protected] removed for spamming:12.0.0.374
FF - prefs.js..browser.startup.homepage: "http://www.hao123.co...002018_4_hao_pg"
 
 
FF - HKLM\Software\MozillaPlugins\@iqiyi.com/npclient: C:\Program Files\iQIYI\npclient.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKCU\Software\MozillaPlugins\kwcheck: C:\Program Files\Kuaiwan\npKWCheck.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKCU\Software\MozillaPlugins\KwFlashGame: C:\Program Files\Kuaiwan\npKWFlashGame.dll (Shenzhen QVOD Technology Co.,Ltd)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007/12/21 06:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/07 08:10:52 | 000,000,000 | ---D | M]
 
[2007/12/21 06:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Extensions
[2013/09/06 20:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\extensions
[2011/03/10 18:07:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/08/26 20:11:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\extensions\[email protected]
[2013/08/26 20:11:29 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\extensions\[email protected]
[2013/09/06 20:13:44 | 000,000,000 | ---D | M] (HDvid Codec 3) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\extensions\[email protected]
[2013/06/30 16:44:04 | 000,233,016 | ---- | M] () (No name found) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\extensions\[email protected]
[2007/12/21 06:42:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\[email protected] removed for spamming
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected] removed for spamming
[2011/03/19 01:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/06/09 16:03:02 | 000,832,728 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: 
CHR - Extension: No name found = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaajabnoiehionljhjpclogplgillib\21.51087_0\
CHR - Extension: No name found = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgok