« previous next »
Pages: [1]

Author Topic: can't remove homepage in IE & chrome  (Read 4024 times)

Offline erikiholloman

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
can't remove homepage in IE & chrome
« on: September 10, 2013, 11:28:58 AM »
Dear guestolo,

 

there was sometimes me haven\'t chat with you.

 

Kindly need your expertise to solve my comp. problem.

 

Problem:

Can\'t remove the home page in the IE and Chrome.

~every time below link will shown to my homepage. Attached HIjackthis log file FYI.

Bro, your help will be deeply appreciated. Thanks.


 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:23:47 AM, on 9/11/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\\WINDOWS\\System32\\smss.exe

C:\\WINDOWS\\system32\\winlogon.exe

C:\\WINDOWS\\system32\\services.exe

C:\\WINDOWS\\system32\\lsass.exe

C:\\WINDOWS\\system32\\svchost.exe

C:\\WINDOWS\\System32\\svchost.exe

C:\\WINDOWS\\system32\\spoolsv.exe

C:\\Program Files\\AskPartnerNetwork\\Toolbar\\apnmcp.exe

C:\\Documents and Settings\\All Users\\Application Data\\BrowserDefender\\2.6.1562.220\\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\\BrowserDefender.exe

C:\\Program Files\\D-Link\\DWA-123\\ALPBCSVC.exe

C:\\Documents and Settings\\All Users\\Application Data\\BrowserDefender\\2.6.1562.220\\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\\BrowserDefender.exe

C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE

C:\\WINDOWS\\system32\\WgaTray.exe

C:\\WINDOWS\\Explorer.EXE

C:\\Program Files\\HTC\\Internet Pass-Through\\PassThruSvr.exe

C:\\Program Files\\iQIYI\\QiyiService.exe

C:\\WINDOWS\\system32\\svchost.exe

C:\\Program Files\\AskPartnerNetwork\\Toolbar\\Updater\\TBNotifier.exe

C:\\Program Files\\QvodPlayer\\QvodTerminal.exe

C:\\WINDOWS\\system32\\ctfmon.exe

C:\\Program Files\\PPStream\\PPSKernel.exe

C:\\WINDOWS\\system32\\rundll32.exe

C:\\WINDOWS\\System32\\svchost.exe

C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\WINDOWS\\system32\\wscntfy.exe

C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\WINDOWS\\system32\\msiexec.exe

C:\\Program Files\\Trend Micro\\HiJackThis\\HiJackThis.exe

 

O2 - BHO: CrossriderApp0034362 - {11111111-1111-1111-1111-110311431162} - C:\\Program Files\\HDvid Codec V1\\HDvid Codec V1-bho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll

O2 - BHO: QvodGameExtend - {94C3E4BB-A261-4A83-B437-EA6F7A28CA68} - C:\\Program Files\\Kuaiwan\\QvodGameExtend.dll

O2 - BHO: A4A90076-33D2-E65C-558E-75B41A2B8C68 Class - {A4A90076-33D2-E65C-558E-75B41A2B8C68} - C:\\Program Files\\addr\\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\\AddressBar.dll

O2 - BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\\Program Files\\QvodPlayer\\QvodExtend\\5.0.95.0\\QvodExtend.dll

O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\\Program Files\\Delta\\delta\\1.8.24.6\\bh\\delta.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\\Program Files\\EPSON\\EPSON Web-To-Page\\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\\Program Files\\EPSON\\EPSON Web-To-Page\\EPSON Web-To-Page.dll

O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\\Program Files\\Delta\\delta\\1.8.24.6\\deltaTlbr.dll

O4 - HKLM\\..\\Run: [PHIME2002ASync] C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC

O4 - HKLM\\..\\Run: [PHIME2002A] C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName

O4 - HKLM\\..\\Run: [EPSON Stylus C45 Series] C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3T1.EXE /P23 \"EPSON Stylus C45 Series\" /O6 \"USB001\" /M \"Stylus C45\"

O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime

O4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"

O4 - HKLM\\..\\Run: [MSConfig] C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto

O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe

O4 - HKCU\\..\\Run: [NTRedirect] C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\Windows xp\\Application Data\\BabSolution\\Shared\\enhancedNT.dll\",Run

O4 - HKUS\\S-1-5-19\\..\\Run: [PPS Accelerator] C:\\Program Files\\PPStream\\PPSKernel.exe (User \'LOCAL SERVICE\')

O4 - HKUS\\S-1-5-20\\..\\Run: [PPS Accelerator] C:\\Program Files\\PPStream\\PPSKernel.exe (User \'NETWORK SERVICE\')

O4 - HKUS\\S-1-5-18\\..\\Run: [PPS Accelerator] C:\\Program Files\\PPStream\\PPSKernel.exe (User \'SYSTEM\')

O4 - HKUS\\.DEFAULT\\..\\Run: [PPS Accelerator] C:\\Program Files\\PPStream\\PPSKernel.exe (User \'Default user\')


O8 - Extra context menu item: 使用快播按图找片 - C:\\Program Files\\QvodPlayer\\AddIn\\ImgSeed.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll

O9 - Extra \'Tools\' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe

O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe

O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe









O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{B44AD91F-9084-47ED-BFD0-4C5FEE5FCF25}: NameServer = 202.188.0.133,202.188.1.5

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{DBF7827C-2DE6-48DD-BFC5-D8B619D1E10C}: NameServer = 202.188.0.133,202.188.1.5

O18 - Protocol: kuwo - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0C} - (no file)

O20 - AppInit_DLLs: c:\\docume~1\\alluse~1\\applic~1\\browse~1\\261562~1.220\\{c16c1~1\\browse~1.dll 

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\\WINDOWS\\system32\\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\\WINDOWS\\system32\\browseui.dll

O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\\Program Files\\AskPartnerNetwork\\Toolbar\\apnmcp.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe

O23 - Service: BrowserDefendert - Unknown owner - C:\\Documents and Settings\\All Users\\Application Data\\BrowserDefender\\2.6.1562.220\\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\\BrowserDefender.exe

O23 - Service: D-Link DWA-123_PBC_WPS Service (D-Link DWA-123_PBC_WPS) - Unknown owner - C:\\Program Files\\D-Link\\DWA-123\\ALPBCSVC.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\PACSPTISVR.exe

O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\\Program Files\\HTC\\Internet Pass-Through\\PassThruSvr.exe

O23 - Service: IQIYI Video Platform Service (QiyiService) - BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD. - C:\\Program Files\\iQIYI\\QiyiService.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\SNDSrvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\SSScsiSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\\Program Files\\Common Files\\Steam\\SteamService.exe

 

--

End of file - 8377 bytes

 

Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
can't remove homepage in IE & chrome
« Reply #1 on: September 10, 2013, 11:46:33 AM »
Please do the following:
Download http://oldtimer.geekstogo.com/OTL.exe\'>OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

In addition:
Please download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner\'>AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\\AdwCleaner[Rn].txt as well - n is the order number.
« Last Edit: September 10, 2013, 11:48:49 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline erikiholloman

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
can't remove homepage in IE & chrome
« Reply #2 on: September 10, 2013, 12:27:26 PM »
 OTL.txt

 

OTL logfile created on: 9/11/2013 1:01:37 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Documents and Settings\\Windows xp\\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

958.42 Mb Total Physical Memory | 601.15 Mb Available Physical Memory | 62.72% Memory free

2.26 Gb Paging File | 1.97 Gb Available in Paging File | 87.16% Paging File free

Paging file location(s): C:\\pagefile.sys 1440 2880 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\WINDOWS | %ProgramFiles% = C:\\Program Files

Drive C: | 48.83 Gb Total Space | 27.26 Gb Free Space | 55.83% Space Free | Partition Type: NTFS

Drive F: | 25.68 Gb Total Space | 25.02 Gb Free Space | 97.42% Space Free | Partition Type: FAT32

 

Computer Name: INTEL-8271358DF | User Name: Windows xp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/09/11 01:00:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Documents and Settings\\Windows xp\\Desktop\\OTL.exe

PRC - [2013/09/06 19:59:46 | 000,458,832 | ---- | M] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.) -- C:\\Program Files\\iQIYI\\QiyiService.exe

PRC - [2013/08/22 19:29:32 | 001,261,184 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\\Program Files\\QvodPlayer\\QvodTerminal.exe

PRC - [2013/08/19 18:10:25 | 000,164,816 | ---- | M] (APN LLC.) -- C:\\Program Files\\AskPartnerNetwork\\Toolbar\\apnmcp.exe

PRC - [2013/08/19 18:10:18 | 001,601,488 | ---- | M] (APN) -- C:\\Program Files\\AskPartnerNetwork\\Toolbar\\Updater\\TBNotifier.exe

PRC - [2013/08/13 22:41:17 | 002,838,480 | ---- | M] () -- C:\\Documents and Settings\\All Users\\Application Data\\BrowserDefender\\2.6.1562.220\\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\\BrowserDefender.exe

PRC - [2013/08/05 18:15:22 | 004,105,080 | ---- | M] (PPStream Inc.) -- C:\\Program Files\\PPStream\\PPSKernel.exe

PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\\Program Files\\HTC\\Internet Pass-Through\\PassThruSvr.exe

PRC - [2010/08/16 15:51:30 | 000,061,440 | ---- | M] () -- C:\\Program Files\\D-Link\\DWA-123\\ALPBCSVC.exe

PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\\WINDOWS\\system32\\WgaTray.exe

PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\\WINDOWS\\explorer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/08/22 17:19:31 | 000,187,888 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\BabSolution\\Shared\\enhancedNT.dll

MOD - [2013/08/21 19:03:42 | 004,218,288 | ---- | M] () -- C:\\Program Files\\QvodPlayer\\QvodRes.dll

MOD - [2013/08/13 22:41:17 | 002,838,480 | ---- | M] () -- C:\\Documents and Settings\\All Users\\Application Data\\BrowserDefender\\2.6.1562.220\\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\\BrowserDefender.exe

MOD - [2013/08/13 22:40:06 | 002,699,216 | ---- | M] () -- c:\\Documents and Settings\\All Users\\Application Data\\BrowserDefender\\2.6.1562.220\\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\\BrowserDefender.dll

MOD - [2013/08/01 23:29:20 | 000,138,880 | ---- | M] () -- C:\\Program Files\\QvodPlayer\\NetUtil.dll

MOD - [2013/07/17 17:28:28 | 000,261,760 | ---- | M] () -- C:\\Program Files\\QMovie\\QvodShellIconImp.dll

MOD - [2013/07/07 21:08:40 | 000,073,728 | ---- | M] () -- C:\\WINDOWS\\system32\\ANPDApi.dll

MOD - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\\Program Files\\HTC\\Internet Pass-Through\\PassThruSvr.exe

MOD - [2010/08/16 15:51:30 | 000,061,440 | ---- | M] () -- C:\\Program Files\\D-Link\\DWA-123\\ALPBCSVC.exe

MOD - [2003/05/15 14:43:24 | 000,119,808 | ---- | M] () -- C:\\Program Files\\WinRAR\\RarExt.dll

 

 

========== Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\\System32\\hidserv.dll -- (HidServ)

SRV - [2013/09/06 19:59:46 | 000,458,832 | ---- | M] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.) [Auto | Running] -- C:\\Program Files\\iQIYI\\QiyiService.exe -- (QiyiService)

SRV - [2013/08/19 18:10:25 | 000,164,816 | ---- | M] (APN LLC.) [Auto | Running] -- C:\\Program Files\\AskPartnerNetwork\\Toolbar\\apnmcp.exe -- (APNMCP)

SRV - [2013/08/13 22:41:17 | 002,838,480 | ---- | M] () [Auto | Running] -- C:\\Documents and Settings\\All Users\\Application Data\\BrowserDefender\\2.6.1562.220\\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\\BrowserDefender.exe -- (BrowserDefendert)

SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\\Program Files\\HTC\\Internet Pass-Through\\PassThruSvr.exe -- (PassThru Service)

SRV - [2012/11/19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Steam\\SteamService.exe -- (Steam Client Service)

SRV - [2010/08/16 15:51:30 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\\Program Files\\D-Link\\DWA-123\\ALPBCSVC.exe -- (D-Link DWA-123_PBC_WPS)

SRV - [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Symantec Shared\\SNDSrvc.exe -- (SNDSrvc)

SRV - [2005/01/26 15:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2005/01/26 15:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2005/01/26 15:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\SPTISRV.exe -- (SPTISRV)

SRV - [2005/01/24 18:36:52 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\SSScsiSV.exe -- (SSScsiSV)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\RTL8139.SYS -- (rtl8139)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\\INSTALL\\GMSIPCI.SYS -- (GMSIPCI)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\\Program Files\\Garena Plus\\Room\\safedrv.sys -- (GGSAFERDriver)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2013/07/07 21:08:40 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:\\WINDOWS\\system32\\ANPD.SYS -- (ANPD)

DRV - [2012/12/07 18:27:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\\WINDOWS\\system32\\drivers\\htcnprot.sys -- (htcnprot)

DRV - [2012/01/06 10:23:10 | 001,224,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\\WINDOWS\\system32\\drivers\\Drt2870.sys -- (rt2870)

DRV - [2008/04/24 00:30:33 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\pfc.sys -- (pfc)

DRV - [2007/10/18 18:28:52 | 000,052,224 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\\WINDOWS\\system32\\drivers\\ViPrt.sys -- (ViPrt)

DRV - [2007/10/18 18:28:30 | 000,016,896 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\\WINDOWS\\system32\\drivers\\ViBus.sys -- (ViBus)

DRV - [2007/10/16 18:38:30 | 004,615,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2007/09/21 17:49:10 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\\WINDOWS\\system32\\drivers\\videX32.sys -- (videX32)

DRV - [2007/07/11 13:08:46 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\S3gIGPm.sys -- (S3GIGP)

DRV - [2006/01/03 15:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\\Program Files\\Symantec\\SYMEVENT.SYS -- (SymEvent)

DRV - [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\\WINDOWS\\system32\\drivers\\symtdi.sys -- (SYMTDI)

DRV - [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\\WINDOWS\\system32\\drivers\\symredrv.sys -- (SYMREDRV)

DRV - [2005/03/23 11:00:57 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\WINDOWS\\system32\\drivers\\ati2mtag.sys -- (ati2mtag)

DRV - [2005/03/16 14:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\\WINDOWS\\system32\\drivers\\BIOS.sys -- (BIOS)

DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\AGRSM.sys -- (AgereSoftModem)

DRV - [2004/09/21 19:53:18 | 002,278,784 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\\WINDOWS\\system32\\drivers\\ALCXWDM.SYS -- (ALCXWDM)

DRV - [2004/09/01 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\\WINDOWS\\system32\\drivers\\fsvga.sys -- (FsVga)

DRV - [2004/04/13 20:14:12 | 000,070,144 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\\WINDOWS\\system32\\drivers\\Rtlnicxp.sys -- (RTL8023xp)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,Default_Search_URL = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKLM\\..\\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://search.live.com/results.aspx?q=\'>http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com/search?q=\'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 


IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Page = http://www.google.com\'>http://www.google.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.hao123.com/?tn=62002018_4_hao_pg\'>http://www.hao123.com/?tn=62002018_4_hao_pg

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKCU\\..\\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\\..\\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}

IE - HKCU\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\\..\\SearchScopes\\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: \"URL\" = http://www1.delta-search.com/?q=\'>http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0CC000E04D6DD155&affID=120698&tsp=4986

IE - HKCU\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com.my/search?q=\'>http://www.google.com.my/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enMY374

IE - HKCU\\..\\SearchScopes\\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: \"URL\" = http://www.baidu.com/s?wd=\'>http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=ppsbaibu_oem_dg&ch=33

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: \"Google\"

FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.0.374

FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.0.374


 

 

FF - HKLM\\Software\\MozillaPlugins\\@iqiyi.com/npclient: C:\\Program Files\\iQIYI\\npclient.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WPF,version=3.5: c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@qvod.com/QvodInsert: C:\\Program Files\\QvodPlayer\\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)

FF - HKLM\\Software\\MozillaPlugins\\@qvod.com/QvodShare: C:\\Program Files\\QvodPlayer\\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)

FF - HKLM\\Software\\MozillaPlugins\\@t.garena.com/garenatalk: C:\\Program Files\\Garena Plus\\bbtalk\\plugins\\npPlugin\\npGarenaTalkPlugin.dll ( Garena)

FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@qvod.com/QvodInsert: C:\\Program Files\\QvodPlayer\\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Update\\1.3.21.153\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Update\\1.3.21.153\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\KuaiWanInsert: C:\\Program Files\\QvodPlayer\\AddIn\\KWWebgame\\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)

FF - HKCU\\Software\\MozillaPlugins\\kwcheck: C:\\Program Files\\Kuaiwan\\npKWCheck.dll (Shenzhen QVOD Technology Co.,Ltd)

FF - HKCU\\Software\\MozillaPlugins\\KwFlashGame: C:\\Program Files\\Kuaiwan\\npKWFlashGame.dll (Shenzhen QVOD Technology Co.,Ltd)

 

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 4.0\\extensions\\\\Components: C:\\Program Files\\Mozilla Firefox\\components [2007/12/21 06:46:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 4.0\\extensions\\\\Plugins: C:\\Program Files\\Mozilla Firefox\\plugins [2013/07/07 08:10:52 | 000,000,000 | ---D | M]

 

[2007/12/21 06:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Extensions

[2013/09/06 20:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\extensions

[2011/03/10 18:07:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\extensions\\{20a82645-c095-46ed-80e3-08825760534b}

[2013/08/26 20:11:22 | 000,000,000 | ---D | M] (No name found) -- C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\extensions\\[email protected]

[2013/08/26 20:11:29 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\extensions\\[email protected]

[2013/09/06 20:13:44 | 000,000,000 | ---D | M] (HDvid Codec 3) -- C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\extensions\\[email protected]

[2013/06/30 16:44:04 | 000,233,016 | ---- | M] () (No name found) -- C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\extensions\\[email protected]

[2007/12/21 06:42:25 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files\\Mozilla Firefox\\extensions

File not found (No name found) -- C:\\PROGRAM FILES\\KASPERSKY LAB\\KASPERSKY ANTI-VIRUS 2012\\FFEXT\\[email protected]

File not found (No name found) -- C:\\PROGRAM FILES\\MOZILLA FIREFOX\\EXTENSIONS\\[email protected]

[2011/03/19 01:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\\Program Files\\mozilla firefox\\components\\browsercomps.dll

[2004/06/09 16:03:02 | 000,832,728 | ---- | M] () -- C:\\Program Files\\mozilla firefox\\plugins\\NPSWF32.dll

[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\\Program Files\\mozilla firefox\\searchplugins\\bing.xml

 

========== Chrome  ==========

 

CHR - default_search_provider:  ()

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = 

CHR - homepage: 

CHR - Extension: No name found = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aaaajabnoiehionljhjpclogplgillib\\21.51087_0\\

CHR - Extension: No name found = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\6.3_1\\

CHR - Extension: No name found = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_1\\

CHR - Extension: No name found = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_1\\

CHR - Extension: No name found = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\eooncjejnppfjjklapaamhcdmjbilmde\\1.4_0\\

CHR - Extension: No name found = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.4.10_1\\

CHR - Extension: No name found = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_0\\

 

O1 HOSTS File: ([2004/09/01 08:00:00 | 000,000,734 | ---- | M]) - C:\\WINDOWS\\system32\\drivers\\etc\\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (HDvid Codec V1) - {11111111-1111-1111-1111-110311431162} - C:\\Program Files\\HDvid Codec V1\\HDvid Codec V1-bho.dll (installdaddy)

O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (QvodGameExtend) - {94C3E4BB-A261-4A83-B437-EA6F7A28CA68} - C:\\Program Files\\Kuaiwan\\QvodGameExtend.dll (Shenzhen QVOD Technology Co.,Ltd)

O2 - BHO: (A4A90076-33D2-E65C-558E-75B41A2B8C68 Class) - {A4A90076-33D2-E65C-558E-75B41A2B8C68} - C:\\Program Files\\addr\\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\\AddressBar.dll ()

O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\\Program Files\\QvodPlayer\\QvodExtend\\5.0.95.0\\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)

O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\\Program Files\\Delta\\delta\\1.8.24.6\\bh\\delta.dll (Delta-search.com)

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\\Program Files\\EPSON\\EPSON Web-To-Page\\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\\..\\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\\Program Files\\Delta\\delta\\1.8.24.6\\deltaTlbr.dll (Delta-search.com)

O3 - HKLM\\..\\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\\Program Files\\EPSON\\EPSON Web-To-Page\\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKCU\\..\\Toolbar\\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\\Program Files\\EPSON\\EPSON Web-To-Page\\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O4 - HKLM..\\Run: [EPSON Stylus C45 Series] C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3T1.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\\Run: [PHIME2002A] C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName File not found

O4 - HKLM..\\Run: [PHIME2002ASync] C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC File not found

O4 - HKCU..\\Run: [NTRedirect] C:\\Documents and Settings\\Windows xp\\Application Data\\BabSolution\\Shared\\enhancedNT.dll ()

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoCDBurning = 0

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: 使用快播按图找片 - C:\\Program Files\\QvodPlayer\\AddIn\\ImgSeed.htm ()

O15 - HKCU\\..Trusted Domains: pps.tv ([]http in Trusted sites)

O15 - HKCU\\..Trusted Domains: ppstream.com ([]http in Trusted sites)

O15 - HKCU\\..Trusted Domains: webscache.com ([]http in Trusted sites)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\'>http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{B44AD91F-9084-47ED-BFD0-4C5FEE5FCF25}: DhcpNameServer = 192.168.1.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{B44AD91F-9084-47ED-BFD0-4C5FEE5FCF25}: NameServer = 202.188.0.133,202.188.1.5

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{DBF7827C-2DE6-48DD-BFC5-D8B619D1E10C}: NameServer = 202.188.0.133,202.188.1.5

O18 - Protocol\\Handler\\kuwo - No CLSID value found

O18 - Protocol\\Handler\\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\\WINDOWS\\system32\\textwareilluminatorbaseProtocol.dll ()

O20 - AppInit_DLLs: (c:\\docume~1\\alluse~1\\applic~1\\browse~1\\261562~1.220\\{c16c1~1\\browse~1.dll) - c:\\Documents and Settings\\All Users\\Application Data\\BrowserDefender\\2.6.1562.220\\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\\BrowserDefender.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\\WINDOWS\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\\WINDOWS\\system32\\userinit.exe) - C:\\WINDOWS\\system32\\userinit.exe (Microsoft Corporation)

O20 - Winlogon\\Notify\\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\\WINDOWS\\System32\\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Microsoft\\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Microsoft\\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/06/15 10:19:01 | 000,000,000 | ---- | M] () - C:\\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2011/04/17 20:23:41 | 000,000,041 | R--- | M] () - E:\\autorun.inf -- [ CDFS ]

O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell\\AutoRun - \"\" = Auto&Play

O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell\\AutoRun\\command - \"\" = G:\\HTC_Sync_Manager_PC.exe

O33 - MountPoints2\\{a44f9654-1165-11dd-86cd-806d6172696f}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{a44f9654-1165-11dd-86cd-806d6172696f}\\Shell\\AutoRun - \"\" = Auto&Play

O33 - MountPoints2\\{a44f9654-1165-11dd-86cd-806d6172696f}\\Shell\\AutoRun\\command - \"\" = E:\\start.exe -- [2011/04/17 20:27:36 | 002,672,720 | R--- | M] (Macromedia, Inc.)

O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\AutoRun\\command - \"\" = G:\\password_viewer.exe %1

O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\Explore\\command - \"\" = G:\\password_viewer.exe %1

O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\Open\\command - \"\" = G:\\password_viewer.exe %1

O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell\\AutoRun - \"\" = Auto&Play

O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell\\AutoRun\\command - \"\" = E:\\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2107/12/21 17:14:47 | 000,000,000 | R--D | C] -- C:\\Documents and Settings\\Windows xp\\My Documents\\My Pictures

[2013/09/11 01:00:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Documents and Settings\\Windows xp\\Desktop\\OTL.exe

[2013/09/11 00:22:34 | 000,000,000 | ---D | C] -- C:\\Program Files\\Trend Micro

[2013/09/11 00:22:34 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Windows xp\\Start Menu\\Programs\\HiJackThis

[2013/09/10 18:37:11 | 000,000,000 | -H-D | C] -- C:\\Documents and Settings\\All Users\\Device

[2013/09/10 18:37:01 | 000,000,000 | --SD | C] -- C:\\KuaiwanGames

[2013/09/10 14:35:00 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\快播软件

[2013/09/10 14:34:20 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\快玩游戏盒

[2013/09/10 14:34:12 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\快玩小游戏

[2013/09/10 14:34:12 | 000,000,000 | ---D | C] -- C:\\Program Files\\KuaiwanWebsite

[2013/09/10 14:33:47 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\影视搜索

[2013/09/10 14:33:43 | 000,000,000 | ---D | C] -- C:\\Program Files\\QMovie

[2013/09/10 14:33:43 | 000,000,000 | ---D | C] -- C:\\Program Files\\Kuaiwan

[2013/09/10 14:33:43 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\KuaiWan

[2013/09/10 14:33:38 | 000,000,000 | ---D | C] -- C:\\Program Files\\QvodPlayer

[2013/09/10 14:33:38 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\QvodPlayer

[2013/09/07 15:13:11 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\LocalStorage

[2013/09/06 20:14:58 | 000,000,000 | ---D | C] -- C:\\Program Files\\AskPartnerNetwork

[2013/09/06 20:14:58 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\AskPartnerNetwork

[2013/09/06 20:14:01 | 000,000,000 | ---D | C] -- C:\\Program Files\\HDvid Codec V1

[2013/09/06 20:13:43 | 000,000,000 | ---D | C] -- C:\\Program Files\\HDvidCodec.com

[2013/09/06 20:12:59 | 000,000,000 | ---D | C] -- C:\\Program Files\\FreeHDSport.TV

[2013/09/06 20:12:51 | 000,000,000 | ---D | C] -- C:\\Program Files\\HDPlayer

[2013/09/06 20:12:51 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Windows xp\\Start Menu\\Programs\\HDPlayer

[2013/09/06 20:00:06 | 000,000,000 | ---D | C] -- C:\\qiyi

[2013/09/06 19:59:51 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\爱奇艺视频

[2013/09/06 19:59:51 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Windows xp\\Application Data\\Qiyi

[2013/09/06 19:59:39 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\QiYi

[2013/09/06 19:59:39 | 000,000,000 | ---D | C] -- C:\\Program Files\\iQIYI

[2013/09/06 19:53:40 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Windows xp\\Application Data\\baiduAddr

[2013/09/06 19:53:40 | 000,000,000 | ---D | C] -- C:\\Program Files\\Baidu

[2013/09/06 19:53:35 | 000,000,000 | ---D | C] -- C:\\Program Files\\addr

[2013/09/06 19:53:27 | 000,000,000 | ---D | C] -- C:\\Program Files\\PPSGame

[2013/09/06 19:52:38 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Documents\\ppstream

[2013/09/06 19:52:38 | 000,000,000 | ---D | C] -- C:\\ppsfile

[2013/09/06 19:52:37 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\PPStream

[2013/09/06 19:52:26 | 000,000,000 | ---D | C] -- C:\\Program Files\\PPStream

[2013/08/27 20:55:29 | 000,000,000 | ---D | C] -- C:\\WINDOWS\\System32\\LogFiles

[2013/08/26 20:11:24 | 000,000,000 | ---D | C] -- C:\\Program Files\\Delta

[2013/08/26 20:11:23 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Windows xp\\Application Data\\Delta

[2013/08/26 20:11:00 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\avgchrome

[2013/08/26 20:10:45 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Windows xp\\Start Menu\\Programs\\BrowserDefender

[2013/08/26 20:09:36 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\BrowserDefender

[2013/08/26 20:08:29 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Windows xp\\Application Data\\BabSolution

[2013/08/26 20:08:09 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\Babylon

[2013/08/26 20:07:43 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Windows xp\\Application Data\\SwvUpdater

[2013/08/26 20:02:11 | 000,000,000 | ---D | C] -- C:\\Program Files\\dumps

[2013/08/26 20:00:21 | 000,000,000 | ---D | C] -- C:\\Program Files\\Common Files\\Steam

[2013/08/26 20:00:19 | 000,000,000 | ---D | C] -- C:\\Program Files\\Steam

[2013/08/26 20:00:19 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Steam

[2013/08/21 14:33:23 | 000,000,000 | ---D | C] -- C:\\Program Files\\Free Video Converter

[2013/08/17 22:39:55 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\APN

[2 C:\\WINDOWS\\*.tmp files -> C:\\WINDOWS\\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2113/03/08 09:08:19 | 000,000,432 | -H-- | M] () -- C:\\WINDOWS\\tasks\\User_Feed_Synchronization-{36D868C8-689F-4EB6-B057-451A314795A9}.job

[2107/12/21 20:36:54 | 1005,076,480 | ---- | M] () -- C:\\WINDOWS\\MEMORY.DMP

[2013/09/11 01:14:01 | 000,000,296 | ---- | M] () -- C:\\WINDOWS\\tasks\\BrowserDefendert.job

[2013/09/11 01:10:41 | 000,000,998 | ---- | M] () -- C:\\WINDOWS\\tasks\\GoogleUpdateTaskUserS-1-5-21-527237240-287218729-725345543-1003UA.job

[2013/09/11 01:01:10 | 001,037,278 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\adwcleaner.exe

[2013/09/11 01:00:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Documents and Settings\\Windows xp\\Desktop\\OTL.exe

[2013/09/11 00:22:34 | 000,001,994 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\HiJackThis.lnk

[2013/09/11 00:13:55 | 000,000,211 | -HS- | M] () -- C:\\boot.ini

[2013/09/11 00:13:47 | 000,001,210 | ---- | M] () -- C:\\WINDOWS\\tasks\\HDvid Codec V1-updater.job

[2013/09/11 00:13:44 | 000,002,206 | ---- | M] () -- C:\\WINDOWS\\System32\\wpa.dbl

[2013/09/11 00:13:42 | 000,000,416 | ---- | M] () -- C:\\WINDOWS\\tasks\\AmiUpdXp.job

[2013/09/11 00:13:41 | 000,001,204 | ---- | M] () -- C:\\WINDOWS\\tasks\\HDvid Codec V1-codedownloader.job

[2013/09/11 00:13:36 | 000,001,114 | ---- | M] () -- C:\\WINDOWS\\tasks\\HDvid Codec V1-enabler.job

[2013/09/11 00:13:13 | 000,002,048 | --S- | M] () -- C:\\WINDOWS\\bootstat.dat

[2013/09/11 00:13:11 | 1005,047,808 | -HS- | M] () -- C:\\hiberfil.sys

[2013/09/11 00:13:05 | 000,000,921 | ---- | M] () -- C:\\WINDOWS\\PSNetwork.ini

[2013/09/10 19:11:38 | 000,000,374 | ---- | M] () -- C:\\WINDOWS\\tasks\\Symantec NetDetect.job

[2013/09/10 14:35:00 | 000,001,598 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\快播.lnk

[2013/09/10 14:35:00 | 000,001,586 | ---- | M] () -- C:\\Documents and Settings\\All Users\\Desktop\\快播.lnk

[2013/09/10 14:34:20 | 000,001,572 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\快玩游戏盒.lnk

[2013/09/10 14:34:20 | 000,001,566 | ---- | M] () -- C:\\Documents and Settings\\All Users\\Desktop\\快玩游戏盒.lnk

[2013/09/10 14:33:49 | 000,000,672 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\影视搜索.lnk

[2013/09/10 14:33:45 | 000,000,000 | ---- | M] () -- C:\\Documents and Settings\\All Users\\Desktop\\影视搜索.qvd

[2013/09/10 14:19:13 | 000,000,921 | ---- | M] () -- C:\\WINDOWS\\PowerPlayer.ini

[2013/09/10 14:19:13 | 000,000,148 | ---- | M] () -- C:\\WINDOWS\\PPStream.ini

[2013/09/10 14:19:12 | 000,000,675 | ---- | M] () -- C:\\WINDOWS\\powerlist.ini

[2013/09/07 17:09:03 | 000,000,946 | ---- | M] () -- C:\\WINDOWS\\tasks\\GoogleUpdateTaskUserS-1-5-21-527237240-287218729-725345543-1003Core.job

[2013/09/06 20:12:51 | 000,000,505 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\HDPlayer.lnk

[2013/09/06 19:53:31 | 000,000,702 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\PPS游戏.lnk

[2013/09/06 19:52:58 | 000,000,049 | ---- | M] () -- C:\\WINDOWS\\phw.ini

[2013/09/06 19:52:36 | 000,001,136 | ---- | M] () -- C:\\Documents and Settings\\All Users\\Desktop\\百度视频.lnk

[2013/09/06 19:52:36 | 000,000,746 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\PPS影音.lnk

[2013/09/06 19:52:36 | 000,000,728 | ---- | M] () -- C:\\Documents and Settings\\All Users\\Desktop\\PPS影音.lnk

[2013/09/06 18:06:20 | 000,000,282 | ---- | M] () -- C:\\WINDOWS\\tasks\\EPUpdater.job

[2013/09/05 19:48:14 | 000,045,194 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\room_v3.dat

[2013/09/05 17:19:55 | 000,002,341 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk

[2013/09/05 17:19:54 | 000,002,323 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\Google Chrome.lnk

[2013/08/26 20:00:23 | 000,000,664 | ---- | M] () -- C:\\Documents and Settings\\All Users\\Desktop\\Steam.lnk

[2013/08/26 19:59:55 | 001,669,632 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\SteamInstall.msi

[2013/08/16 13:19:06 | 000,001,374 | ---- | M] () -- C:\\WINDOWS\\imsins.BAK

[2013/08/16 13:09:49 | 000,434,126 | ---- | M] () -- C:\\WINDOWS\\System32\\perfh009.dat

[2013/08/16 13:09:49 | 000,068,412 | ---- | M] () -- C:\\WINDOWS\\System32\\perfc009.dat

[2 C:\\WINDOWS\\*.tmp files -> C:\\WINDOWS\\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/09/11 01:01:23 | 001,037,278 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\adwcleaner.exe

[2013/09/11 00:22:34 | 000,001,994 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\HiJackThis.lnk

[2013/09/11 00:13:27 | 000,000,296 | ---- | C] () -- C:\\WINDOWS\\tasks\\BrowserDefendert.job

[2013/09/10 14:35:00 | 000,001,598 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\快播.lnk

[2013/09/10 14:35:00 | 000,001,586 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Desktop\\快播.lnk

[2013/09/10 14:34:20 | 000,001,572 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\快玩游戏盒.lnk

[2013/09/10 14:34:20 | 000,001,566 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Desktop\\快玩游戏盒.lnk

[2013/09/10 14:33:49 | 000,000,672 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\影视搜索.lnk

[2013/09/10 14:33:45 | 000,000,000 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Desktop\\影视搜索.qvd

[2013/09/06 20:15:15 | 000,001,210 | ---- | C] () -- C:\\WINDOWS\\tasks\\HDvid Codec V1-updater.job

[2013/09/06 20:15:12 | 000,001,114 | ---- | C] () -- C:\\WINDOWS\\tasks\\HDvid Codec V1-enabler.job

[2013/09/06 20:15:03 | 000,001,204 | ---- | C] () -- C:\\WINDOWS\\tasks\\HDvid Codec V1-codedownloader.job

[2013/09/06 20:12:51 | 000,000,505 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\HDPlayer.lnk

[2013/09/06 19:53:31 | 000,000,702 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\PPS游戏.lnk

[2013/09/06 19:53:31 | 000,000,690 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\PPS 游戏.lnk

[2013/09/06 19:53:12 | 000,000,675 | ---- | C] () -- C:\\WINDOWS\\powerlist.ini

[2013/09/06 19:52:58 | 000,000,049 | ---- | C] () -- C:\\WINDOWS\\phw.ini

[2013/09/06 19:52:37 | 000,000,734 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\PPS 影音.lnk

[2013/09/06 19:52:36 | 000,001,136 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Desktop\\百度视频.lnk

[2013/09/06 19:52:36 | 000,000,746 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\PPS影音.lnk

[2013/09/06 19:52:36 | 000,000,728 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Desktop\\PPS影音.lnk

[2013/09/06 19:52:35 | 000,000,148 | ---- | C] () -- C:\\WINDOWS\\PPStream.ini

[2013/09/06 19:52:26 | 000,000,921 | ---- | C] () -- C:\\WINDOWS\\PSNetwork.ini

[2013/09/06 19:52:26 | 000,000,921 | ---- | C] () -- C:\\WINDOWS\\PowerPlayer.ini

[2013/08/26 20:08:29 | 000,000,282 | ---- | C] () -- C:\\WINDOWS\\tasks\\EPUpdater.job

[2013/08/26 20:07:43 | 000,000,416 | ---- | C] () -- C:\\WINDOWS\\tasks\\AmiUpdXp.job

[2013/08/26 20:00:23 | 000,000,664 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Desktop\\Steam.lnk

[2013/08/26 19:59:35 | 001,669,632 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\SteamInstall.msi

[2013/08/08 15:42:36 | 000,045,194 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\room_v3.dat

[2013/07/07 21:08:40 | 000,073,728 | ---- | C] () -- C:\\WINDOWS\\System32\\ANPDApi.dll

[2013/07/07 21:08:40 | 000,048,640 | ---- | C] () -- C:\\WINDOWS\\System32\\ANPD64.SYS

[2013/07/07 21:08:40 | 000,029,411 | ---- | C] () -- C:\\WINDOWS\\System32\\ANPD.SYS

[2013/07/07 21:08:36 | 000,014,119 | ---- | C] () -- C:\\WINDOWS\\System32\\RaCoInst.dat

[2013/07/07 08:14:10 | 000,003,072 | ---- | C] () -- C:\\WINDOWS\\System32\\iacenc.dll

[2013/06/28 11:40:52 | 000,000,021 | ---- | C] () -- C:\\WINDOWS\\KwYlx.dat

[2007/12/21 00:27:18 | 000,017,408 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\WebpageIcons.db

[2005/06/15 17:39:48 | 000,049,664 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== ZeroAccess Check ==========

 

[2010/04/29 22:31:04 | 000,000,227 | RHS- | M] () -- C:\\WINDOWS\\assembly\\Desktop.ini

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shdocvw.dll -- [2008/04/14 08:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = C:\\WINDOWS\\system32\\wbem\\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

\"\" = C:\\WINDOWS\\system32\\wbem\\wbemess.dll -- [2008/04/14 08:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

 

< End of report >
Logged

Offline erikiholloman

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
can't remove homepage in IE & chrome
« Reply #3 on: September 10, 2013, 12:28:27 PM »
Extras.txt

 

OTL Extras logfile created on: 9/11/2013 1:01:37 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Documents and Settings\\Windows xp\\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

958.42 Mb Total Physical Memory | 601.15 Mb Available Physical Memory | 62.72% Memory free

2.26 Gb Paging File | 1.97 Gb Available in Paging File | 87.16% Paging File free

Paging file location(s): C:\\pagefile.sys 1440 2880 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\WINDOWS | %ProgramFiles% = C:\\Program Files

Drive C: | 48.83 Gb Total Space | 27.26 Gb Free Space | 55.83% Space Free | Partition Type: NTFS

Drive F: | 25.68 Gb Total Space | 25.02 Gb Free Space | 97.42% Space Free | Partition Type: FAT32

 

Computer Name: INTEL-8271358DF | User Name: Windows xp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL \"%1\",%*

 

[HKEY_CURRENT_USER\\SOFTWARE\\Classes\\<extension>]

.html [@ = ChromeHTML.EAGKUJHGSN5CZ7MNY7YXDD3TQQ] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]

batfile [open] -- \"%1\" %*

cmdfile [open] -- \"%1\" %*

comfile [open] -- \"%1\" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL \"%1\",%*

exefile [open] -- \"%1\" %*

piffile [open] -- \"%1\" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- \"%1\"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- \"%1\" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- \"C:\\Program Files\\ACD Systems\\ACDSee\\8.0.Pro\\ACDSee8Pro.exe\" \"%1\" (ACD Systems Ltd.)

Directory [AddToPlaylistVLC] -- \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --playlist-enqueue \"%1\" ()

Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Directory [kwopen] -- \"C:\\Program Files\\kuwo\\KWMUSIC2013\\KwMusic.exe\" \\dir \"%1\" (酷我科技)

Directory [kwplaylist] -- \"C:\\Program Files\\kuwo\\KWMUSIC2013\\KwMusic.exe\" \\dirlist \"%1\" (酷我科技)

Directory [PlayWithVLC] -- \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --no-playlist-enqueue \"%1\" ()

Folder [open] -- %SystemRoot%\\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]

\"FirstRunDisabled\" = 1

\"AntiVirusDisableNotify\" = 0

\"FirewallDisableNotify\" = 0

\"UpdatesDisableNotify\" = 0

\"AntiVirusOverride\" = 0

\"FirewallOverride\" = 0

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SystemRestore]

\"DisableSR\" = 0

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Sr]

\"Start\" = 0

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SrService]

\"Start\" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile]

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile]

\"EnableFirewall\" = 1

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\GloballyOpenPorts\\List]

\"1900:UDP\" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

\"2869:TCP\" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile\\AuthorizedApplications\\List]

\"%windir%\\system32\\sessmgr.exe\" = %windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

\"%windir%\\Network Diagnostic\\xpnetdiag.exe\" = %windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List]

\"%windir%\\system32\\sessmgr.exe\" = %windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\" = C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus

\"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE\" = C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

\"%windir%\\Network Diagnostic\\xpnetdiag.exe\" = %windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

\"C:\\Program Files\\kuwo\\KWMUSIC2013\\bin\\KwService.exe\" = C:\\Program Files\\kuwo\\KWMUSIC2013\\bin\\KwService.exe:*:Enabled:酷我核心服务 -- ()

\"C:\\Program Files\\kuwo\\KWMUSIC2013\\bin\\KwMusic.exe\" = C:\\Program Files\\kuwo\\KWMUSIC2013\\bin\\KwMusic.exe:*:Enabled:酷我音乐 -- ()

\"C:\\Program Files\\Garena Plus\\Room\\garena_room.exe\" = C:\\Program Files\\Garena Plus\\Room\\garena_room.exe:*:Enabled:garena_room -- ()

\"C:\\Program Files\\Garena Plus\\ggdllhost.exe\" = C:\\Program Files\\Garena Plus\\ggdllhost.exe:*:Enabled:ggdllhost -- ()

\"C:\\Program Files\\Steam\\Steam.exe\" = C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

\"C:\\Documents and Settings\\Windows xp\\Application Data\\PPStream\\ppsupdate.exe\" = C:\\Documents and Settings\\Windows xp\\Application Data\\PPStream\\ppsupdate.exe:*:Enabled:PPSUpdate -- (PPStream Inc.)

\"C:\\Program Files\\PPStream\\PPStream.exe\" = C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPS网络电视 -- (PPStream Inc.)

\"C:\\Program Files\\PPStream\\PPSKernel.exe\" = C:\\Program Files\\PPStream\\PPSKernel.exe:*:Enabled:PPS网络电视 网络数据传输组件 -- (PPStream Inc.)

\"C:\\Program Files\\PPSGame\\PPSGame.exe\" = C:\\Program Files\\PPSGame\\PPSGame.exe:*:Enabled:游戏大厅客户端 -- (PPStream Inc.)

\"C:\\Program Files\\PPSGame\\updatermini.exe\" = C:\\Program Files\\PPSGame\\updatermini.exe:*:Enabled:updater Module -- (PPStream Inc.)

\"C:\\Documents and Settings\\All Users\\Application Data\\QiYi\\QiyiKernel\\App\\QiyiKernel.exe\" = C:\\Documents and Settings\\All Users\\Application Data\\QiYi\\QiyiKernel\\App\\QiyiKernel.exe:*:Enabled:QiyiKernel -- (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.)

\"C:\\Program Files\\iQIYI\\QiyiClient.exe\" = C:\\Program Files\\iQIYI\\QiyiClient.exe:*:Enabled:QIYICLIENT -- (爱奇艺)

\"C:\\Program Files\\iQIYI\\QYFollowVideo.exe\" = C:\\Program Files\\iQIYI\\QYFollowVideo.exe:*:Enabled:QYFollowVideo -- (爱奇艺)

\"C:\\Documents and Settings\\Windows xp\\My Documents\\Downloads\\QvodSetup5.exe\" = C:\\Documents and Settings\\Windows xp\\My Documents\\Downloads\\QvodSetup5.exe:*:Enabled:LibTerminal4.0 -- (Shenzhen QVOD Technology Co.,Ltd)

\"C:\\Program Files\\QvodPlayer\\QvodTerminal.exe\" = C:\\Program Files\\QvodPlayer\\QvodTerminal.exe:*:Enabled:QvodPlayer -- (Shenzhen QVOD Technology Co.,Ltd)

\"C:\\Program Files\\Kuaiwan\\Kuaiwan.exe\" = C:\\Program Files\\Kuaiwan\\Kuaiwan.exe:*:Enabled:KUAIWAN4.0 -- (Shenzhen QVOD Technology Co.,Ltd)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"{048298C9-A4D3-490B-9FF9-AB023A9238F3}\" = Steam

\"{08208143-777D-4A06-BB54-71BF0AD1BB70}\" = IPTInstaller

\"{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}\" = PIF DESIGNER2.1

\"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\" = ATI Control Panel

\"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}\" = BrowserDefender

\"{18D10072035C4515918F7E37EAFAACFC}\" = AutoUpdate

\"{20D4A895-748C-4D88-871C-FDB1695B0169}\" = Platform

\"{2236B741-6631-49AE-B76E-3E14CA01CC87}\" = RemoteCapture Task

\"{23B59ED4-C360-11D7-875B-0090CC005647}\" = EPSON PRINT Image Framer Tool2.1

\"{2F151B50-B434-4838-B51D-70442EBA093E}\" = OpenMG Secure Module 4.1.00

\"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\" = WebFldrs XP

\"{434D452D-5637-006A-76A7-A758B70C0300}\" = Ask Toolbar

\"{45A66726-69BC-466B-A7A4-12FCBA4883D7}\" = HiJackThis

\"{65F5B7AF-3363-11D7-BB6B-00018021113F}\" = EPSON PhotoQuicker3.5

\"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\" = PowerDVD

\"{7B63B2922B174135AFC0E1377DD81EC2}\" = DivX

\"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\" = EPSON Web-To-Page

\"{8ADFC4160D694100B5B8A22DE9DCABD9}\" = DivX Player

\"{90120000-0010-0409-0000-0000000FF1CE}\" = Microsoft Software Update for Web Folders  (English) 12

\"{90120000-0016-0409-0000-0000000FF1CE}\" = Microsoft Office Excel MUI (English) 2007

\"{90120000-0018-0409-0000-0000000FF1CE}\" = Microsoft Office PowerPoint MUI (English) 2007

\"{90120000-001B-0409-0000-0000000FF1CE}\" = Microsoft Office Word MUI (English) 2007

\"{90120000-001F-0409-0000-0000000FF1CE}\" = Microsoft Office Proof (English) 2007

\"{90120000-001F-040C-0000-0000000FF1CE}\" = Microsoft Office Proof (French) 2007

\"{90120000-001F-0C0A-0000-0000000FF1CE}\" = Microsoft Office Proof (Spanish) 2007

\"{90120000-002C-0409-0000-0000000FF1CE}\" = Microsoft Office Proofing (English) 2007

\"{90120000-006E-0409-0000-0000000FF1CE}\" = Microsoft Office Shared MUI (English) 2007

\"{90120000-00A1-0409-0000-0000000FF1CE}\" = Microsoft Office OneNote MUI (English) 2007

\"{90120000-0115-0409-0000-0000000FF1CE}\" = Microsoft Office Shared Setup Metadata MUI (English) 2007

\"{91120000-002F-0000-0000-0000000FF1CE}\" = Microsoft Office Home and Student 2007

\"{93D2C527-3C7F-4D25-8648-B5B681D16A39}\" = D-Link DWA-123

\"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}\" = Software Version Updater

\"{A0EB195B-5876-48E6-879D-33D4B2102610}\" = SonicStage 3.0

\"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}\" = Microsoft .NET Framework 3.0 Service Pack 2

\"{AC76BA86-7AD7-1033-7B44-AA1000000001}\" = Adobe Reader X (10.1.7)

\"{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}\" = ACDSee 5.0 Standard

\"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}\" = Microsoft .NET Framework 2.0 Service Pack 2

\"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}\" = Symantec Network Drivers Update

\"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}\" = Microsoft .NET Framework 3.5 SP1

\"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\" = ScanToWeb

\"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}\" = PhotoStitch

\"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\" = Realtek High Definition Audio Driver

\"{F99F74B4-972B-4B06-B893-6B3B0DB0128B}\" = ACDSee Pro

\"{FB08F381-6533-4108-B7DD-039E11FBC27E}\" = Realtek AC\'97 Audio

\"1ClickDownload\" = HDPlayer

\"Ad-Aware SE Professional\" = Ad-Aware SE Professional

\"Addr201305\" = Addr

\"Adobe Flash Player ActiveX\" = Adobe Flash Player 10 ActiveX

\"Adobe SVG Viewer\" = Adobe SVG Viewer 3.0

\"Agere Systems Soft Modem\" = Agere Systems PCI Soft Modem

\"All ATI Software\" = ATI - Software Uninstall Utility

\"All-in-one 3D Space Screensavers Bundle_is1\" = All-in-One Space Bundle

\"ATI Display Driver\" = ATI Display Driver

\"delta\" = Delta toolbar  

\"Delta Chrome Toolbar\" = Delta Chrome Toolbar

\"EPSON Printer and Utilities\" = EPSON Printer Software

\"ESC45 Reference Guide\" = ESC45 Reference Guide

\"ESC45 Software Guide\" = ESC45 Software Guide

\"HDvid Codec V1\" = HDvid Codec V1

\"HOMESTUDENTR\" = Microsoft Office Home and Student 2007

\"ie8\" = Windows Internet Explorer 8

\"im\" = Garena Plus

\"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}\" = VIA Platform Device Manager

\"InstallShield_{2236B741-6631-49AE-B76E-3E14CA01CC87}\" = Canon RemoteCapture Task for ZoomBrowser EX

\"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}\" = OpenMG Secure Module 4.1.00

\"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}\" = Canon Utilities PhotoStitch 3.1

\"Kuaiwan\" = 快玩 V3.3.0.6

\"KuaiwanWebsite\" = KuaiwanWebsite 1.0

\"KwMusic7\" = 酷我音乐 2013

\"LiveUpdate\" = LiveUpdate 2.6 (Symantec Corporation)

\"Microsoft .NET Framework 3.5 SP1\" = Microsoft .NET Framework 3.5 SP1

\"Mozilla Firefox 4.0 (x86 en-US)\" = Mozilla Firefox 4.0 (x86 en-US)

\"Nero - Burning Rom!UninstallKey\" = Nero 6 Enterprise Edition

\"OpenMG HotFix4.1-05-13-31-01\" = OpenMG Limited Patch 4.1-05-13-31-01

\"PhotoRecord\" = Canon PhotoRecord

\"PPSGame\" = PPS游戏 V1.2.2.10

\"PPStream\" = PPS影音 V3.1.0.1107 正式版

\"QuickTime\" = QuickTime

\"QvodPlayer\" = 快播 5.15.145

\"Spybot - Search & Destroy_is1\" = Spybot - Search & Destroy 1.3

\"SuperCleaner\" = SuperCleaner

\"VIA Chrome9 HC IGP Family Display\" = VIA Display Driver 6.14.10.0099

\"VLC media player\" = VLC media player 1.0.1

\"VN_VUIns_Rhine_VIA\" = VIA Rhine-Family Fast-Ethernet Adapter

\"WIC\" = Windows Imaging Component

\"Windows Media Format Runtime\" = Windows Media Format Runtime

\"Windows Media Player\" = Windows Media Player 10

\"Windows XP Service Pack\" = Windows XP Service Pack 3

\"WinRAR archiver\" = WinRAR archiver

\"WinZip\" = WinZip

\"影视搜索\" = 影视搜索

\"爱奇艺视频\" = 爱奇艺视频2.0

\"酷我游戏\" = 酷我游戏 2.1.1.1

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"Google Chrome\" = Google Chrome

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083


 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083


 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083


 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083


 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083


 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083


 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083


 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083


 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 7/17/2013 10:28:46 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number


 with error: This operation returned because the timeout period expired.  

 

Error - 7/17/2013 10:28:46 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number


 with error: The specified server cannot perform the requested operation.  

 

[ System Events ]

Error - 7/7/2013 9:04:19 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server

 sent a DHCPNACK message).

 

Error - 7/7/2013 9:04:45 AM | Computer Name = INTEL-8271358DF | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

   IntelIde  PCIIde  ViaIde

 

Error - 7/7/2013 9:11:58 AM | Computer Name = INTEL-8271358DF | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for Type with the following error:

   %%5

 

Error - 7/13/2013 4:20:35 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server

 sent a DHCPNACK message).

 

Error - 7/13/2013 4:26:20 AM | Computer Name = INTEL-8271358DF | Source = Tcpip | ID = 4199

Description = The system detected an address conflict for IP address 192.168.1.2

 with the system  having network hardware address 44:6D:57:3B:CC:17. Network operations

 on this system may  be disrupted as a result.

 

Error - 7/14/2013 1:18:49 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server

 sent a DHCPNACK message).

 

Error - 7/22/2013 1:17:02 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server

 sent a DHCPNACK message).

 

Error - 7/23/2013 1:43:57 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server

 sent a DHCPNACK message).

 

Error - 7/23/2013 3:00:34 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server

 sent a DHCPNACK message).

 

Error - 7/23/2013 7:27:59 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server

 sent a DHCPNACK message).

 

 

< End of report >
Logged

Offline erikiholloman

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
can't remove homepage in IE & chrome
« Reply #4 on: September 10, 2013, 12:29:33 PM »
# AdwCleaner v3.003 - Report created 11/09/2013 at 01:18:58

# Updated 07/09/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Windows xp - INTEL-8271358DF

# Running from : C:\\Documents and Settings\\Windows xp\\Desktop\\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : APNMCP

Service Deleted : BrowserDefendert

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\\Documents and Settings\\All Users\\Application Data\\apn

Folder Deleted : C:\\Documents and Settings\\All Users\\Application Data\\AskPartnerNetwork

Folder Deleted : C:\\Documents and Settings\\All Users\\Application Data\\Babylon

[!] Folder Deleted : C:\\Documents and Settings\\All Users\\Application Data\\BrowserDefender

Folder Deleted : C:\\Program Files\\AskPartnerNetwork

Folder Deleted : C:\\Program Files\\baidu

Folder Deleted : C:\\Program Files\\delta

Folder Deleted : C:\\Program Files\\HDvidCodec.com

Folder Deleted : C:\\DOCUME~1\\WINDOW~1\\LOCALS~1\\Temp\\apn

Folder Deleted : C:\\Documents and Settings\\Windows xp\\IECompatCache

Folder Deleted : C:\\Documents and Settings\\Windows xp\\Application Data\\BabSolution

Folder Deleted : C:\\Documents and Settings\\Windows xp\\Application Data\\delta

Folder Deleted : C:\\Documents and Settings\\Windows xp\\Application Data\\SwvUpdater

Folder Deleted : C:\\Documents and Settings\\Windows xp\\Start Menu\\Programs\\BrowserDefender

Folder Deleted : C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\Extensions\\[email protected]

Folder Deleted : C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\Extensions\\[email protected]

[!] Folder Deleted : C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\eooncjejnppfjjklapaamhcdmjbilmde

File Deleted : C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\bProtector_extensions.rdf

File Deleted : C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\bprotector_extensions.sqlite

File Deleted : C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\bprotector_prefs.js

File Deleted : C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\user.js

File Deleted : C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\bProtector Web Data

File Deleted : C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\bprotectorpreferences

File Deleted : C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage

File Deleted : C:\\WINDOWS\\Tasks\\AmiUpdXp.job

File Deleted : C:\\WINDOWS\\Tasks\\BrowserDefendert.job

File Deleted : C:\\WINDOWS\\Tasks\\EPUpdater.job

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\\SOFTWARE\\Google\\Chrome\\Extensions\\eooncjejnppfjjklapaamhcdmjbilmde

Value Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\Main [bprotector start page]

Value Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes [bProtectorDefaultScope]

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\bProtectSettings

Value Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run [NTRedirect]

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\escort.DLL

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\escortApp.DLL

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\escortEng.DLL

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\escorTlbr.DLL

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\esrv.EXE

Key Deleted : HKLM\\SOFTWARE\\Classes\\delta.deltaappCore

Key Deleted : HKLM\\SOFTWARE\\Classes\\delta.deltaappCore.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\delta.deltadskBnd

Key Deleted : HKLM\\SOFTWARE\\Classes\\delta.deltadskBnd.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\delta.deltaHlpr

Key Deleted : HKLM\\SOFTWARE\\Classes\\delta.deltaHlpr.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\escort.escortIEPane

Key Deleted : HKLM\\SOFTWARE\\Classes\\escort.escortIEPane.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\esrv.deltaESrvc

Key Deleted : HKLM\\SOFTWARE\\Classes\\esrv.deltaESrvc.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\Prod.cap

Key Deleted : HKLM\\SOFTWARE\\Classes\\Updater.AmiUpd

Key Deleted : HKLM\\SOFTWARE\\Classes\\Updater.AmiUpd.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\CrossriderApp0034362.BHO

Key Deleted : HKLM\\SOFTWARE\\Classes\\CrossriderApp0034362.BHO.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\CrossriderApp0034362.Sandbox

Key Deleted : HKLM\\SOFTWARE\\Classes\\CrossriderApp0034362.Sandbox.1

Key Deleted : HKCU\\Software\\5b558dd9b23cbe17

Key Deleted : HKLM\\SOFTWARE\\5b558dd9b23cbe17

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{39CB8175-E224-4446-8746-00566302DF8D}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{261DD098-8A3E-43D4-87AA-63324FA897D8}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{67BD9EEB-AA06-4329-A940-D250019300C9}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{86838207-681D-469D-9511-D0DCC6F19F9B}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{11111111-1111-1111-1111-110311431162}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{22222222-2222-2222-2222-220322432262}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{1231839B-064E-4788-B865-465A1B5266FD}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{57C91446-8D81-4156-A70E-624551442DE9}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{B177446D-54A4-4869-BABC-8566110B4BE0}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{55555555-5555-5555-5555-550355435562}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{66666666-6666-6666-6666-660366436662}

Key Deleted : HKLM\\SOFTWARE\\Classes\\TypeLib\\{39CB8175-E224-4446-8746-00566302DF8D}

Key Deleted : HKLM\\SOFTWARE\\Classes\\TypeLib\\{4599D05A-D545-4069-BB42-5895B4EAE05B}

Key Deleted : HKLM\\SOFTWARE\\Classes\\TypeLib\\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\\SOFTWARE\\Classes\\TypeLib\\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Key Deleted : HKLM\\SOFTWARE\\Classes\\TypeLib\\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\\SOFTWARE\\Classes\\TypeLib\\{44444444-4444-4444-4444-440344434462}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{11111111-1111-1111-1111-110311431162}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\PreApproved\\{11111111-1111-1111-1111-110311431162}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}

Key Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]

Key Deleted : HKCU\\Software\\1ClickDownload

Key Deleted : HKCU\\Software\\AskPartnerNetwork

Key Deleted : HKCU\\Software\\BabSolution

Key Deleted : HKCU\\Software\\Crossrider

Key Deleted : HKCU\\Software\\DataMngr

  • Key Deleted : HKCU\\Software\\DataMngr_Toolbar

Key Deleted : HKCU\\Software\\Delta

Key Deleted : HKCU\\Software\\InstalledBrowserExtensions

Key Deleted : HKLM\\Software\\AskPartnerNetwork

Key Deleted : HKLM\\Software\\DataMngr

Key Deleted : HKLM\\Software\\Delta

Key Deleted : HKLM\\Software\\InstallIQ

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\1ClickDownload

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Delta Chrome Toolbar

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Delta

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IM

Data Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows [AppInit_DLLs] - c:\\docume~1\\alluse~1\\applic~1\\browse~1\\261562~1.220\\{c16c1~1\\browse~1.dll

 

***** [ Browsers ] *****

 

-\\\\ Internet Explorer v8.0.6001.18702

 

Setting Restored : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\AboutURls [Tabs]

Setting Restored : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\AboutURls [bProtectTabs]

 

-\\\\ Mozilla Firefox v4.0 (en-US)

 

[ File : C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\prefs.js ]

 


 

-\\\\ Google Chrome v

 

[ File : C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\preferences ]

 

Deleted : urls_to_restore_on_startup

 

*************************

 

AdwCleaner[R0].txt - [11191 octets] - [11/09/2013 01:15:39]

AdwCleaner[S0].txt - [11039 octets] - [11/09/2013 01:18:58]

 

########## EOF - C:\\AdwCleaner\\AdwCleaner[S0].txt - [11100 octets] ##########
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
can't remove homepage in IE & chrome
« Reply #5 on: September 10, 2013, 12:37:39 PM »
You used the CLEAN option in Adwcleaner.exe, can I have you reopen Adwcleaner and this time run the SEARCH SCAN feature, when done click on REPORT and post the new log
« Last Edit: September 10, 2013, 12:52:44 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline erikiholloman

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
can't remove homepage in IE & chrome
« Reply #6 on: September 10, 2013, 12:54:40 PM »
# AdwCleaner v3.003 - Report created 11/09/2013 at 01:53:26

# Updated 07/09/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Windows xp - INTEL-8271358DF

# Running from : C:\\Documents and Settings\\Windows xp\\Desktop\\adwcleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Found C:\\Documents and Settings\\Windows xp\\IECompatCache

Folder Found C:\\Program Files\\baidu

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\\\ Internet Explorer v8.0.6001.18702

 

 

-\\\\ Mozilla Firefox v4.0 (en-US)

 

[ File : C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\prefs.js ]

 

 

-\\\\ Google Chrome v

 

[ File : C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [11191 octets] - [11/09/2013 01:15:39]

AdwCleaner[R1].txt - [1001 octets] - [11/09/2013 01:53:26]

AdwCleaner[S0].txt - [11181 octets] - [11/09/2013 01:18:58]

 

########## EOF - C:\\AdwCleaner\\AdwCleaner[R1].txt - [1122 octets] ##########
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
can't remove homepage in IE & chrome
« Reply #7 on: September 10, 2013, 01:08:29 PM »
Let\'s see what leftovers we can find....
I updated my canned speech to Adwcleaner as it was outdated..
Just noticed there was no more Search feature

Can you do the following please:
Delete the reports of OTL.tx and Extras.txt on desktop
We\'re going to redo OTL.exe in a bit and post new logs.. See what\'s leftover

Don\'t run OTL.exe yet, instead do the following:
Please download http://www.bleepingcomputer.com/download/junkware-removal-tool/\'>Junkware Removal Tool to your desktop.

Run the tool by double-clicking it.
The tool will open, select any key to start scanning your system.
Please be patient as this can take a while to complete depending on your system\'s specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Reopen OTL.exe Select \'Use Safelist\' under Extra Registry, don\'t change any other settings, then choose to Run a Scan, when done, post the log that opens>> OTL.txt and also Extras.txt
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline erikiholloman

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
can't remove homepage in IE & chrome
« Reply #8 on: September 10, 2013, 01:28:00 PM »
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.9 (09.07.2013:1)

OS: Microsoft Windows XP x86

Ran by Windows xp on 09/11/2013 Wed at  2:18:15.78

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\\\AppInit_DLLs

Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\AboutURLs\\\\bProtectTabs

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\addresssearch.jsobject

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\addresssearch.jsobject.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\addresssearch.snavhttpprotocol

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\addresssearch.snavhttpprotocol.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\asbarbroker.bdbroker

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\asbarbroker.bdbroker.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\Interface\\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\InternetRegistry\\REGISTRY\\USER\\S-1-5-21-527237240-287218729-725345543-1003\\Software\\SweetIM

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] \"C:\\Program Files\\baidu\"

Successfully deleted: [Folder] \"C:\\Program Files\\free video converter\"

 

 

 

~~~ FireFox

 

Successfully deleted the following from C:\\Documents and Settings\\Windows xp\\Application Data\\mozilla\\firefox\\profiles\\7cuu0kyg.default\\prefs.js

 


 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 09/11/2013 Wed at  2:24:30.17

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Logged

Offline erikiholloman

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
can't remove homepage in IE & chrome
« Reply #9 on: September 10, 2013, 01:36:49 PM »
OTL logfile created on: 9/11/2013 2:28:40 AM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Documents and Settings\\Windows xp\\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

958.42 Mb Total Physical Memory | 593.66 Mb Available Physical Memory | 61.94% Memory free

2.26 Gb Paging File | 2.02 Gb Available in Paging File | 89.42% Paging File free

Paging file location(s): C:\\pagefile.sys 1440 2880 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\WINDOWS | %ProgramFiles% = C:\\Program Files

Drive C: | 48.83 Gb Total Space | 27.23 Gb Free Space | 55.76% Space Free | Partition Type: NTFS

Drive F: | 25.68 Gb Total Space | 25.02 Gb Free Space | 97.42% Space Free | Partition Type: FAT32

 

Computer Name: INTEL-8271358DF | User Name: Windows xp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/09/11 01:00:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Documents and Settings\\Windows xp\\Desktop\\OTL.exe

PRC - [2013/09/03 04:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

PRC - [2013/08/22 19:29:32 | 001,261,184 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\\Program Files\\QvodPlayer\\QvodTerminal.exe

PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\\Program Files\\HTC\\Internet Pass-Through\\PassThruSvr.exe

PRC - [2010/08/16 15:51:30 | 000,061,440 | ---- | M] () -- C:\\Program Files\\D-Link\\DWA-123\\ALPBCSVC.exe

PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\\WINDOWS\\system32\\WgaTray.exe

PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\\WINDOWS\\explorer.exe

PRC - [2008/04/14 08:12:15 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\\WINDOWS\\system32\\conime.exe

PRC - [2004/01/14 02:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_S4I3T1.EXE

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/09/03 04:35:56 | 000,410,576 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\29.0.1547.66\\ppgooglenaclpluginchrome.dll

MOD - [2013/09/03 04:35:54 | 004,053,456 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\29.0.1547.66\\pdf.dll

MOD - [2013/09/03 04:35:01 | 001,604,560 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\29.0.1547.66\\ffmpegsumo.dll

MOD - [2013/08/21 19:03:42 | 004,218,288 | ---- | M] () -- C:\\Program Files\\QvodPlayer\\QvodRes.dll

MOD - [2013/08/01 23:29:20 | 000,138,880 | ---- | M] () -- C:\\Program Files\\QvodPlayer\\NetUtil.dll

MOD - [2013/07/07 21:08:40 | 000,073,728 | ---- | M] () -- C:\\WINDOWS\\system32\\ANPDApi.dll

MOD - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\\Program Files\\HTC\\Internet Pass-Through\\PassThruSvr.exe

MOD - [2010/08/16 15:51:30 | 000,061,440 | ---- | M] () -- C:\\Program Files\\D-Link\\DWA-123\\ALPBCSVC.exe

 

 

========== Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\\System32\\hidserv.dll -- (HidServ)

SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\\Program Files\\HTC\\Internet Pass-Through\\PassThruSvr.exe -- (PassThru Service)

SRV - [2012/11/19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Steam\\SteamService.exe -- (Steam Client Service)

SRV - [2010/08/16 15:51:30 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\\Program Files\\D-Link\\DWA-123\\ALPBCSVC.exe -- (D-Link DWA-123_PBC_WPS)

SRV - [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Symantec Shared\\SNDSrvc.exe -- (SNDSrvc)

SRV - [2005/01/26 15:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2005/01/26 15:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2005/01/26 15:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\SPTISRV.exe -- (SPTISRV)

SRV - [2005/01/24 18:36:52 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\SSScsiSV.exe -- (SSScsiSV)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\RTL8139.SYS -- (rtl8139)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\\INSTALL\\GMSIPCI.SYS -- (GMSIPCI)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\\Program Files\\Garena Plus\\Room\\safedrv.sys -- (GGSAFERDriver)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2013/07/07 21:08:40 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:\\WINDOWS\\system32\\ANPD.SYS -- (ANPD)

DRV - [2012/12/07 18:27:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\\WINDOWS\\system32\\drivers\\htcnprot.sys -- (htcnprot)

DRV - [2012/01/06 10:23:10 | 001,224,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\\WINDOWS\\system32\\drivers\\Drt2870.sys -- (rt2870)

DRV - [2008/04/24 00:30:33 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\pfc.sys -- (pfc)

DRV - [2007/10/18 18:28:52 | 000,052,224 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\\WINDOWS\\system32\\drivers\\ViPrt.sys -- (ViPrt)

DRV - [2007/10/18 18:28:30 | 000,016,896 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\\WINDOWS\\system32\\drivers\\ViBus.sys -- (ViBus)

DRV - [2007/10/16 18:38:30 | 004,615,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2007/09/21 17:49:10 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\\WINDOWS\\system32\\drivers\\videX32.sys -- (videX32)

DRV - [2007/07/11 13:08:46 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\S3gIGPm.sys -- (S3GIGP)

DRV - [2006/01/03 15:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\\Program Files\\Symantec\\SYMEVENT.SYS -- (SymEvent)

DRV - [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\\WINDOWS\\system32\\drivers\\symtdi.sys -- (SYMTDI)

DRV - [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\\WINDOWS\\system32\\drivers\\symredrv.sys -- (SYMREDRV)

DRV - [2005/03/23 11:00:57 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\WINDOWS\\system32\\drivers\\ati2mtag.sys -- (ati2mtag)

DRV - [2005/03/16 14:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\\WINDOWS\\system32\\drivers\\BIOS.sys -- (BIOS)

DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\AGRSM.sys -- (AgereSoftModem)

DRV - [2004/09/21 19:53:18 | 002,278,784 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\\WINDOWS\\system32\\drivers\\ALCXWDM.SYS -- (ALCXWDM)

DRV - [2004/09/01 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\\WINDOWS\\system32\\drivers\\fsvga.sys -- (FsVga)

DRV - [2004/04/13 20:14:12 | 000,070,144 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\\WINDOWS\\system32\\drivers\\Rtlnicxp.sys -- (RTL8023xp)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,Default_Search_URL = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKLM\\..\\SearchScopes,DefaultScope = 

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com/search?q=\'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Page = http://www.google.com\'>http://www.google.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKCU\\..\\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}

IE - HKCU\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com.my/search?q=\'>http://www.google.com.my/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enMY374

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: \"Google\"

FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.0.374

FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.0.374

FF - user.js - File not found

 

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WPF,version=3.5: c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@qvod.com/QvodInsert: C:\\Program Files\\QvodPlayer\\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)

FF - HKLM\\Software\\MozillaPlugins\\@qvod.com/QvodShare: C:\\Program Files\\QvodPlayer\\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)

FF - HKLM\\Software\\MozillaPlugins\\@t.garena.com/garenatalk: C:\\Program Files\\Garena Plus\\bbtalk\\plugins\\npPlugin\\npGarenaTalkPlugin.dll ( Garena)

FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@qvod.com/QvodInsert: C:\\Program Files\\QvodPlayer\\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Update\\1.3.21.153\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Update\\1.3.21.153\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\KuaiWanInsert: C:\\Program Files\\QvodPlayer\\AddIn\\KWWebgame\\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)

 

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 4.0\\extensions\\\\Components: C:\\Program Files\\Mozilla Firefox\\components [2007/12/21 06:46:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 4.0\\extensions\\\\Plugins: C:\\Program Files\\Mozilla Firefox\\plugins [2013/07/07 08:10:52 | 000,000,000 | ---D | M]

 

[2007/12/21 06:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Extensions

[2013/09/11 01:19:06 | 000,000,000 | ---D | M] (No name found) -- C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\extensions

[2011/03/10 18:07:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\extensions\\{20a82645-c095-46ed-80e3-08825760534b}

[2013/09/06 20:13:44 | 000,000,000 | ---D | M] (HDvid Codec 3) -- C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\extensions\\[email protected]

[2013/06/30 16:44:04 | 000,233,016 | ---- | M] () (No name found) -- C:\\Documents and Settings\\Windows xp\\Application Data\\Mozilla\\Firefox\\Profiles\\7cuu0kyg.default\\extensions\\[email protected]

[2007/12/21 06:42:25 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files\\Mozilla Firefox\\extensions

File not found (No name found) -- C:\\PROGRAM FILES\\KASPERSKY LAB\\KASPERSKY ANTI-VIRUS 2012\\FFEXT\\[email protected]

File not found (No name found) -- C:\\PROGRAM FILES\\MOZILLA FIREFOX\\EXTENSIONS\\[email protected]

[2011/03/19 01:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\\Program Files\\mozilla firefox\\components\\browsercomps.dll

[2004/06/09 16:03:02 | 000,832,728 | ---- | M] () -- C:\\Program Files\\mozilla firefox\\plugins\\NPSWF32.dll

[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\\Program Files\\mozilla firefox\\searchplugins\\bing.xml

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = http://www.google.com/search?q=\'>http://www.google.com/search?q={searchTerms}

CHR - default_search_provider: suggest_url = ,

CHR - homepage: 

CHR - plugin: Shockwave Flash (Enabled) = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\29.0.1547.66\\PepperFlash\\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\29.0.1547.66\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\29.0.1547.66\\pdf.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\dchlnpcodkpfdpacogkljefecpegganj\\12.0.0.374_0\\plugin/npUrlAdvisor.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjldcfjmnllhmgjclecdnfampinooman\\12.0.0.374_0\\plugin/npABPlugin.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\jagncdcchgajhfhijbbhecadmaiegcmh\\12.0.0.374_0\\plugin/npVKPlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\NPOFF12.DLL

CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin7.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\NPSWF32.dll

CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\\Program Files\\Windows Media Player\\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\\Program Files\\Windows Media Player\\npdsplay.dll

CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\\Program Files\\Windows Media Player\\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\\Program Files\\Google\\Update\\1.3.21.79\\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll

CHR - Extension: Google Drive = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\6.3_1\\

CHR - Extension: YouTube = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_1\\

CHR - Extension: Google Search = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_1\\

CHR - Extension: Chrome In-App Payments service = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.4.10_1\\

CHR - Extension: Gmail = C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_0\\

 

O1 HOSTS File: ([2004/09/01 08:00:00 | 000,000,734 | ---- | M]) - C:\\WINDOWS\\system32\\drivers\\etc\\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (A4A90076-33D2-E65C-558E-75B41A2B8C68 Class) - {A4A90076-33D2-E65C-558E-75B41A2B8C68} - C:\\Program Files\\addr\\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\\AddressBar.dll ()

O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\\Program Files\\QvodPlayer\\QvodExtend\\5.0.95.0\\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\\Program Files\\EPSON\\EPSON Web-To-Page\\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\\..\\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\\Program Files\\EPSON\\EPSON Web-To-Page\\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKCU\\..\\Toolbar\\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\\Program Files\\EPSON\\EPSON Web-To-Page\\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O4 - HKLM..\\Run: [EPSON Stylus C45 Series] C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3T1.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\\Run: [PHIME2002A] C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName File not found

O4 - HKLM..\\Run: [PHIME2002ASync] C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC File not found

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoCDBurning = 0

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: 使用快播按图找片 - C:\\Program Files\\QvodPlayer\\AddIn\\ImgSeed.htm ()

O15 - HKCU\\..Trusted Domains: pps.tv ([]http in Trusted sites)

O15 - HKCU\\..Trusted Domains: ppstream.com ([]http in Trusted sites)

O15 - HKCU\\..Trusted Domains: webscache.com ([]http in Trusted sites)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\'>http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{B44AD91F-9084-47ED-BFD0-4C5FEE5FCF25}: DhcpNameServer = 192.168.1.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{B44AD91F-9084-47ED-BFD0-4C5FEE5FCF25}: NameServer = 202.188.0.133,202.188.1.5

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{DBF7827C-2DE6-48DD-BFC5-D8B619D1E10C}: NameServer = 202.188.0.133,202.188.1.5

O18 - Protocol\\Handler\\kuwo - No CLSID value found

O18 - Protocol\\Handler\\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\\WINDOWS\\system32\\textwareilluminatorbaseProtocol.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\\WINDOWS\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\\WINDOWS\\system32\\userinit.exe) - C:\\WINDOWS\\system32\\userinit.exe (Microsoft Corporation)

O20 - Winlogon\\Notify\\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\\WINDOWS\\System32\\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Microsoft\\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Microsoft\\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/06/15 10:19:01 | 000,000,000 | ---- | M] () - C:\\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell\\AutoRun - \"\" = Auto&Play

O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell\\AutoRun\\command - \"\" = G:\\HTC_Sync_Manager_PC.exe

O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\AutoRun\\command - \"\" = G:\\password_viewer.exe %1

O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\Explore\\command - \"\" = G:\\password_viewer.exe %1

O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\Open\\command - \"\" = G:\\password_viewer.exe %1

O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell\\AutoRun - \"\" = Auto&Play

O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell\\AutoRun\\command - \"\" = E:\\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2107/12/21 17:14:47 | 000,000,000 | R--D | C] -- C:\\Documents and Settings\\Windows xp\\My Documents\\My Pictures

[2013/09/11 02:18:12 | 000,000,000 | ---D | C] -- C:\\WINDOWS\\ERUNT

[2013/09/11 01:22:15 | 000,000,000 | -HSD | C] -- C:\\Documents and Settings\\Windows xp\\IECompatCache

[2013/09/11 01:15:37 | 000,000,000 | ---D | C] -- C:\\AdwCleaner

[2013/09/11 01:00:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Documents and Settings\\Windows xp\\Desktop\\OTL.exe

[2013/09/11 00:22:34 | 000,000,000 | ---D | C] -- C:\\Program Files\\Trend Micro

[2013/09/11 00:22:34 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Windows xp\\Start Menu\\Programs\\HiJackThis

[2013/09/10 18:37:11 | 000,000,000 | -H-D | C] -- C:\\Documents and Settings\\All Users\\Device

[2013/09/10 18:37:01 | 000,000,000 | --SD | C] -- C:\\KuaiwanGames

[2013/09/10 14:35:00 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\快播软件

[2013/09/10 14:33:43 | 000,000,000 | ---D | C] -- C:\\Program Files\\QMovie

[2013/09/10 14:33:43 | 000,000,000 | ---D | C] -- C:\\Program Files\\Kuaiwan

[2013/09/10 14:33:43 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\KuaiWan

[2013/09/10 14:33:38 | 000,000,000 | ---D | C] -- C:\\Program Files\\QvodPlayer

[2013/09/10 14:33:38 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\QvodPlayer

[2013/09/07 15:13:11 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\LocalStorage

[2013/09/06 20:14:01 | 000,000,000 | ---D | C] -- C:\\Program Files\\HDvid Codec V1

[2013/09/06 20:12:59 | 000,000,000 | ---D | C] -- C:\\Program Files\\FreeHDSport.TV

[2013/09/06 20:12:51 | 000,000,000 | ---D | C] -- C:\\Program Files\\HDPlayer

[2013/09/06 20:12:51 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Windows xp\\Start Menu\\Programs\\HDPlayer

[2013/09/06 20:00:06 | 000,000,000 | ---D | C] -- C:\\qiyi

[2013/09/06 19:59:51 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Windows xp\\Application Data\\Qiyi

[2013/09/06 19:59:39 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\QiYi

[2013/09/06 19:53:40 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Windows xp\\Application Data\\baiduAddr

[2013/09/06 19:53:35 | 000,000,000 | ---D | C] -- C:\\Program Files\\addr

[2013/09/06 19:53:27 | 000,000,000 | ---D | C] -- C:\\Program Files\\PPSGame

[2013/09/06 19:52:38 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Documents\\ppstream

[2013/09/06 19:52:38 | 000,000,000 | ---D | C] -- C:\\ppsfile

[2013/09/06 19:52:37 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\PPStream

[2013/09/06 19:52:26 | 000,000,000 | ---D | C] -- C:\\Program Files\\PPStream

[2013/08/27 20:55:29 | 000,000,000 | ---D | C] -- C:\\WINDOWS\\System32\\LogFiles

[2013/08/26 20:11:00 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\avgchrome

[2013/08/26 20:02:11 | 000,000,000 | ---D | C] -- C:\\Program Files\\dumps

[2013/08/26 20:00:21 | 000,000,000 | ---D | C] -- C:\\Program Files\\Common Files\\Steam

[2013/08/26 20:00:19 | 000,000,000 | ---D | C] -- C:\\Program Files\\Steam

[2013/08/26 20:00:19 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Steam

[2 C:\\WINDOWS\\*.tmp files -> C:\\WINDOWS\\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2113/03/08 09:08:19 | 000,000,432 | -H-- | M] () -- C:\\WINDOWS\\tasks\\User_Feed_Synchronization-{36D868C8-689F-4EB6-B057-451A314795A9}.job

[2107/12/21 20:36:54 | 1005,076,480 | ---- | M] () -- C:\\WINDOWS\\MEMORY.DMP

[2013/09/11 02:15:02 | 000,001,210 | ---- | M] () -- C:\\WINDOWS\\tasks\\HDvid Codec V1-updater.job

[2013/09/11 02:15:00 | 000,001,204 | ---- | M] () -- C:\\WINDOWS\\tasks\\HDvid Codec V1-codedownloader.job

[2013/09/11 02:15:00 | 000,001,114 | ---- | M] () -- C:\\WINDOWS\\tasks\\HDvid Codec V1-enabler.job

[2013/09/11 02:09:00 | 000,000,998 | ---- | M] () -- C:\\WINDOWS\\tasks\\GoogleUpdateTaskUserS-1-5-21-527237240-287218729-725345543-1003UA.job

[2013/09/11 01:20:24 | 000,002,206 | ---- | M] () -- C:\\WINDOWS\\System32\\wpa.dbl

[2013/09/11 01:20:05 | 000,002,048 | --S- | M] () -- C:\\WINDOWS\\bootstat.dat

[2013/09/11 01:20:04 | 1005,047,808 | -HS- | M] () -- C:\\hiberfil.sys

[2013/09/11 01:01:10 | 001,037,278 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\adwcleaner.exe

[2013/09/11 01:00:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Documents and Settings\\Windows xp\\Desktop\\OTL.exe

[2013/09/11 00:22:34 | 000,001,994 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\HiJackThis.lnk

[2013/09/11 00:13:55 | 000,000,211 | -HS- | M] () -- C:\\boot.ini

[2013/09/11 00:13:05 | 000,000,921 | ---- | M] () -- C:\\WINDOWS\\PSNetwork.ini

[2013/09/10 19:11:38 | 000,000,374 | ---- | M] () -- C:\\WINDOWS\\tasks\\Symantec NetDetect.job

[2013/09/10 14:35:00 | 000,001,598 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\快播.lnk

[2013/09/10 14:35:00 | 000,001,586 | ---- | M] () -- C:\\Documents and Settings\\All Users\\Desktop\\快播.lnk

[2013/09/10 14:19:13 | 000,000,921 | ---- | M] () -- C:\\WINDOWS\\PowerPlayer.ini

[2013/09/10 14:19:13 | 000,000,148 | ---- | M] () -- C:\\WINDOWS\\PPStream.ini

[2013/09/10 14:19:12 | 000,000,675 | ---- | M] () -- C:\\WINDOWS\\powerlist.ini

[2013/09/07 17:09:03 | 000,000,946 | ---- | M] () -- C:\\WINDOWS\\tasks\\GoogleUpdateTaskUserS-1-5-21-527237240-287218729-725345543-1003Core.job

[2013/09/06 20:12:51 | 000,000,505 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\HDPlayer.lnk

[2013/09/06 19:53:31 | 000,000,702 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\PPS游戏.lnk

[2013/09/06 19:52:58 | 000,000,049 | ---- | M] () -- C:\\WINDOWS\\phw.ini

[2013/09/06 19:52:36 | 000,001,136 | ---- | M] () -- C:\\Documents and Settings\\All Users\\Desktop\\百度视频.lnk

[2013/09/06 19:52:36 | 000,000,746 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\PPS影音.lnk

[2013/09/06 19:52:36 | 000,000,728 | ---- | M] () -- C:\\Documents and Settings\\All Users\\Desktop\\PPS影音.lnk

[2013/09/05 19:48:14 | 000,045,194 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\room_v3.dat

[2013/09/05 17:19:55 | 000,002,341 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk

[2013/09/05 17:19:54 | 000,002,323 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\Google Chrome.lnk

[2013/08/26 20:00:23 | 000,000,664 | ---- | M] () -- C:\\Documents and Settings\\All Users\\Desktop\\Steam.lnk

[2013/08/26 19:59:55 | 001,669,632 | ---- | M] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\SteamInstall.msi

[2013/08/16 13:19:06 | 000,001,374 | ---- | M] () -- C:\\WINDOWS\\imsins.BAK

[2013/08/16 13:09:49 | 000,434,126 | ---- | M] () -- C:\\WINDOWS\\System32\\perfh009.dat

[2013/08/16 13:09:49 | 000,068,412 | ---- | M] () -- C:\\WINDOWS\\System32\\perfc009.dat

[2 C:\\WINDOWS\\*.tmp files -> C:\\WINDOWS\\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/09/11 01:01:23 | 001,037,278 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\adwcleaner.exe

[2013/09/11 00:22:34 | 000,001,994 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\HiJackThis.lnk

[2013/09/10 14:35:00 | 000,001,598 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\快播.lnk

[2013/09/10 14:35:00 | 000,001,586 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Desktop\\快播.lnk

[2013/09/06 20:15:15 | 000,001,210 | ---- | C] () -- C:\\WINDOWS\\tasks\\HDvid Codec V1-updater.job

[2013/09/06 20:15:12 | 000,001,114 | ---- | C] () -- C:\\WINDOWS\\tasks\\HDvid Codec V1-enabler.job

[2013/09/06 20:15:03 | 000,001,204 | ---- | C] () -- C:\\WINDOWS\\tasks\\HDvid Codec V1-codedownloader.job

[2013/09/06 20:12:51 | 000,000,505 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\HDPlayer.lnk

[2013/09/06 19:53:31 | 000,000,702 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\PPS游戏.lnk

[2013/09/06 19:53:31 | 000,000,690 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\PPS 游戏.lnk

[2013/09/06 19:53:12 | 000,000,675 | ---- | C] () -- C:\\WINDOWS\\powerlist.ini

[2013/09/06 19:52:58 | 000,000,049 | ---- | C] () -- C:\\WINDOWS\\phw.ini

[2013/09/06 19:52:37 | 000,000,734 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\PPS 影音.lnk

[2013/09/06 19:52:36 | 000,001,136 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Desktop\\百度视频.lnk

[2013/09/06 19:52:36 | 000,000,746 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\PPS影音.lnk

[2013/09/06 19:52:36 | 000,000,728 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Desktop\\PPS影音.lnk

[2013/09/06 19:52:35 | 000,000,148 | ---- | C] () -- C:\\WINDOWS\\PPStream.ini

[2013/09/06 19:52:26 | 000,000,921 | ---- | C] () -- C:\\WINDOWS\\PSNetwork.ini

[2013/09/06 19:52:26 | 000,000,921 | ---- | C] () -- C:\\WINDOWS\\PowerPlayer.ini

[2013/08/26 20:00:23 | 000,000,664 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Desktop\\Steam.lnk

[2013/08/26 19:59:35 | 001,669,632 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Desktop\\SteamInstall.msi

[2013/08/08 15:42:36 | 000,045,194 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Application Data\\room_v3.dat

[2013/07/07 21:08:40 | 000,073,728 | ---- | C] () -- C:\\WINDOWS\\System32\\ANPDApi.dll

[2013/07/07 21:08:40 | 000,048,640 | ---- | C] () -- C:\\WINDOWS\\System32\\ANPD64.SYS

[2013/07/07 21:08:40 | 000,029,411 | ---- | C] () -- C:\\WINDOWS\\System32\\ANPD.SYS

[2013/07/07 21:08:36 | 000,014,119 | ---- | C] () -- C:\\WINDOWS\\System32\\RaCoInst.dat

[2013/07/07 08:14:10 | 000,003,072 | ---- | C] () -- C:\\WINDOWS\\System32\\iacenc.dll

[2013/06/28 11:40:52 | 000,000,021 | ---- | C] () -- C:\\WINDOWS\\KwYlx.dat

[2007/12/21 00:27:18 | 000,017,408 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\WebpageIcons.db

[2005/06/15 17:39:48 | 000,049,664 | ---- | C] () -- C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== ZeroAccess Check ==========

 

[2010/04/29 22:31:04 | 000,000,227 | RHS- | M] () -- C:\\WINDOWS\\assembly\\Desktop.ini

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shdocvw.dll -- [2008/04/14 08:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = C:\\WINDOWS\\system32\\wbem\\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

\"\" = C:\\WINDOWS\\system32\\wbem\\wbemess.dll -- [2008/04/14 08:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

 

< End of report >
Logged

Offline erikiholloman

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
can't remove homepage in IE & chrome
« Reply #10 on: September 10, 2013, 01:38:21 PM »
OTL Extras logfile created on: 9/11/2013 2:28:40 AM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Documents and Settings\\Windows xp\\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

958.42 Mb Total Physical Memory | 593.66 Mb Available Physical Memory | 61.94% Memory free

2.26 Gb Paging File | 2.02 Gb Available in Paging File | 89.42% Paging File free

Paging file location(s): C:\\pagefile.sys 1440 2880 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\WINDOWS | %ProgramFiles% = C:\\Program Files

Drive C: | 48.83 Gb Total Space | 27.23 Gb Free Space | 55.76% Space Free | Partition Type: NTFS

Drive F: | 25.68 Gb Total Space | 25.02 Gb Free Space | 97.42% Space Free | Partition Type: FAT32

 

Computer Name: INTEL-8271358DF | User Name: Windows xp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL \"%1\",%*

 

[HKEY_CURRENT_USER\\SOFTWARE\\Classes\\<extension>]

.html [@ = ChromeHTML.EAGKUJHGSN5CZ7MNY7YXDD3TQQ] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]

batfile [open] -- \"%1\" %*

cmdfile [open] -- \"%1\" %*

comfile [open] -- \"%1\" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL \"%1\",%*

exefile [open] -- \"%1\" %*

piffile [open] -- \"%1\" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- \"%1\"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- \"%1\" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- \"C:\\Program Files\\ACD Systems\\ACDSee\\8.0.Pro\\ACDSee8Pro.exe\" \"%1\" (ACD Systems Ltd.)

Directory [AddToPlaylistVLC] -- \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --playlist-enqueue \"%1\" ()

Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Directory [kwopen] -- \"C:\\Program Files\\kuwo\\KWMUSIC2013\\KwMusic.exe\" \\dir \"%1\" (酷我科技)

Directory [kwplaylist] -- \"C:\\Program Files\\kuwo\\KWMUSIC2013\\KwMusic.exe\" \\dirlist \"%1\" (酷我科技)

Directory [PlayWithVLC] -- \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --no-playlist-enqueue \"%1\" ()

Folder [open] -- %SystemRoot%\\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]

\"FirstRunDisabled\" = 1

\"AntiVirusDisableNotify\" = 0

\"FirewallDisableNotify\" = 0

\"UpdatesDisableNotify\" = 0

\"AntiVirusOverride\" = 0

\"FirewallOverride\" = 0

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SystemRestore]

\"DisableSR\" = 0

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Sr]

\"Start\" = 0

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SrService]

\"Start\" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile]

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile]

\"EnableFirewall\" = 1

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\GloballyOpenPorts\\List]

\"1900:UDP\" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

\"2869:TCP\" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile\\AuthorizedApplications\\List]

\"%windir%\\system32\\sessmgr.exe\" = %windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

\"%windir%\\Network Diagnostic\\xpnetdiag.exe\" = %windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List]

\"%windir%\\system32\\sessmgr.exe\" = %windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\" = C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus

\"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE\" = C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

\"%windir%\\Network Diagnostic\\xpnetdiag.exe\" = %windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

\"C:\\Program Files\\kuwo\\KWMUSIC2013\\bin\\KwService.exe\" = C:\\Program Files\\kuwo\\KWMUSIC2013\\bin\\KwService.exe:*:Enabled:酷我核心服务 -- ()

\"C:\\Program Files\\kuwo\\KWMUSIC2013\\bin\\KwMusic.exe\" = C:\\Program Files\\kuwo\\KWMUSIC2013\\bin\\KwMusic.exe:*:Enabled:酷我音乐 -- ()

\"C:\\Program Files\\Garena Plus\\Room\\garena_room.exe\" = C:\\Program Files\\Garena Plus\\Room\\garena_room.exe:*:Enabled:garena_room -- ()

\"C:\\Program Files\\Garena Plus\\ggdllhost.exe\" = C:\\Program Files\\Garena Plus\\ggdllhost.exe:*:Enabled:ggdllhost -- ()

\"C:\\Program Files\\Steam\\Steam.exe\" = C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

\"C:\\Documents and Settings\\Windows xp\\Application Data\\PPStream\\ppsupdate.exe\" = C:\\Documents and Settings\\Windows xp\\Application Data\\PPStream\\ppsupdate.exe:*:Enabled:PPSUpdate -- (PPStream Inc.)

\"C:\\Program Files\\PPStream\\PPStream.exe\" = C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPS网络电视 -- (PPStream Inc.)

\"C:\\Program Files\\PPStream\\PPSKernel.exe\" = C:\\Program Files\\PPStream\\PPSKernel.exe:*:Enabled:PPS网络电视 网络数据传输组件 -- (PPStream Inc.)

\"C:\\Program Files\\PPSGame\\PPSGame.exe\" = C:\\Program Files\\PPSGame\\PPSGame.exe:*:Enabled:游戏大厅客户端 -- (PPStream Inc.)

\"C:\\Program Files\\PPSGame\\updatermini.exe\" = C:\\Program Files\\PPSGame\\updatermini.exe:*:Enabled:updater Module -- (PPStream Inc.)

\"C:\\Documents and Settings\\All Users\\Application Data\\QiYi\\QiyiKernel\\App\\QiyiKernel.exe\" = C:\\Documents and Settings\\All Users\\Application Data\\QiYi\\QiyiKernel\\App\\QiyiKernel.exe:*:Enabled:QiyiKernel

\"C:\\Program Files\\iQIYI\\QiyiClient.exe\" = C:\\Program Files\\iQIYI\\QiyiClient.exe:*:Enabled:QIYICLIENT

\"C:\\Program Files\\iQIYI\\QYFollowVideo.exe\" = C:\\Program Files\\iQIYI\\QYFollowVideo.exe:*:Enabled:QYFollowVideo

\"C:\\Documents and Settings\\Windows xp\\My Documents\\Downloads\\QvodSetup5.exe\" = C:\\Documents and Settings\\Windows xp\\My Documents\\Downloads\\QvodSetup5.exe:*:Enabled:LibTerminal4.0 -- (Shenzhen QVOD Technology Co.,Ltd)

\"C:\\Program Files\\QvodPlayer\\QvodTerminal.exe\" = C:\\Program Files\\QvodPlayer\\QvodTerminal.exe:*:Enabled:QvodPlayer -- (Shenzhen QVOD Technology Co.,Ltd)

\"C:\\Program Files\\Kuaiwan\\Kuaiwan.exe\" = C:\\Program Files\\Kuaiwan\\Kuaiwan.exe:*:Enabled:KUAIWAN4.0

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"{048298C9-A4D3-490B-9FF9-AB023A9238F3}\" = Steam

\"{08208143-777D-4A06-BB54-71BF0AD1BB70}\" = IPTInstaller

\"{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}\" = PIF DESIGNER2.1

\"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\" = ATI Control Panel

\"{18D10072035C4515918F7E37EAFAACFC}\" = AutoUpdate

\"{20D4A895-748C-4D88-871C-FDB1695B0169}\" = Platform

\"{2236B741-6631-49AE-B76E-3E14CA01CC87}\" = RemoteCapture Task

\"{23B59ED4-C360-11D7-875B-0090CC005647}\" = EPSON PRINT Image Framer Tool2.1

\"{2F151B50-B434-4838-B51D-70442EBA093E}\" = OpenMG Secure Module 4.1.00

\"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\" = WebFldrs XP

\"{434D452D-5637-006A-76A7-A758B70C0300}\" = Ask Toolbar

\"{45A66726-69BC-466B-A7A4-12FCBA4883D7}\" = HiJackThis

\"{65F5B7AF-3363-11D7-BB6B-00018021113F}\" = EPSON PhotoQuicker3.5

\"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\" = PowerDVD

\"{7B63B2922B174135AFC0E1377DD81EC2}\" = DivX

\"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\" = EPSON Web-To-Page

\"{8ADFC4160D694100B5B8A22DE9DCABD9}\" = DivX Player

\"{90120000-0010-0409-0000-0000000FF1CE}\" = Microsoft Software Update for Web Folders  (English) 12

\"{90120000-0016-0409-0000-0000000FF1CE}\" = Microsoft Office Excel MUI (English) 2007

\"{90120000-0018-0409-0000-0000000FF1CE}\" = Microsoft Office PowerPoint MUI (English) 2007

\"{90120000-001B-0409-0000-0000000FF1CE}\" = Microsoft Office Word MUI (English) 2007

\"{90120000-001F-0409-0000-0000000FF1CE}\" = Microsoft Office Proof (English) 2007

\"{90120000-001F-040C-0000-0000000FF1CE}\" = Microsoft Office Proof (French) 2007

\"{90120000-001F-0C0A-0000-0000000FF1CE}\" = Microsoft Office Proof (Spanish) 2007

\"{90120000-002C-0409-0000-0000000FF1CE}\" = Microsoft Office Proofing (English) 2007

\"{90120000-006E-0409-0000-0000000FF1CE}\" = Microsoft Office Shared MUI (English) 2007

\"{90120000-00A1-0409-0000-0000000FF1CE}\" = Microsoft Office OneNote MUI (English) 2007

\"{90120000-0115-0409-0000-0000000FF1CE}\" = Microsoft Office Shared Setup Metadata MUI (English) 2007

\"{91120000-002F-0000-0000-0000000FF1CE}\" = Microsoft Office Home and Student 2007

\"{93D2C527-3C7F-4D25-8648-B5B681D16A39}\" = D-Link DWA-123

\"{A0EB195B-5876-48E6-879D-33D4B2102610}\" = SonicStage 3.0

\"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}\" = Microsoft .NET Framework 3.0 Service Pack 2

\"{AC76BA86-7AD7-1033-7B44-AA1000000001}\" = Adobe Reader X (10.1.7)

\"{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}\" = ACDSee 5.0 Standard

\"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}\" = Microsoft .NET Framework 2.0 Service Pack 2

\"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}\" = Symantec Network Drivers Update

\"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}\" = Microsoft .NET Framework 3.5 SP1

\"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\" = ScanToWeb

\"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}\" = PhotoStitch

\"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\" = Realtek High Definition Audio Driver

\"{F99F74B4-972B-4B06-B893-6B3B0DB0128B}\" = ACDSee Pro

\"{FB08F381-6533-4108-B7DD-039E11FBC27E}\" = Realtek AC\'97 Audio

\"Ad-Aware SE Professional\" = Ad-Aware SE Professional

\"Addr201305\" = Addr

\"Adobe Flash Player ActiveX\" = Adobe Flash Player 10 ActiveX

\"Adobe SVG Viewer\" = Adobe SVG Viewer 3.0

\"Agere Systems Soft Modem\" = Agere Systems PCI Soft Modem

\"All ATI Software\" = ATI - Software Uninstall Utility

\"All-in-one 3D Space Screensavers Bundle_is1\" = All-in-One Space Bundle

\"ATI Display Driver\" = ATI Display Driver

\"EPSON Printer and Utilities\" = EPSON Printer Software

\"ESC45 Reference Guide\" = ESC45 Reference Guide

\"ESC45 Software Guide\" = ESC45 Software Guide

\"HDvid Codec V1\" = HDvid Codec V1

\"HOMESTUDENTR\" = Microsoft Office Home and Student 2007

\"ie8\" = Windows Internet Explorer 8

\"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}\" = VIA Platform Device Manager

\"InstallShield_{2236B741-6631-49AE-B76E-3E14CA01CC87}\" = Canon RemoteCapture Task for ZoomBrowser EX

\"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}\" = OpenMG Secure Module 4.1.00

\"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}\" = Canon Utilities PhotoStitch 3.1

\"KwMusic7\" = 酷我音乐 2013

\"LiveUpdate\" = LiveUpdate 2.6 (Symantec Corporation)

\"Microsoft .NET Framework 3.5 SP1\" = Microsoft .NET Framework 3.5 SP1

\"Mozilla Firefox 4.0 (x86 en-US)\" = Mozilla Firefox 4.0 (x86 en-US)

\"Nero - Burning Rom!UninstallKey\" = Nero 6 Enterprise Edition

\"OpenMG HotFix4.1-05-13-31-01\" = OpenMG Limited Patch 4.1-05-13-31-01

\"PhotoRecord\" = Canon PhotoRecord

\"PPSGame\" = PPS游戏 V1.2.2.10

\"PPStream\" = PPS影音 V3.1.0.1107 正式版

\"QuickTime\" = QuickTime

\"QvodPlayer\" = 快播 5.15.145

\"Spybot - Search & Destroy_is1\" = Spybot - Search & Destroy 1.3

\"SuperCleaner\" = SuperCleaner

\"VIA Chrome9 HC IGP Family Display\" = VIA Display Driver 6.14.10.0099

\"VLC media player\" = VLC media player 1.0.1

\"VN_VUIns_Rhine_VIA\" = VIA Rhine-Family Fast-Ethernet Adapter

\"WIC\" = Windows Imaging Component

\"Windows Media Format Runtime\" = Windows Media Format Runtime

\"Windows Media Player\" = Windows Media Player 10

\"Windows XP Service Pack\" = Windows XP Service Pack 3

\"WinRAR archiver\" = WinRAR archiver

\"WinZip\" = WinZip

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"Google Chrome\" = Google Chrome

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083


 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083


 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083


 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083


 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083


 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083


 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083


 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 8/24/2033 6:10:08 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131083


 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 7/17/2013 10:28:46 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number


 with error: This operation returned because the timeout period expired.  

 

Error - 7/17/2013 10:28:46 AM | Computer Name = INTEL-8271358DF | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number


 with error: The specified server cannot perform the requested operation.  

 

[ System Events ]

Error - 7/7/2013 9:04:19 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server

 sent a DHCPNACK message).

 

Error - 7/7/2013 9:04:45 AM | Computer Name = INTEL-8271358DF | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

   IntelIde  PCIIde  ViaIde

 

Error - 7/7/2013 9:11:58 AM | Computer Name = INTEL-8271358DF | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for Type with the following error:

   %%5

 

Error - 7/13/2013 4:20:35 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server

 sent a DHCPNACK message).

 

Error - 7/13/2013 4:26:20 AM | Computer Name = INTEL-8271358DF | Source = Tcpip | ID = 4199

Description = The system detected an address conflict for IP address 192.168.1.2

 with the system  having network hardware address 44:6D:57:3B:CC:17. Network operations

 on this system may  be disrupted as a result.

 

Error - 7/14/2013 1:18:49 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server

 sent a DHCPNACK message).

 

Error - 7/22/2013 1:17:02 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server

 sent a DHCPNACK message).

 

Error - 7/23/2013 1:43:57 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server

 sent a DHCPNACK message).

 

Error - 7/23/2013 3:00:34 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server

 sent a DHCPNACK message).

 

Error - 7/23/2013 7:27:59 AM | Computer Name = INTEL-8271358DF | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

 address 00E04D6DD155 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server

 sent a DHCPNACK message).

 

 

< End of report >
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
can't remove homepage in IE & chrome
« Reply #11 on: September 10, 2013, 02:27:25 PM »
If SuperCleaner is just Trial or free can you uninstall in please from Add/Remove programs in Control Panel
It installs bloatware and unneeded toolbars
 
In addition: your version of Spybot is outdated, no need installing the latest version, but uninstall
Spybot - Search & Destroy 1.3, ensure all browser windows are closed while doing so
Also, remove Ask Toolbar with browsers all closed
 
After that is done:
Double click on OTL.exe and Run it
  • Under the Custom Scans/Fixes box at the bottom, copy/paste in the following in the quote box below. don\'t include the word Quote please

    :OTL
    :RegO2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (A4A90076-33D2-E65C-558E-75B41A2B8C68 Class) - {A4A90076-33D2-E65C-558E-75B41A2B8C68} - C:\\Program Files\\addr\\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\\AddressBar.dll () 
    O3 - HKCU\\..\\Toolbar\\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell - \"\" = AutoRun
    O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell\\AutoRun - \"\" = Auto&Play
    O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell\\AutoRun\\command - \"\" = G:\\HTC_Sync_Manager_PC.exe
    O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\AutoRun\\command - \"\" = G:\\password_viewer.exe %1
    O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\Explore\\command - \"\" = G:\\password_viewer.exe %1
    O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\Open\\command - \"\" = G:\\password_viewer.exe %1
    O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell - \"\" = AutoRun
    O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell\\AutoRun - \"\" = Auto&Play
    O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell\\AutoRun\\command - \"\" = E:\\autorun.exe

    :Files
    ipconfig /flushdns /c
    :Commands
    [EmptyTemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

  • On startup, Allow OTL to run if prompted
    A log should open, can you post it please
    A copy of this log can also be found in
    C:\\_OTL\\Moved Files folder
     
     
    In addition:
    Download Malwarebytes-Antimalware free from http://download.cnet.com/Malwarebytes-Anti-Malware/3001-8022_4-10804572.html?spi=6a22ea91e238fb7acf3bbea7e44d3b92&part=dl-10804572\'>here

  • Save it to your Desktop.
  • Double click on the installer and follow the onscreen instructions
  • During installation UNTICK the selection to install the free Trial version of Malwarebytes pro then carry on
  • After the program has loaded, click on the Update and select Check for Updates
  • Select the Scanner tab, select \"Perform Quick Scan\", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
« Last Edit: September 10, 2013, 02:39:12 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline erikiholloman

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
can't remove homepage in IE & chrome
« Reply #12 on: September 13, 2013, 07:59:13 AM »
All processes killed

========== OTL ==========

Error: Unable to interpret <:RegO2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll (Safer Networking Limited)> in the current context!

Error: Unable to interpret <O2 - BHO: (A4A90076-33D2-E65C-558E-75B41A2B8C68 Class) - {A4A90076-33D2-E65C-558E-75B41A2B8C68} - C:\\Program Files\\addr\\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\\AddressBar.dll () > in the current context!

Error: Unable to interpret <O3 - HKCU\\..\\Toolbar\\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.> in the current context!

Error: Unable to interpret <O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell - \"\" = AutoRun> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell\\AutoRun - \"\" = Auto&Play> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell\\AutoRun\\command - \"\" = G:\\HTC_Sync_Manager_PC.exe> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\AutoRun\\command - \"\" = G:\\password_viewer.exe %1> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\Explore\\command - \"\" = G:\\password_viewer.exe %1> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\Open\\command - \"\" = G:\\password_viewer.exe %1> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell - \"\" = AutoRun> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell\\AutoRun - \"\" = Auto&Play> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell\\AutoRun\\command - \"\" = E:\\autorun.exe> in the current context!

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\\Documents and Settings\\Windows xp\\Desktop\\cmd.bat deleted successfully.

C:\\Documents and Settings\\Windows xp\\Desktop\\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 7896272 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 2618869 bytes

 

User: Windows xp

->Temp folder emptied: 295910077 bytes

->Temporary Internet Files folder emptied: 127302467 bytes

->FireFox cache emptied: 133263747 bytes

->Google Chrome cache emptied: 333766509 bytes

->Flash cache emptied: 3841 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\\System32 .tmp files removed: 0 bytes

%systemroot%\\System32\\dllcache .tmp files removed: 0 bytes

%systemroot%\\System32\\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 59864438 bytes

%systemroot%\\system32\\config\\systemprofile\\Local Settings\\Temp folder emptied: 226207203 bytes

%systemroot%\\system32\\config\\systemprofile\\Local Settings\\Temporary Internet Files folder emptied: 34318 bytes

RecycleBin emptied: 3007852 bytes

 

Total Files Cleaned = 1,135.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 09132013_204853

 

Files\\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
can't remove homepage in IE & chrome
« Reply #13 on: September 13, 2013, 10:21:46 PM »

You may have noticed that the first part of the OTL fix has all entries with the following

Error: Unable to interpret


You must use the colon in the fix, the 2 dots before OTL, can you redo the fix with otl but Ensure to use
:OTL, don\'t omit the colon please, repost the log that opens



Did you get a chance to run Malwarebytes yet? If so, can you post the log with the previous instructions please


Also, keep me informed how things are now running


« Last Edit: September 13, 2013, 10:29:01 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline erikiholloman

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
can't remove homepage in IE & chrome
« Reply #14 on: September 16, 2013, 06:52:45 AM »
All processes killed

========== OTL ==========

Error: Unable to interpret <:RegO2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll (Safer Networking Limited)> in the current context!

Error: Unable to interpret <O2 - BHO: (A4A90076-33D2-E65C-558E-75B41A2B8C68 Class) - {A4A90076-33D2-E65C-558E-75B41A2B8C68} - C:\\Program Files\\addr\\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\\AddressBar.dll () > in the current context!

Error: Unable to interpret <O3 - HKCU\\..\\Toolbar\\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.> in the current context!

Error: Unable to interpret <O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell - \"\" = AutoRun> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell\\AutoRun - \"\" = Auto&Play> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell\\AutoRun\\command - \"\" = G:\\HTC_Sync_Manager_PC.exe> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\AutoRun\\command - \"\" = G:\\password_viewer.exe %1> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\Explore\\command - \"\" = G:\\password_viewer.exe %1> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\Open\\command - \"\" = G:\\password_viewer.exe %1> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell - \"\" = AutoRun> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell\\AutoRun - \"\" = Auto&Play> in the current context!

Error: Unable to interpret <O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell\\AutoRun\\command - \"\" = E:\\autorun.exe> in the current context!

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\\Documents and Settings\\Windows xp\\Desktop\\cmd.bat deleted successfully.

C:\\Documents and Settings\\Windows xp\\Desktop\\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Windows xp

->Temp folder emptied: 1366790 bytes

->Temporary Internet Files folder emptied: 13890054 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 86868865 bytes

->Flash cache emptied: 1830 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\\System32 .tmp files removed: 0 bytes

%systemroot%\\System32\\dllcache .tmp files removed: 0 bytes

%systemroot%\\System32\\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 439 bytes

%systemroot%\\system32\\config\\systemprofile\\Local Settings\\Temp folder emptied: 0 bytes

%systemroot%\\system32\\config\\systemprofile\\Local Settings\\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 97.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 09162013_194802

 

Files\\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...
Logged

Offline erikiholloman

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
can't remove homepage in IE & chrome
« Reply #15 on: September 16, 2013, 12:46:21 PM »
Malwarebytes Anti-Malware 1.75.0.1300


 

Database version: v2013.09.14.08

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Windows xp :: INTEL-8271358DF [administrator]

 

9/17/2013 12:16:08 AM

mbam-log-2013-09-17 (00-16-08).txt

 

Scan type: Full scan (C:\\|F:\\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 274755

Time elapsed: 1 hour(s), 28 minute(s), 34 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
can't remove homepage in IE & chrome
« Reply #16 on: September 16, 2013, 09:57:41 PM »
Darn, it was actually my fault for the error in OTL
 
Can you redo that step one last time:
Don\'t use the script above, instead use this new one

Double click on OTL.exe and Run it
  • Under the Custom Scans/Fixes box at the bottom, copy/paste in the following in the quote box below. don\'t include the word Quote please

    :OTL
    O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (A4A90076-33D2-E65C-558E-75B41A2B8C68 Class) - {A4A90076-33D2-E65C-558E-75B41A2B8C68} - C:\\Program Files\\addr\\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\\AddressBar.dll ()
    O3 - HKCU\\..\\Toolbar\\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell - \"\" = AutoRun
    O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell\\AutoRun - \"\" = Auto&Play
    O33 - MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\Shell\\AutoRun\\command - \"\" = G:\\HTC_Sync_Manager_PC.exe
    O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\AutoRun\\command - \"\" = G:\\password_viewer.exe %1
    O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\Explore\\command - \"\" = G:\\password_viewer.exe %1
    O33 - MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\Shell\\Open\\command - \"\" = G:\\password_viewer.exe %1
    O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell - \"\" = AutoRun
    O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell\\AutoRun - \"\" = Auto&Play
    O33 - MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\Shell\\AutoRun\\command - \"\" = E:\\autorun.exe

    :Files
    ipconfig /flushdns /c
    :Commands
    [EmptyTemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

  • On startup, Allow OTL to run if prompted
    A log should open, can you post it please
    A copy of this log can also be found in
    C:\\_OTL\\Moved Files folder

    Also, keep me informed how things are now running

« Last Edit: September 16, 2013, 10:04:48 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline erikiholloman

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
can't remove homepage in IE & chrome
« Reply #17 on: September 21, 2013, 05:54:27 AM »
All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{53707962-6F74-2D53-2644-206D7942484F}\\ not found.

Registry key HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{53707962-6F74-2D53-2644-206D7942484F}\\ not found.

File C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll not found.

Registry key HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\\ not found.

Registry key HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\\ not found.

File C:\\Program Files\\addr\\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\\AddressBar.dll not found.

Registry value HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\ShellBrowser\\\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\\ not found.

Registry value HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser\\\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\\ not found.

Registry key HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\ not found.

Registry key HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\ not found.

Registry key HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\ not found.

Registry key HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\ not found.

Registry key HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9d816648-00ac-11e3-b730-00e04d6dd155}\\ not found.

File G:\\HTC_Sync_Manager_PC.exe not found.

Registry key HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\ not found.

File G:\\password_viewer.exe %1 not found.

Registry key HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\ not found.

Registry key HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\ not found.

File G:\\password_viewer.exe %1 not found.

Registry key HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\ not found.

Registry key HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a57f384f-fa5f-11dc-bfa5-0011092af42d}\\ not found.

File G:\\password_viewer.exe %1 not found.

Registry key HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{ce524938-dd83-11d9-bde8-806d6172696f}\\ not found.

Registry key HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\ not found.

Registry key HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{ce524938-dd83-11d9-bde8-806d6172696f}\\ not found.

Registry key HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\{ce524938-dd83-11d9-bde8-806d6172696f}\\ not found.

Registry key HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{ce524938-dd83-11d9-bde8-806d6172696f}\\ not found.

File E:\\autorun.exe not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\\Documents and Settings\\Windows xp\\Desktop\\cmd.bat deleted successfully.

C:\\Documents and Settings\\Windows xp\\Desktop\\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Windows xp

->Temp folder emptied: 5074686 bytes

->Temporary Internet Files folder emptied: 28536629 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 337602036 bytes

->Flash cache emptied: 1543 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\\System32 .tmp files removed: 0 bytes

%systemroot%\\System32\\dllcache .tmp files removed: 0 bytes

%systemroot%\\System32\\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 439 bytes

%systemroot%\\system32\\config\\systemprofile\\Local Settings\\Temp folder emptied: 0 bytes

%systemroot%\\system32\\config\\systemprofile\\Local Settings\\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 354.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 09212013_184819

 

Files\\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
can't remove homepage in IE & chrome
« Reply #18 on: September 22, 2013, 07:44:09 PM »
Looks good, please let me know how things are now running!
 
Last 2 logs please
Open OTL.exe and choose to \"Run Scan\"
When it\'s done, only one log will be produced, post the contents of OTL.txt
 
In addition:
Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe\'>here
or http://screen317.changelog.fr/SecurityCheck.exe\'>here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
can't remove homepage in IE & chrome
« Reply #19 on: October 11, 2013, 09:56:19 AM »
As the original poster has not returned, I\'ll lock this topic
If you do return and still need a hand here, send me a PM please and I\'ll reopen it
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »