Jump to content


Photo
- - - - -

can't remove homepage in IE & chrome


  • This topic is locked This topic is locked
19 replies to this topic

#1 erikiholloman

erikiholloman

    Member

  • Members
  • PipPipPip
  • 55 posts

Posted 10 September 2013 - 10:28 AM

Dear guestolo,
 
there was sometimes me haven't chat with you.
 
Kindly need your expertise to solve my comp. problem.
 
Problem:
Can't remove the home page in the IE and Chrome.
~every time below link will shown to my homepage. Attached HIjackthis log file FYI.
Bro, your help will be deeply appreciated. Thanks.
 
 
 
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:23:47 AM, on 9/11/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Program Files\D-Link\DWA-123\ALPBCSVC.exe
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\iQIYI\QiyiService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\QvodPlayer\QvodTerminal.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PPStream\PPSKernel.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
 
O2 - BHO: CrossriderApp0034362 - {11111111-1111-1111-1111-110311431162} - C:\Program Files\HDvid Codec V1\HDvid Codec V1-bho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: QvodGameExtend - {94C3E4BB-A261-4A83-B437-EA6F7A28CA68} - C:\Program Files\Kuaiwan\QvodGameExtend.dll
O2 - BHO: A4A90076-33D2-E65C-558E-75B41A2B8C68 Class - {A4A90076-33D2-E65C-558E-75B41A2B8C68} - C:\Program Files\addr\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\AddressBar.dll
O2 - BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files\QvodPlayer\QvodExtend\5.0.95.0\QvodExtend.dll
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NTRedirect] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Windows xp\Application Data\BabSolution\Shared\enhancedNT.dll",Run
O4 - HKUS\S-1-5-19\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe (User 'Default user')
O8 - Extra context menu item: 使用快播按图找片 - C:\Program Files\QvodPlayer\AddIn\ImgSeed.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B44AD91F-9084-47ED-BFD0-4C5FEE5FCF25}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBF7827C-2DE6-48DD-BFC5-D8B619D1E10C}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: kuwo - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0C} - (no file)
O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\261562~1.220\{c16c1~1\browse~1.dll 
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrowserDefendert - Unknown owner - C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
O23 - Service: D-Link DWA-123_PBC_WPS Service (D-Link DWA-123_PBC_WPS) - Unknown owner - C:\Program Files\D-Link\DWA-123\ALPBCSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: IQIYI Video Platform Service (QiyiService) - BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD. - C:\Program Files\iQIYI\QiyiService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
 
--
End of file - 8377 bytes
 

  • swinainkida and hanson200 like this

#2 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 10 September 2013 - 10:46 AM

Please do the following:
Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

In addition:
Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#3 erikiholloman

erikiholloman

    Member

  • Members
  • PipPipPip
  • 55 posts

Posted 10 September 2013 - 11:27 AM

 OTL.txt
 
OTL logfile created on: 9/11/2013 1:01:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Windows xp\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.42 Mb Total Physical Memory | 601.15 Mb Available Physical Memory | 62.72% Memory free
2.26 Gb Paging File | 1.97 Gb Available in Paging File | 87.16% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 27.26 Gb Free Space | 55.83% Space Free | Partition Type: NTFS
Drive F: | 25.68 Gb Total Space | 25.02 Gb Free Space | 97.42% Space Free | Partition Type: FAT32
 
Computer Name: INTEL-8271358DF | User Name: Windows xp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/09/11 01:00:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Windows xp\Desktop\OTL.exe
PRC - [2013/09/06 19:59:46 | 000,458,832 | ---- | M] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.) -- C:\Program Files\iQIYI\QiyiService.exe
PRC - [2013/08/22 19:29:32 | 001,261,184 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\Program Files\QvodPlayer\QvodTerminal.exe
PRC - [2013/08/19 18:10:25 | 000,164,816 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/08/19 18:10:18 | 001,601,488 | ---- | M] (APN) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2013/08/13 22:41:17 | 002,838,480 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
PRC - [2013/08/05 18:15:22 | 004,105,080 | ---- | M] (PPStream Inc.) -- C:\Program Files\PPStream\PPSKernel.exe
PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/08/16 15:51:30 | 000,061,440 | ---- | M] () -- C:\Program Files\D-Link\DWA-123\ALPBCSVC.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/08/22 17:19:31 | 000,187,888 | ---- | M] () -- C:\Documents and Settings\Windows xp\Application Data\BabSolution\Shared\enhancedNT.dll
MOD - [2013/08/21 19:03:42 | 004,218,288 | ---- | M] () -- C:\Program Files\QvodPlayer\QvodRes.dll
MOD - [2013/08/13 22:41:17 | 002,838,480 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
MOD - [2013/08/13 22:40:06 | 002,699,216 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
MOD - [2013/08/01 23:29:20 | 000,138,880 | ---- | M] () -- C:\Program Files\QvodPlayer\NetUtil.dll
MOD - [2013/07/17 17:28:28 | 000,261,760 | ---- | M] () -- C:\Program Files\QMovie\QvodShellIconImp.dll
MOD - [2013/07/07 21:08:40 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\ANPDApi.dll
MOD - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
MOD - [2010/08/16 15:51:30 | 000,061,440 | ---- | M] () -- C:\Program Files\D-Link\DWA-123\ALPBCSVC.exe
MOD - [2003/05/15 14:43:24 | 000,119,808 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/09/06 19:59:46 | 000,458,832 | ---- | M] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.) [Auto | Running] -- C:\Program Files\iQIYI\QiyiService.exe -- (QiyiService)
SRV - [2013/08/19 18:10:25 | 000,164,816 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/08/13 22:41:17 | 002,838,480 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/11/19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/16 15:51:30 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\DWA-123\ALPBCSVC.exe -- (D-Link DWA-123_PBC_WPS)
SRV - [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/01/26 15:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/01/26 15:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/01/26 15:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/01/24 18:36:52 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8139.SYS -- (rtl8139)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/07/07 21:08:40 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANPD.SYS -- (ANPD)
DRV - [2012/12/07 18:27:50 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2012/01/06 10:23:10 | 001,224,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Drt2870.sys -- (rt2870)
DRV - [2008/04/24 00:30:33 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007/10/18 18:28:52 | 000,052,224 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViPrt.sys -- (ViPrt)
DRV - [2007/10/18 18:28:30 | 000,016,896 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViBus.sys -- (ViBus)
DRV - [2007/10/16 18:38:30 | 004,615,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/09/21 17:49:10 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2007/07/11 13:08:46 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2006/01/03 15:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2005/03/23 11:00:57 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/16 14:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/09/21 19:53:18 | 002,278,784 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/09/01 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/04/13 20:14:12 | 000,070,144 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se...120698&tsp=4986
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.co...002018_4_hao_pg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0CC000E04D6DD155&affID=120698&tsp=4986
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com.my/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enMY374
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=ppsbaibu_oem_dg&ch=33
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: [email protected] removed for spamming:12.0.0.374
FF - prefs.js..extensions.enabledAddons: [email protected] removed for spamming:12.0.0.374
FF - prefs.js..browser.startup.homepage: "http://www.hao123.co...002018_4_hao_pg"
 
 
FF - HKLM\Software\MozillaPlugins\@iqiyi.com/npclient: C:\Program Files\iQIYI\npclient.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKCU\Software\MozillaPlugins\kwcheck: C:\Program Files\Kuaiwan\npKWCheck.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKCU\Software\MozillaPlugins\KwFlashGame: C:\Program Files\Kuaiwan\npKWFlashGame.dll (Shenzhen QVOD Technology Co.,Ltd)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007/12/21 06:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/07 08:10:52 | 000,000,000 | ---D | M]
 
[2007/12/21 06:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Extensions
[2013/09/06 20:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\extensions
[2011/03/10 18:07:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/08/26 20:11:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\extensions\[email protected]
[2013/08/26 20:11:29 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\extensions\[email protected]
[2013/09/06 20:13:44 | 000,000,000 | ---D | M] (HDvid Codec 3) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\extensions\[email protected]
[2013/06/30 16:44:04 | 000,233,016 | ---- | M] () (No name found) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\extensions\[email protected]
[2007/12/21 06:42:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\[email protected] removed for spamming
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected] removed for spamming
[2011/03/19 01:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/06/09 16:03:02 | 000,832,728 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: 
CHR - Extension: No name found = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaajabnoiehionljhjpclogplgillib\21.51087_0\
CHR - Extension: No name found = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\
CHR - Extension: No name found = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_1\
CHR - Extension: No name found = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2004/09/01 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (HDvid Codec V1) - {11111111-1111-1111-1111-110311431162} - C:\Program Files\HDvid Codec V1\HDvid Codec V1-bho.dll (installdaddy)
O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (QvodGameExtend) - {94C3E4BB-A261-4A83-B437-EA6F7A28CA68} - C:\Program Files\Kuaiwan\QvodGameExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (A4A90076-33D2-E65C-558E-75B41A2B8C68 Class) - {A4A90076-33D2-E65C-558E-75B41A2B8C68} - C:\Program Files\addr\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\AddressBar.dll ()
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files\QvodPlayer\QvodExtend\5.0.95.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName File not found
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC File not found
O4 - HKCU..\Run: [NTRedirect] C:\Documents and Settings\Windows xp\Application Data\BabSolution\Shared\enhancedNT.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: 使用快播按图找片 - C:\Program Files\QvodPlayer\AddIn\ImgSeed.htm ()
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B44AD91F-9084-47ED-BFD0-4C5FEE5FCF25}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B44AD91F-9084-47ED-BFD0-4C5FEE5FCF25}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBF7827C-2DE6-48DD-BFC5-D8B619D1E10C}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol\Handler\kuwo - No CLSID value found
O18 - Protocol\Handler\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll ()
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261562~1.220\{c16c1~1\browse~1.dll) - c:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Windows xp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Windows xp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/15 10:19:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/04/17 20:23:41 | 000,000,041 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell - "" = AutoRun
O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell\AutoRun\command - "" = G:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{a44f9654-1165-11dd-86cd-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{a44f9654-1165-11dd-86cd-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a44f9654-1165-11dd-86cd-806d6172696f}\Shell\AutoRun\command - "" = E:\start.exe -- [2011/04/17 20:27:36 | 002,672,720 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\AutoRun\command - "" = G:\password_viewer.exe %1
O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\Explore\command - "" = G:\password_viewer.exe %1
O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\Open\command - "" = G:\password_viewer.exe %1
O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2107/12/21 17:14:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Windows xp\My Documents\My Pictures
[2013/09/11 01:00:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Windows xp\Desktop\OTL.exe
[2013/09/11 00:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/09/11 00:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Windows xp\Start Menu\Programs\HiJackThis
[2013/09/10 18:37:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Device
[2013/09/10 18:37:01 | 000,000,000 | --SD | C] -- C:\KuaiwanGames
[2013/09/10 14:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\快播软件
[2013/09/10 14:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\快玩游戏盒
[2013/09/10 14:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\快玩小游戏
[2013/09/10 14:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\KuaiwanWebsite
[2013/09/10 14:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\影视搜索
[2013/09/10 14:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\QMovie
[2013/09/10 14:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\Kuaiwan
[2013/09/10 14:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\KuaiWan
[2013/09/10 14:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\QvodPlayer
[2013/09/10 14:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\QvodPlayer
[2013/09/07 15:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LocalStorage
[2013/09/06 20:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork
[2013/09/06 20:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
[2013/09/06 20:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\HDvid Codec V1
[2013/09/06 20:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\HDvidCodec.com
[2013/09/06 20:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\FreeHDSport.TV
[2013/09/06 20:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\HDPlayer
[2013/09/06 20:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Windows xp\Start Menu\Programs\HDPlayer
[2013/09/06 20:00:06 | 000,000,000 | ---D | C] -- C:\qiyi
[2013/09/06 19:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\爱奇艺视频
[2013/09/06 19:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Windows xp\Application Data\Qiyi
[2013/09/06 19:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QiYi
[2013/09/06 19:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\iQIYI
[2013/09/06 19:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Windows xp\Application Data\baiduAddr
[2013/09/06 19:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Baidu
[2013/09/06 19:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\addr
[2013/09/06 19:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\PPSGame
[2013/09/06 19:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\ppstream
[2013/09/06 19:52:38 | 000,000,000 | ---D | C] -- C:\ppsfile
[2013/09/06 19:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PPStream
[2013/09/06 19:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\PPStream
[2013/08/27 20:55:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2013/08/26 20:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013/08/26 20:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Windows xp\Application Data\Delta
[2013/08/26 20:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Windows xp\Local Settings\Application Data\avgchrome
[2013/08/26 20:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Windows xp\Start Menu\Programs\BrowserDefender
[2013/08/26 20:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BrowserDefender
[2013/08/26 20:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Windows xp\Application Data\BabSolution
[2013/08/26 20:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/08/26 20:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Windows xp\Application Data\SwvUpdater
[2013/08/26 20:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\dumps
[2013/08/26 20:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2013/08/26 20:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013/08/26 20:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Steam
[2013/08/21 14:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Converter
[2013/08/17 22:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2113/03/08 09:08:19 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{36D868C8-689F-4EB6-B057-451A314795A9}.job
[2107/12/21 20:36:54 | 1005,076,480 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/09/11 01:14:01 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\BrowserDefendert.job
[2013/09/11 01:10:41 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-287218729-725345543-1003UA.job
[2013/09/11 01:01:10 | 001,037,278 | ---- | M] () -- C:\Documents and Settings\Windows xp\Desktop\adwcleaner.exe
[2013/09/11 01:00:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Windows xp\Desktop\OTL.exe
[2013/09/11 00:22:34 | 000,001,994 | ---- | M] () -- C:\Documents and Settings\Windows xp\Desktop\HiJackThis.lnk
[2013/09/11 00:13:55 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013/09/11 00:13:47 | 000,001,210 | ---- | M] () -- C:\WINDOWS\tasks\HDvid Codec V1-updater.job
[2013/09/11 00:13:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/11 00:13:42 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2013/09/11 00:13:41 | 000,001,204 | ---- | M] () -- C:\WINDOWS\tasks\HDvid Codec V1-codedownloader.job
[2013/09/11 00:13:36 | 000,001,114 | ---- | M] () -- C:\WINDOWS\tasks\HDvid Codec V1-enabler.job
[2013/09/11 00:13:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/11 00:13:11 | 1005,047,808 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/11 00:13:05 | 000,000,921 | ---- | M] () -- C:\WINDOWS\PSNetwork.ini
[2013/09/10 19:11:38 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2013/09/10 14:35:00 | 000,001,598 | ---- | M] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk
[2013/09/10 14:35:00 | 000,001,586 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\快播.lnk
[2013/09/10 14:34:20 | 000,001,572 | ---- | M] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\快玩游戏盒.lnk
[2013/09/10 14:34:20 | 000,001,566 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\快玩游戏盒.lnk
[2013/09/10 14:33:49 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\影视搜索.lnk
[2013/09/10 14:33:45 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\影视搜索.qvd
[2013/09/10 14:19:13 | 000,000,921 | ---- | M] () -- C:\WINDOWS\PowerPlayer.ini
[2013/09/10 14:19:13 | 000,000,148 | ---- | M] () -- C:\WINDOWS\PPStream.ini
[2013/09/10 14:19:12 | 000,000,675 | ---- | M] () -- C:\WINDOWS\powerlist.ini
[2013/09/07 17:09:03 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-287218729-725345543-1003Core.job
[2013/09/06 20:12:51 | 000,000,505 | ---- | M] () -- C:\Documents and Settings\Windows xp\Desktop\HDPlayer.lnk
[2013/09/06 19:53:31 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS游戏.lnk
[2013/09/06 19:52:58 | 000,000,049 | ---- | M] () -- C:\WINDOWS\phw.ini
[2013/09/06 19:52:36 | 000,001,136 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\百度视频.lnk
[2013/09/06 19:52:36 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2013/09/06 19:52:36 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PPS影音.lnk
[2013/09/06 18:06:20 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\EPUpdater.job
[2013/09/05 19:48:14 | 000,045,194 | ---- | M] () -- C:\Documents and Settings\Windows xp\Application Data\room_v3.dat
[2013/09/05 17:19:55 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/05 17:19:54 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Windows xp\Desktop\Google Chrome.lnk
[2013/08/26 20:00:23 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2013/08/26 19:59:55 | 001,669,632 | ---- | M] () -- C:\Documents and Settings\Windows xp\Desktop\SteamInstall.msi
[2013/08/16 13:19:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/16 13:09:49 | 000,434,126 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/16 13:09:49 | 000,068,412 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/11 01:01:23 | 001,037,278 | ---- | C] () -- C:\Documents and Settings\Windows xp\Desktop\adwcleaner.exe
[2013/09/11 00:22:34 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\Windows xp\Desktop\HiJackThis.lnk
[2013/09/11 00:13:27 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\BrowserDefendert.job
[2013/09/10 14:35:00 | 000,001,598 | ---- | C] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk
[2013/09/10 14:35:00 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\快播.lnk
[2013/09/10 14:34:20 | 000,001,572 | ---- | C] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\快玩游戏盒.lnk
[2013/09/10 14:34:20 | 000,001,566 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\快玩游戏盒.lnk
[2013/09/10 14:33:49 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\影视搜索.lnk
[2013/09/10 14:33:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\影视搜索.qvd
[2013/09/06 20:15:15 | 000,001,210 | ---- | C] () -- C:\WINDOWS\tasks\HDvid Codec V1-updater.job
[2013/09/06 20:15:12 | 000,001,114 | ---- | C] () -- C:\WINDOWS\tasks\HDvid Codec V1-enabler.job
[2013/09/06 20:15:03 | 000,001,204 | ---- | C] () -- C:\WINDOWS\tasks\HDvid Codec V1-codedownloader.job
[2013/09/06 20:12:51 | 000,000,505 | ---- | C] () -- C:\Documents and Settings\Windows xp\Desktop\HDPlayer.lnk
[2013/09/06 19:53:31 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS游戏.lnk
[2013/09/06 19:53:31 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PPS 游戏.lnk
[2013/09/06 19:53:12 | 000,000,675 | ---- | C] () -- C:\WINDOWS\powerlist.ini
[2013/09/06 19:52:58 | 000,000,049 | ---- | C] () -- C:\WINDOWS\phw.ini
[2013/09/06 19:52:37 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PPS 影音.lnk
[2013/09/06 19:52:36 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\百度视频.lnk
[2013/09/06 19:52:36 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2013/09/06 19:52:36 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PPS影音.lnk
[2013/09/06 19:52:35 | 000,000,148 | ---- | C] () -- C:\WINDOWS\PPStream.ini
[2013/09/06 19:52:26 | 000,000,921 | ---- | C] () -- C:\WINDOWS\PSNetwork.ini
[2013/09/06 19:52:26 | 000,000,921 | ---- | C] () -- C:\WINDOWS\PowerPlayer.ini
[2013/08/26 20:08:29 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\EPUpdater.job
[2013/08/26 20:07:43 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2013/08/26 20:00:23 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2013/08/26 19:59:35 | 001,669,632 | ---- | C] () -- C:\Documents and Settings\Windows xp\Desktop\SteamInstall.msi
[2013/08/08 15:42:36 | 000,045,194 | ---- | C] () -- C:\Documents and Settings\Windows xp\Application Data\room_v3.dat
[2013/07/07 21:08:40 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ANPDApi.dll
[2013/07/07 21:08:40 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANPD64.SYS
[2013/07/07 21:08:40 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANPD.SYS
[2013/07/07 21:08:36 | 000,014,119 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2013/07/07 08:14:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/06/28 11:40:52 | 000,000,021 | ---- | C] () -- C:\WINDOWS\KwYlx.dat
[2007/12/21 00:27:18 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Windows xp\Local Settings\Application Data\WebpageIcons.db
[2005/06/15 17:39:48 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Windows xp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2010/04/29 22:31:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 08:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >


#4 erikiholloman

erikiholloman

    Member

  • Members
  • PipPipPip
  • 55 posts

Posted 10 September 2013 - 11:28 AM

Extras.txt
 
OTL Extras logfile created on: 9/11/2013 1:01:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Windows xp\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.42 Mb Total Physical Memory | 601.15 Mb Available Physical Memory | 62.72% Memory free
2.26 Gb Paging File | 1.97 Gb Available in Paging File | 87.16% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 27.26 Gb Free Space | 55.83% Space Free | Partition Type: NTFS
Drive F: | 25.68 Gb Total Space | 25.02 Gb Free Space | 97.42% Space Free | Partition Type: FAT32
 
Computer Name: INTEL-8271358DF | User Name: Windows xp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.EAGKUJHGSN5CZ7MNY7YXDD3TQQ] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [kwopen] -- "C:\Program Files\kuwo\KWMUSIC2013\KwMusic.exe" \dir "%1" (酷我科技)
Directory [kwplaylist] -- "C:\Program Files\kuwo\KWMUSIC2013\KwMusic.exe" \dirlist "%1" (酷我科技)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\kuwo\KWMUSIC2013\bin\KwService.exe" = C:\Program Files\kuwo\KWMUSIC2013\bin\KwService.exe:*:Enabled:酷我核心服务 -- ()
"C:\Program Files\kuwo\KWMUSIC2013\bin\KwMusic.exe" = C:\Program Files\kuwo\KWMUSIC2013\bin\KwMusic.exe:*:Enabled:酷我音乐 -- ()
"C:\Program Files\Garena Plus\Room\garena_room.exe" = C:\Program Files\Garena Plus\Room\garena_room.exe:*:Enabled:garena_room -- ()
"C:\Program Files\Garena Plus\ggdllhost.exe" = C:\Program Files\Garena Plus\ggdllhost.exe:*:Enabled:ggdllhost -- ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Documents and Settings\Windows xp\Application Data\PPStream\ppsupdate.exe" = C:\Documents and Settings\Windows xp\Application Data\PPStream\ppsupdate.exe:*:Enabled:PPSUpdate -- (PPStream Inc.)
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS网络电视 -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSKernel.exe" = C:\Program Files\PPStream\PPSKernel.exe:*:Enabled:PPS网络电视 网络数据传输组件 -- (PPStream Inc.)
"C:\Program Files\PPSGame\PPSGame.exe" = C:\Program Files\PPSGame\PPSGame.exe:*:Enabled:游戏大厅客户端 -- (PPStream Inc.)
"C:\Program Files\PPSGame\updatermini.exe" = C:\Program Files\PPSGame\updatermini.exe:*:Enabled:updater Module -- (PPStream Inc.)
"C:\Documents and Settings\All Users\Application Data\QiYi\QiyiKernel\App\QiyiKernel.exe" = C:\Documents and Settings\All Users\Application Data\QiYi\QiyiKernel\App\QiyiKernel.exe:*:Enabled:QiyiKernel -- (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.)
"C:\Program Files\iQIYI\QiyiClient.exe" = C:\Program Files\iQIYI\QiyiClient.exe:*:Enabled:QIYICLIENT -- (爱奇艺)
"C:\Program Files\iQIYI\QYFollowVideo.exe" = C:\Program Files\iQIYI\QYFollowVideo.exe:*:Enabled:QYFollowVideo -- (爱奇艺)
"C:\Documents and Settings\Windows xp\My Documents\Downloads\QvodSetup5.exe" = C:\Documents and Settings\Windows xp\My Documents\Downloads\QvodSetup5.exe:*:Enabled:LibTerminal4.0 -- (Shenzhen QVOD Technology Co.,Ltd)
"C:\Program Files\QvodPlayer\QvodTerminal.exe" = C:\Program Files\QvodPlayer\QvodTerminal.exe:*:Enabled:QvodPlayer -- (Shenzhen QVOD Technology Co.,Ltd)
"C:\Program Files\Kuaiwan\Kuaiwan.exe" = C:\Program Files\Kuaiwan\Kuaiwan.exe:*:Enabled:KUAIWAN4.0 -- (Shenzhen QVOD Technology Co.,Ltd)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}" = PIF DESIGNER2.1
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2236B741-6631-49AE-B76E-3E14CA01CC87}" = RemoteCapture Task
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{434D452D-5637-006A-76A7-A758B70C0300}" = Ask Toolbar
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{93D2C527-3C7F-4D25-8648-B5B681D16A39}" = D-Link DWA-123
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}" = ACDSee 5.0 Standard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F99F74B4-972B-4B06-B893-6B3B0DB0128B}" = ACDSee Pro
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"1ClickDownload" = HDPlayer
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Addr201305" = Addr
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"All-in-one 3D Space Screensavers Bundle_is1" = All-in-One Space Bundle
"ATI Display Driver" = ATI Display Driver
"delta" = Delta toolbar  
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"EPSON Printer and Utilities" = EPSON Printer Software
"ESC45 Reference Guide" = ESC45 Reference Guide
"ESC45 Software Guide" = ESC45 Software Guide
"HDvid Codec V1" = HDvid Codec V1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"im" = Garena Plus
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{2236B741-6631-49AE-B76E-3E14CA01CC87}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1
"Kuaiwan" = 快玩 V3.3.0.6
"KuaiwanWebsite" = KuaiwanWebsite 1.0
"KwMusic7" = 酷我音乐 2013
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01
"PhotoRecord" = Canon PhotoRecord
"PPSGame" = PPS游戏 V1.2.2.10
"PPStream" = PPS影音 V3.1.0.1107 正式版
"QuickTime" = QuickTime
"QvodPlayer" = 快播 5.15.145
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"SuperCleaner" = SuperCleaner
"VIA Chrome9 HC IGP Family Display" = VIA Display Driver 6.14.10.0099
"VLC media player" = VLC media player 1.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"影视搜索" = 影视搜索
"爱奇艺视频" = 爱奇艺视频2.0
"酷我游戏" = 酷我游戏 2.1.1.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 7/17/2013 10:28:46 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 with error: This operation returned because the timeout period expired.  
 
Error - 7/17/2013 10:28:46 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 with error: The specified server cannot perform the requested operation.  
 
[ System Events ]
Error - 7/7/2013 9:04:19 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 7/7/2013 9:04:45 AM | Computer Name = INTEL-8271358DF | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   IntelIde  PCIIde  ViaIde
 
Error - 7/7/2013 9:11:58 AM | Computer Name = INTEL-8271358DF | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Type with the following error:
   %%5
 
Error - 7/13/2013 4:20:35 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 7/13/2013 4:26:20 AM | Computer Name = INTEL-8271358DF | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.2
 with the system  having network hardware address 44:6D:57:3B:CC:17. Network operations
 on this system may  be disrupted as a result.
 
Error - 7/14/2013 1:18:49 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 7/22/2013 1:17:02 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 7/23/2013 1:43:57 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 7/23/2013 3:00:34 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 7/23/2013 7:27:59 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
 
< End of report >


#5 erikiholloman

erikiholloman

    Member

  • Members
  • PipPipPip
  • 55 posts

Posted 10 September 2013 - 11:29 AM

# AdwCleaner v3.003 - Report created 11/09/2013 at 01:18:58
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Windows xp - INTEL-8271358DF
# Running from : C:\Documents and Settings\Windows xp\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : APNMCP
Service Deleted : BrowserDefendert
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
[!] Folder Deleted : C:\Documents and Settings\All Users\Application Data\BrowserDefender
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\baidu
Folder Deleted : C:\Program Files\delta
Folder Deleted : C:\Program Files\HDvidCodec.com
Folder Deleted : C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp\apn
Folder Deleted : C:\Documents and Settings\Windows xp\IECompatCache
Folder Deleted : C:\Documents and Settings\Windows xp\Application Data\BabSolution
Folder Deleted : C:\Documents and Settings\Windows xp\Application Data\delta
Folder Deleted : C:\Documents and Settings\Windows xp\Application Data\SwvUpdater
Folder Deleted : C:\Documents and Settings\Windows xp\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\Extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\Extensions\[email protected]
[!] Folder Deleted : C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
File Deleted : C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\bProtector_extensions.rdf
File Deleted : C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\bprotector_extensions.sqlite
File Deleted : C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\bprotector_prefs.js
File Deleted : C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\user.js
File Deleted : C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
File Deleted : C:\WINDOWS\Tasks\AmiUpdXp.job
File Deleted : C:\WINDOWS\Tasks\BrowserDefendert.job
File Deleted : C:\WINDOWS\Tasks\EPUpdater.job
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NTRedirect]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0034362.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0034362.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0034362.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0034362.Sandbox.1
Key Deleted : HKCU\Software\5b558dd9b23cbe17
Key Deleted : HKLM\SOFTWARE\5b558dd9b23cbe17
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311431162}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322432262}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355435562}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366436662}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344434462}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311431162}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311431162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\docume~1\alluse~1\applic~1\browse~1\261562~1.220\{c16c1~1\browse~1.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]
 
-\\ Mozilla Firefox v4.0 (en-US)
 
[ File : C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [11191 octets] - [11/09/2013 01:15:39]
AdwCleaner[S0].txt - [11039 octets] - [11/09/2013 01:18:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11100 octets] ##########


#6 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 10 September 2013 - 11:37 AM

You used the CLEAN option in Adwcleaner.exe, can I have you reopen Adwcleaner and this time run the SEARCH SCAN feature, when done click on REPORT and post the new log

Edited by guestolo, 10 September 2013 - 11:52 AM.
Changed Search to Scan and added click on Report

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#7 erikiholloman

erikiholloman

    Member

  • Members
  • PipPipPip
  • 55 posts

Posted 10 September 2013 - 11:54 AM

# AdwCleaner v3.003 - Report created 11/09/2013 at 01:53:26
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Windows xp - INTEL-8271358DF
# Running from : C:\Documents and Settings\Windows xp\Desktop\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\Documents and Settings\Windows xp\IECompatCache
Folder Found C:\Program Files\baidu
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v4.0 (en-US)
 
[ File : C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [11191 octets] - [11/09/2013 01:15:39]
AdwCleaner[R1].txt - [1001 octets] - [11/09/2013 01:53:26]
AdwCleaner[S0].txt - [11181 octets] - [11/09/2013 01:18:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1122 octets] ##########


#8 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 10 September 2013 - 12:08 PM

Let's see what leftovers we can find....
I updated my canned speech to Adwcleaner as it was outdated..
Just noticed there was no more Search feature

Can you do the following please:
Delete the reports of OTL.tx and Extras.txt on desktop
We're going to redo OTL.exe in a bit and post new logs.. See what's leftover

Don't run OTL.exe yet, instead do the following:
Please download Junkware Removal Tool to your desktop.

Run the tool by double-clicking it.
The tool will open, select any key to start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Reopen OTL.exe Select 'Use Safelist' under Extra Registry, don't change any other settings, then choose to Run a Scan, when done, post the log that opens>> OTL.txt and also Extras.txt

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#9 erikiholloman

erikiholloman

    Member

  • Members
  • PipPipPip
  • 55 posts

Posted 10 September 2013 - 12:28 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Microsoft Windows XP x86
Ran by Windows xp on 09/11/2013 Wed at  2:18:15.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\addresssearch.jsobject
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\addresssearch.jsobject.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\addresssearch.snavhttpprotocol
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\addresssearch.snavhttpprotocol.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\asbarbroker.bdbroker
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\asbarbroker.bdbroker.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-527237240-287218729-725345543-1003\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files\baidu"
Successfully deleted: [Folder] "C:\Program Files\free video converter"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Documents and Settings\Windows xp\Application Data\mozilla\firefox\profiles\7cuu0kyg.default\prefs.js
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/11/2013 Wed at  2:24:30.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 erikiholloman

erikiholloman

    Member

  • Members
  • PipPipPip
  • 55 posts

Posted 10 September 2013 - 12:36 PM

OTL logfile created on: 9/11/2013 2:28:40 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Windows xp\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.42 Mb Total Physical Memory | 593.66 Mb Available Physical Memory | 61.94% Memory free
2.26 Gb Paging File | 2.02 Gb Available in Paging File | 89.42% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 27.23 Gb Free Space | 55.76% Space Free | Partition Type: NTFS
Drive F: | 25.68 Gb Total Space | 25.02 Gb Free Space | 97.42% Space Free | Partition Type: FAT32
 
Computer Name: INTEL-8271358DF | User Name: Windows xp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/09/11 01:00:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Windows xp\Desktop\OTL.exe
PRC - [2013/09/03 04:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/08/22 19:29:32 | 001,261,184 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\Program Files\QvodPlayer\QvodTerminal.exe
PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/08/16 15:51:30 | 000,061,440 | ---- | M] () -- C:\Program Files\D-Link\DWA-123\ALPBCSVC.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 08:12:15 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe
PRC - [2004/01/14 02:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I3T1.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/09/03 04:35:56 | 000,410,576 | ---- | M] () -- C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll
MOD - [2013/09/03 04:35:54 | 004,053,456 | ---- | M] () -- C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/03 04:35:01 | 001,604,560 | ---- | M] () -- C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2013/08/21 19:03:42 | 004,218,288 | ---- | M] () -- C:\Program Files\QvodPlayer\QvodRes.dll
MOD - [2013/08/01 23:29:20 | 000,138,880 | ---- | M] () -- C:\Program Files\QvodPlayer\NetUtil.dll
MOD - [2013/07/07 21:08:40 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\ANPDApi.dll
MOD - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
MOD - [2010/08/16 15:51:30 | 000,061,440 | ---- | M] () -- C:\Program Files\D-Link\DWA-123\ALPBCSVC.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/11/19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/16 15:51:30 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\DWA-123\ALPBCSVC.exe -- (D-Link DWA-123_PBC_WPS)
SRV - [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/01/26 15:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/01/26 15:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/01/26 15:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/01/24 18:36:52 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8139.SYS -- (rtl8139)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/07/07 21:08:40 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANPD.SYS -- (ANPD)
DRV - [2012/12/07 18:27:50 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2012/01/06 10:23:10 | 001,224,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Drt2870.sys -- (rt2870)
DRV - [2008/04/24 00:30:33 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007/10/18 18:28:52 | 000,052,224 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViPrt.sys -- (ViPrt)
DRV - [2007/10/18 18:28:30 | 000,016,896 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViBus.sys -- (ViBus)
DRV - [2007/10/16 18:38:30 | 004,615,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/09/21 17:49:10 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2007/07/11 13:08:46 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2006/01/03 15:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2005/03/23 11:00:57 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/16 14:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/09/21 19:53:18 | 002,278,784 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/09/01 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/04/13 20:14:12 | 000,070,144 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com.my/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enMY374
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: [email protected] removed for spamming:12.0.0.374
FF - prefs.js..extensions.enabledAddons: [email protected] removed for spamming:12.0.0.374
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007/12/21 06:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/07 08:10:52 | 000,000,000 | ---D | M]
 
[2007/12/21 06:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Extensions
[2013/09/11 01:19:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\extensions
[2011/03/10 18:07:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/09/06 20:13:44 | 000,000,000 | ---D | M] (HDvid Codec 3) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\extensions\[email protected]
[2013/06/30 16:44:04 | 000,233,016 | ---- | M] () (No name found) -- C:\Documents and Settings\Windows xp\Application Data\Mozilla\Firefox\Profiles\7cuu0kyg.default\extensions\[email protected]
[2007/12/21 06:42:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\[email protected] removed for spamming
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected] removed for spamming
[2011/03/19 01:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/06/09 16:03:02 | 000,832,728 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.374_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_1\
CHR - Extension: Gmail = C:\Documents and Settings\Windows xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2004/09/01 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (A4A90076-33D2-E65C-558E-75B41A2B8C68 Class) - {A4A90076-33D2-E65C-558E-75B41A2B8C68} - C:\Program Files\addr\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\AddressBar.dll ()
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files\QvodPlayer\QvodExtend\5.0.95.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName File not found
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: 使用快播按图找片 - C:\Program Files\QvodPlayer\AddIn\ImgSeed.htm ()
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B44AD91F-9084-47ED-BFD0-4C5FEE5FCF25}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B44AD91F-9084-47ED-BFD0-4C5FEE5FCF25}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBF7827C-2DE6-48DD-BFC5-D8B619D1E10C}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol\Handler\kuwo - No CLSID value found
O18 - Protocol\Handler\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Windows xp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Windows xp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/15 10:19:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell - "" = AutoRun
O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell\AutoRun\command - "" = G:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\AutoRun\command - "" = G:\password_viewer.exe %1
O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\Explore\command - "" = G:\password_viewer.exe %1
O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\Open\command - "" = G:\password_viewer.exe %1
O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2107/12/21 17:14:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Windows xp\My Documents\My Pictures
[2013/09/11 02:18:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/09/11 01:22:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Windows xp\IECompatCache
[2013/09/11 01:15:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/11 01:00:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Windows xp\Desktop\OTL.exe
[2013/09/11 00:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/09/11 00:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Windows xp\Start Menu\Programs\HiJackThis
[2013/09/10 18:37:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Device
[2013/09/10 18:37:01 | 000,000,000 | --SD | C] -- C:\KuaiwanGames
[2013/09/10 14:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\快播软件
[2013/09/10 14:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\QMovie
[2013/09/10 14:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\Kuaiwan
[2013/09/10 14:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\KuaiWan
[2013/09/10 14:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\QvodPlayer
[2013/09/10 14:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\QvodPlayer
[2013/09/07 15:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LocalStorage
[2013/09/06 20:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\HDvid Codec V1
[2013/09/06 20:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\FreeHDSport.TV
[2013/09/06 20:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\HDPlayer
[2013/09/06 20:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Windows xp\Start Menu\Programs\HDPlayer
[2013/09/06 20:00:06 | 000,000,000 | ---D | C] -- C:\qiyi
[2013/09/06 19:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Windows xp\Application Data\Qiyi
[2013/09/06 19:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QiYi
[2013/09/06 19:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Windows xp\Application Data\baiduAddr
[2013/09/06 19:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\addr
[2013/09/06 19:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\PPSGame
[2013/09/06 19:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\ppstream
[2013/09/06 19:52:38 | 000,000,000 | ---D | C] -- C:\ppsfile
[2013/09/06 19:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PPStream
[2013/09/06 19:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\PPStream
[2013/08/27 20:55:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2013/08/26 20:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Windows xp\Local Settings\Application Data\avgchrome
[2013/08/26 20:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\dumps
[2013/08/26 20:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2013/08/26 20:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013/08/26 20:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Steam
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2113/03/08 09:08:19 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{36D868C8-689F-4EB6-B057-451A314795A9}.job
[2107/12/21 20:36:54 | 1005,076,480 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/09/11 02:15:02 | 000,001,210 | ---- | M] () -- C:\WINDOWS\tasks\HDvid Codec V1-updater.job
[2013/09/11 02:15:00 | 000,001,204 | ---- | M] () -- C:\WINDOWS\tasks\HDvid Codec V1-codedownloader.job
[2013/09/11 02:15:00 | 000,001,114 | ---- | M] () -- C:\WINDOWS\tasks\HDvid Codec V1-enabler.job
[2013/09/11 02:09:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-287218729-725345543-1003UA.job
[2013/09/11 01:20:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/11 01:20:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/11 01:20:04 | 1005,047,808 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/11 01:01:10 | 001,037,278 | ---- | M] () -- C:\Documents and Settings\Windows xp\Desktop\adwcleaner.exe
[2013/09/11 01:00:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Windows xp\Desktop\OTL.exe
[2013/09/11 00:22:34 | 000,001,994 | ---- | M] () -- C:\Documents and Settings\Windows xp\Desktop\HiJackThis.lnk
[2013/09/11 00:13:55 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013/09/11 00:13:05 | 000,000,921 | ---- | M] () -- C:\WINDOWS\PSNetwork.ini
[2013/09/10 19:11:38 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2013/09/10 14:35:00 | 000,001,598 | ---- | M] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk
[2013/09/10 14:35:00 | 000,001,586 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\快播.lnk
[2013/09/10 14:19:13 | 000,000,921 | ---- | M] () -- C:\WINDOWS\PowerPlayer.ini
[2013/09/10 14:19:13 | 000,000,148 | ---- | M] () -- C:\WINDOWS\PPStream.ini
[2013/09/10 14:19:12 | 000,000,675 | ---- | M] () -- C:\WINDOWS\powerlist.ini
[2013/09/07 17:09:03 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-287218729-725345543-1003Core.job
[2013/09/06 20:12:51 | 000,000,505 | ---- | M] () -- C:\Documents and Settings\Windows xp\Desktop\HDPlayer.lnk
[2013/09/06 19:53:31 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS游戏.lnk
[2013/09/06 19:52:58 | 000,000,049 | ---- | M] () -- C:\WINDOWS\phw.ini
[2013/09/06 19:52:36 | 000,001,136 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\百度视频.lnk
[2013/09/06 19:52:36 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2013/09/06 19:52:36 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PPS影音.lnk
[2013/09/05 19:48:14 | 000,045,194 | ---- | M] () -- C:\Documents and Settings\Windows xp\Application Data\room_v3.dat
[2013/09/05 17:19:55 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/05 17:19:54 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Windows xp\Desktop\Google Chrome.lnk
[2013/08/26 20:00:23 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2013/08/26 19:59:55 | 001,669,632 | ---- | M] () -- C:\Documents and Settings\Windows xp\Desktop\SteamInstall.msi
[2013/08/16 13:19:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/16 13:09:49 | 000,434,126 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/16 13:09:49 | 000,068,412 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/11 01:01:23 | 001,037,278 | ---- | C] () -- C:\Documents and Settings\Windows xp\Desktop\adwcleaner.exe
[2013/09/11 00:22:34 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\Windows xp\Desktop\HiJackThis.lnk
[2013/09/10 14:35:00 | 000,001,598 | ---- | C] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk
[2013/09/10 14:35:00 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\快播.lnk
[2013/09/06 20:15:15 | 000,001,210 | ---- | C] () -- C:\WINDOWS\tasks\HDvid Codec V1-updater.job
[2013/09/06 20:15:12 | 000,001,114 | ---- | C] () -- C:\WINDOWS\tasks\HDvid Codec V1-enabler.job
[2013/09/06 20:15:03 | 000,001,204 | ---- | C] () -- C:\WINDOWS\tasks\HDvid Codec V1-codedownloader.job
[2013/09/06 20:12:51 | 000,000,505 | ---- | C] () -- C:\Documents and Settings\Windows xp\Desktop\HDPlayer.lnk
[2013/09/06 19:53:31 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS游戏.lnk
[2013/09/06 19:53:31 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PPS 游戏.lnk
[2013/09/06 19:53:12 | 000,000,675 | ---- | C] () -- C:\WINDOWS\powerlist.ini
[2013/09/06 19:52:58 | 000,000,049 | ---- | C] () -- C:\WINDOWS\phw.ini
[2013/09/06 19:52:37 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PPS 影音.lnk
[2013/09/06 19:52:36 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\百度视频.lnk
[2013/09/06 19:52:36 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Windows xp\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2013/09/06 19:52:36 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PPS影音.lnk
[2013/09/06 19:52:35 | 000,000,148 | ---- | C] () -- C:\WINDOWS\PPStream.ini
[2013/09/06 19:52:26 | 000,000,921 | ---- | C] () -- C:\WINDOWS\PSNetwork.ini
[2013/09/06 19:52:26 | 000,000,921 | ---- | C] () -- C:\WINDOWS\PowerPlayer.ini
[2013/08/26 20:00:23 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2013/08/26 19:59:35 | 001,669,632 | ---- | C] () -- C:\Documents and Settings\Windows xp\Desktop\SteamInstall.msi
[2013/08/08 15:42:36 | 000,045,194 | ---- | C] () -- C:\Documents and Settings\Windows xp\Application Data\room_v3.dat
[2013/07/07 21:08:40 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ANPDApi.dll
[2013/07/07 21:08:40 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANPD64.SYS
[2013/07/07 21:08:40 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANPD.SYS
[2013/07/07 21:08:36 | 000,014,119 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2013/07/07 08:14:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/06/28 11:40:52 | 000,000,021 | ---- | C] () -- C:\WINDOWS\KwYlx.dat
[2007/12/21 00:27:18 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Windows xp\Local Settings\Application Data\WebpageIcons.db
[2005/06/15 17:39:48 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Windows xp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2010/04/29 22:31:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 08:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >


#11 erikiholloman

erikiholloman

    Member

  • Members
  • PipPipPip
  • 55 posts

Posted 10 September 2013 - 12:38 PM

OTL Extras logfile created on: 9/11/2013 2:28:40 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Windows xp\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.42 Mb Total Physical Memory | 593.66 Mb Available Physical Memory | 61.94% Memory free
2.26 Gb Paging File | 2.02 Gb Available in Paging File | 89.42% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 27.23 Gb Free Space | 55.76% Space Free | Partition Type: NTFS
Drive F: | 25.68 Gb Total Space | 25.02 Gb Free Space | 97.42% Space Free | Partition Type: FAT32
 
Computer Name: INTEL-8271358DF | User Name: Windows xp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.EAGKUJHGSN5CZ7MNY7YXDD3TQQ] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [kwopen] -- "C:\Program Files\kuwo\KWMUSIC2013\KwMusic.exe" \dir "%1" (酷我科技)
Directory [kwplaylist] -- "C:\Program Files\kuwo\KWMUSIC2013\KwMusic.exe" \dirlist "%1" (酷我科技)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\kuwo\KWMUSIC2013\bin\KwService.exe" = C:\Program Files\kuwo\KWMUSIC2013\bin\KwService.exe:*:Enabled:酷我核心服务 -- ()
"C:\Program Files\kuwo\KWMUSIC2013\bin\KwMusic.exe" = C:\Program Files\kuwo\KWMUSIC2013\bin\KwMusic.exe:*:Enabled:酷我音乐 -- ()
"C:\Program Files\Garena Plus\Room\garena_room.exe" = C:\Program Files\Garena Plus\Room\garena_room.exe:*:Enabled:garena_room -- ()
"C:\Program Files\Garena Plus\ggdllhost.exe" = C:\Program Files\Garena Plus\ggdllhost.exe:*:Enabled:ggdllhost -- ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Documents and Settings\Windows xp\Application Data\PPStream\ppsupdate.exe" = C:\Documents and Settings\Windows xp\Application Data\PPStream\ppsupdate.exe:*:Enabled:PPSUpdate -- (PPStream Inc.)
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS网络电视 -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSKernel.exe" = C:\Program Files\PPStream\PPSKernel.exe:*:Enabled:PPS网络电视 网络数据传输组件 -- (PPStream Inc.)
"C:\Program Files\PPSGame\PPSGame.exe" = C:\Program Files\PPSGame\PPSGame.exe:*:Enabled:游戏大厅客户端 -- (PPStream Inc.)
"C:\Program Files\PPSGame\updatermini.exe" = C:\Program Files\PPSGame\updatermini.exe:*:Enabled:updater Module -- (PPStream Inc.)
"C:\Documents and Settings\All Users\Application Data\QiYi\QiyiKernel\App\QiyiKernel.exe" = C:\Documents and Settings\All Users\Application Data\QiYi\QiyiKernel\App\QiyiKernel.exe:*:Enabled:QiyiKernel
"C:\Program Files\iQIYI\QiyiClient.exe" = C:\Program Files\iQIYI\QiyiClient.exe:*:Enabled:QIYICLIENT
"C:\Program Files\iQIYI\QYFollowVideo.exe" = C:\Program Files\iQIYI\QYFollowVideo.exe:*:Enabled:QYFollowVideo
"C:\Documents and Settings\Windows xp\My Documents\Downloads\QvodSetup5.exe" = C:\Documents and Settings\Windows xp\My Documents\Downloads\QvodSetup5.exe:*:Enabled:LibTerminal4.0 -- (Shenzhen QVOD Technology Co.,Ltd)
"C:\Program Files\QvodPlayer\QvodTerminal.exe" = C:\Program Files\QvodPlayer\QvodTerminal.exe:*:Enabled:QvodPlayer -- (Shenzhen QVOD Technology Co.,Ltd)
"C:\Program Files\Kuaiwan\Kuaiwan.exe" = C:\Program Files\Kuaiwan\Kuaiwan.exe:*:Enabled:KUAIWAN4.0
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}" = PIF DESIGNER2.1
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2236B741-6631-49AE-B76E-3E14CA01CC87}" = RemoteCapture Task
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{434D452D-5637-006A-76A7-A758B70C0300}" = Ask Toolbar
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{93D2C527-3C7F-4D25-8648-B5B681D16A39}" = D-Link DWA-123
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}" = ACDSee 5.0 Standard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F99F74B4-972B-4B06-B893-6B3B0DB0128B}" = ACDSee Pro
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Addr201305" = Addr
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"All-in-one 3D Space Screensavers Bundle_is1" = All-in-One Space Bundle
"ATI Display Driver" = ATI Display Driver
"EPSON Printer and Utilities" = EPSON Printer Software
"ESC45 Reference Guide" = ESC45 Reference Guide
"ESC45 Software Guide" = ESC45 Software Guide
"HDvid Codec V1" = HDvid Codec V1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{2236B741-6631-49AE-B76E-3E14CA01CC87}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1
"KwMusic7" = 酷我音乐 2013
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01
"PhotoRecord" = Canon PhotoRecord
"PPSGame" = PPS游戏 V1.2.2.10
"PPStream" = PPS影音 V3.1.0.1107 正式版
"QuickTime" = QuickTime
"QvodPlayer" = 快播 5.15.145
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"SuperCleaner" = SuperCleaner
"VIA Chrome9 HC IGP Family Display" = VIA Display Driver 6.14.10.0099
"VLC media player" = VLC media player 1.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 7/17/2013 10:28:46 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 with error: This operation returned because the timeout period expired.  
 
Error - 7/17/2013 10:28:46 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 with error: The specified server cannot perform the requested operation.  
 
[ System Events ]
Error - 7/7/2013 9:04:19 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 7/7/2013 9:04:45 AM | Computer Name = INTEL-8271358DF | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   IntelIde  PCIIde  ViaIde
 
Error - 7/7/2013 9:11:58 AM | Computer Name = INTEL-8271358DF | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Type with the following error:
   %%5
 
Error - 7/13/2013 4:20:35 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 7/13/2013 4:26:20 AM | Computer Name = INTEL-8271358DF | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.2
 with the system  having network hardware address 44:6D:57:3B:CC:17. Network operations
 on this system may  be disrupted as a result.
 
Error - 7/14/2013 1:18:49 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 7/22/2013 1:17:02 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 7/23/2013 1:43:57 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 7/23/2013 3:00:34 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 7/23/2013 7:27:59 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
 
< End of report >


#12 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 10 September 2013 - 01:27 PM

If SuperCleaner is just Trial or free can you uninstall in please from Add/Remove programs in Control Panel
It installs bloatware and unneeded toolbars
 
In addition: your version of Spybot is outdated, no need installing the latest version, but uninstall
Spybot - Search & Destroy 1.3, ensure all browser windows are closed while doing so
Also, remove Ask Toolbar with browsers all closed
 
After that is done:
Double click on OTL.exe and Run it
  • Under the Custom Scans/Fixes box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please

    :OTL
    :RegO2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (A4A90076-33D2-E65C-558E-75B41A2B8C68 Class) - {A4A90076-33D2-E65C-558E-75B41A2B8C68} - C:\Program Files\addr\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\AddressBar.dll () 
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell - "" = AutoRun
    O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell\AutoRun\command - "" = G:\HTC_Sync_Manager_PC.exe
    O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\AutoRun\command - "" = G:\password_viewer.exe %1
    O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\Explore\command - "" = G:\password_viewer.exe %1
    O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\Open\command - "" = G:\password_viewer.exe %1
    O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.exe

    :Files
    ipconfig /flushdns /c
    :Commands
    [EmptyTemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

  • On startup, Allow OTL to run if prompted
    A log should open, can you post it please
    A copy of this log can also be found in
    C:\_OTL\Moved Files folder
     
     
    In addition:
    Download Malwarebytes-Antimalware free from here

  • Save it to your Desktop.
  • Double click on the installer and follow the onscreen instructions
  • During installation UNTICK the selection to install the free Trial version of Malwarebytes pro then carry on
  • After the program has loaded, click on the Update and select Check for Updates
  • Select the Scanner tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#13 erikiholloman

erikiholloman

    Member

  • Members
  • PipPipPip
  • 55 posts

Posted 13 September 2013 - 06:59 AM

All processes killed
========== OTL ==========
Error: Unable to interpret <:RegO2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)> in the current context!
Error: Unable to interpret <O2 - BHO: (A4A90076-33D2-E65C-558E-75B41A2B8C68 Class) - {A4A90076-33D2-E65C-558E-75B41A2B8C68} - C:\Program Files\addr\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\AddressBar.dll () > in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell\AutoRun - "" = Auto&Play> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell\AutoRun\command - "" = G:\HTC_Sync_Manager_PC.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\AutoRun\command - "" = G:\password_viewer.exe %1> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\Explore\command - "" = G:\password_viewer.exe %1> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\Open\command - "" = G:\password_viewer.exe %1> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell\AutoRun - "" = Auto&Play> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.exe> in the current context!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Windows xp\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Windows xp\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7896272 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2618869 bytes
 
User: Windows xp
->Temp folder emptied: 295910077 bytes
->Temporary Internet Files folder emptied: 127302467 bytes
->FireFox cache emptied: 133263747 bytes
->Google Chrome cache emptied: 333766509 bytes
->Flash cache emptied: 3841 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59864438 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 226207203 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 3007852 bytes
 
Total Files Cleaned = 1,135.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09132013_204853
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#14 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 13 September 2013 - 09:21 PM

You may have noticed that the first part of the OTL fix has all entries with the following
Error: Unable to interpret

You must use the colon in the fix, the 2 dots before OTL, can you redo the fix with otl but Ensure to use
:OTL, don't omit the colon please, repost the log that opens


Did you get a chance to run Malwarebytes yet? If so, can you post the log with the previous instructions please

Also, keep me informed how things are now running


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#15 erikiholloman

erikiholloman

    Member

  • Members
  • PipPipPip
  • 55 posts

Posted 16 September 2013 - 05:52 AM

All processes killed
========== OTL ==========
Error: Unable to interpret <:RegO2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)> in the current context!
Error: Unable to interpret <O2 - BHO: (A4A90076-33D2-E65C-558E-75B41A2B8C68 Class) - {A4A90076-33D2-E65C-558E-75B41A2B8C68} - C:\Program Files\addr\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\AddressBar.dll () > in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell\AutoRun - "" = Auto&Play> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell\AutoRun\command - "" = G:\HTC_Sync_Manager_PC.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\AutoRun\command - "" = G:\password_viewer.exe %1> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\Explore\command - "" = G:\password_viewer.exe %1> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\Open\command - "" = G:\password_viewer.exe %1> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell\AutoRun - "" = Auto&Play> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.exe> in the current context!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Windows xp\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Windows xp\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Windows xp
->Temp folder emptied: 1366790 bytes
->Temporary Internet Files folder emptied: 13890054 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 86868865 bytes
->Flash cache emptied: 1830 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 439 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 97.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09162013_194802
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#16 erikiholloman

erikiholloman

    Member

  • Members
  • PipPipPip
  • 55 posts

Posted 16 September 2013 - 11:46 AM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.14.08
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Windows xp :: INTEL-8271358DF [administrator]
 
9/17/2013 12:16:08 AM
mbam-log-2013-09-17 (00-16-08).txt
 
Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 274755
Time elapsed: 1 hour(s), 28 minute(s), 34 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#17 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 16 September 2013 - 08:57 PM

Darn, it was actually my fault for the error in OTL
 
Can you redo that step one last time:
Don't use the script above, instead use this new one

Double click on OTL.exe and Run it
  • Under the Custom Scans/Fixes box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please

    :OTL
    O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (A4A90076-33D2-E65C-558E-75B41A2B8C68 Class) - {A4A90076-33D2-E65C-558E-75B41A2B8C68} - C:\Program Files\addr\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\AddressBar.dll ()
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell - "" = AutoRun
    O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\Shell\AutoRun\command - "" = G:\HTC_Sync_Manager_PC.exe
    O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\AutoRun\command - "" = G:\password_viewer.exe %1
    O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\Explore\command - "" = G:\password_viewer.exe %1
    O33 - MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\Shell\Open\command - "" = G:\password_viewer.exe %1
    O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.exe

    :Files
    ipconfig /flushdns /c
    :Commands
    [EmptyTemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

  • On startup, Allow OTL to run if prompted
    A log should open, can you post it please
    A copy of this log can also be found in
    C:\_OTL\Moved Files folder

    Also, keep me informed how things are now running


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#18 erikiholloman

erikiholloman

    Member

  • Members
  • PipPipPip
  • 55 posts

Posted 21 September 2013 - 04:54 AM

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
File C:\Program Files\Spybot - Search & Destroy\SDHelper.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\ not found.
File C:\Program Files\addr\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\AddressBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d816648-00ac-11e3-b730-00e04d6dd155}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d816648-00ac-11e3-b730-00e04d6dd155}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d816648-00ac-11e3-b730-00e04d6dd155}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d816648-00ac-11e3-b730-00e04d6dd155}\ not found.
File G:\HTC_Sync_Manager_PC.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\ not found.
File G:\password_viewer.exe %1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\ not found.
File G:\password_viewer.exe %1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\ not found.
File G:\password_viewer.exe %1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce524938-dd83-11d9-bde8-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce524938-dd83-11d9-bde8-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce524938-dd83-11d9-bde8-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce524938-dd83-11d9-bde8-806d6172696f}\ not found.
File E:\autorun.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Windows xp\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Windows xp\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Windows xp
->Temp folder emptied: 5074686 bytes
->Temporary Internet Files folder emptied: 28536629 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 337602036 bytes
->Flash cache emptied: 1543 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 439 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 354.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09212013_184819
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#19 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 22 September 2013 - 06:44 PM

Looks good, please let me know how things are now running!
 
Last 2 logs please
Open OTL.exe and choose to "Run Scan"
When it's done, only one log will be produced, post the contents of OTL.txt
 
In addition:
Download Security Check by screen317 from here
or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#20 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 11 October 2013 - 08:56 AM

As the original poster has not returned, I'll lock this topic
If you do return and still need a hand here, send me a PM please and I'll reopen it

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here