Topic: HJT Checkup (Read 226 times)

syasa · « **on:** June 12, 2010, 06:41:55 AM »

Greetings Kevin,

I have problem in my computer.
Every time when I open Internet, add. pop up on the screen.
It is really annoying.
so I think I have got some virus in my computer.
Following log is HJT. Could you help me to figure out what wrong is in my computer?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:16 AM, on 6/12/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\System32\mobsync.exe
C:\Users\Owner\Downloads\HijackThis(2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=JPN_JP&Sys=PTB&M=MT3304j
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live

??

? - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
O4 - HKLM\..\Run: [QvodPlayer] "C:\Program Files\QvodPlayer\QvodPlayer.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun ? Java

?? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {29BC57E0-018D-46D2-B233-338B779C169C} (WebShell Control) - http://view.books.yahoo.co.jp/dor/drm/components/WebShell_2_1_0_3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TsService - Teruten Inc. - C:\Windows\system32\TsService.exe

--
End of file - 9253 bytes

Kevin · « **Reply #1 on:** June 12, 2010, 11:39:21 AM »

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

QvodPlayer

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [QvodPlayer] "C:\Program Files\QvodPlayer\QvodPlayer.exe" -autorun
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\Program Files\QvodPlayer\
C:\Program Files\McAfee\

Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

syasa · « **Reply #2 on:** June 14, 2010, 02:41:56 AM »

OTL Extras logfile created on: 6/14/2010 1:24:35 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: 米国 | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 518.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 84.31 Gb Total Space | 20.94 Gb Free Space | 24.84% Space Free | Partition Type: NTFS
Drive D: | 8.85 Gb Total Space | 0.01 Gb Free Space | 0.07% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4371EBF0-B773-40BB-8F14-69B6A0961A02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{57A89959-4480-4E46-9B8E-1E0330BC5206}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{66A82336-E837-4F94-B4D3-9E75E6F71BD3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B32CB79-EBFA-4FB3-95C3-5225896AC596}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6C2B1842-156D-4783-BF26-0868A2584B2B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E7E404E-F161-47D4-96D8-9817D0D04B37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81715DF2-725A-4231-9379-3B9E8ACA10C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C7D05BC5-0F25-4986-B5BC-8F436C7A02D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CA44263F-C07A-49A2-944E-8693B4DB2A92}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E39034B7-02C3-4416-958F-C51AD3AD4DA3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F732CA20-6C96-4FE1-8CA5-67C6F37F6DED}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20C709F4-36A4-44D6-9FD7-080ACFAC5184}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2E25C48A-3D6F-4E59-AB96-DF1B8872858C}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{31758340-F68F-4E86-A9ED-E2B9F9F8D3C6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{320CC860-7AC7-4833-84F6-FB13CC8C5114}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3D439C43-936F-442F-A461-9D0932F304F8}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{43E7F427-AEB5-4C71-A0FD-2FB6C3BF3B41}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{544E35C1-47F9-4D73-A693-F92EB2FDB637}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{5B3BF2C2-678E-48C8-ACDD-A54E326DC5D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{60AA452D-0A03-415C-9C62-B3E5EEDFEAC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{650E16E3-15D6-431C-894B-0EC1C4C34646}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{654432C8-FD37-4CAE-88BA-8050413D1554}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{67316B00-B8A2-490A-8C0D-642FFCC6DE5E}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{738C9A76-6C12-46DA-B9C8-B160A74CE530}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7DE135D6-54F3-4B2E-89C8-437FE357D7EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{81E9DD2C-00C9-461D-9585-4CF3DBBD7920}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{851C0F84-4CEF-45ED-983D-02B13D61D2B0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{92AA6D65-DDDC-41BA-B935-E59EF9D7B2FF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9EC83B8B-6FC0-429F-A033-90D580D46787}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A6E7C59B-1F69-452E-B39E-C9B3117264DD}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{BC5C99D5-F696-4D50-B7E6-8A6B92A8B1BC}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{D824B47C-82AC-4F24-B87D-5E234B6DB12D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DDD44707-CBA7-47B3-9A5F-D80D5BBD4E7E}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{E0BF4493-6583-4CB9-91B3-080D86CF914C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E496C04F-BA23-473F-AA36-E1E63F944E7B}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{F9A3D1BE-6569-4D90-8F32-A9D2AF7104F3}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"TCP Query User{0F1F0DED-CD48-4D1B-874A-21105C595FD2}C:\users\owner\desktop\qvodsetupplus3.exe" = protocol=6 | dir=in | app=c:\users\owner\desktop\qvodsetupplus3.exe |
"TCP Query User{114E0CD1-788C-4EE9-9822-AC342F62C3D4}C:\program files\qvodplayer\qvodterminal.exe" = protocol=6 | dir=in | app=c:\program files\qvodplayer\qvodterminal.exe |
"TCP Query User{511E9019-21CB-4B9D-B162-636F51618BBA}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{6EFB24F8-0951-4B81-A627-2598480E48F3}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{72871000-0D2D-4001-B302-4BF3E5C1A775}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{86A078FB-3599-4AB0-9837-1AB87C346338}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{C136D39B-9CD8-4C8D-82F3-EFD8139FF6AC}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{C5404A6A-F54B-4E1B-B929-D5C669B3EBF0}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{D41B3A9D-22F3-4323-9CF6-CFD2F07166DD}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{1408A81C-115D-4D8B-81E5-B7207A0AF9F2}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{5682AC73-FB6E-4F07-8CCC-BBBB701542E2}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{5BE442CA-F61F-4608-83A3-AC2C8BD93295}C:\program files\qvodplayer\qvodterminal.exe" = protocol=17 | dir=in | app=c:\program files\qvodplayer\qvodterminal.exe |
"UDP Query User{6FFABC17-71DF-469E-8403-A1F322804D70}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{7C23F34D-BB0E-42DE-A852-FB5412D45918}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8F82552D-8910-4C0E-83D3-6274871DB386}C:\users\owner\desktop\qvodsetupplus3.exe" = protocol=17 | dir=in | app=c:\users\owner\desktop\qvodsetupplus3.exe |
"UDP Query User{98D66EFF-606B-451E-85E7-3479AD84D946}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{A8B428DD-C6BB-4A79-ADFB-C5C061154C68}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{B147B451-7B4C-4298-8BCC-9B3293E723FE}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live アップロードツール
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3127EBAB-6A3B-4512-BC10-0D6C9EF09672}_is1" = FLVideoConverter
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79CE4140-DC0C-42C2-BDC5-705CFB9D858B}" = "mora win" type1 plug-in
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0411-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Japanese) 2007
"{90120000-0016-0411-0000-0000000FF1CE}_PERSONALR_{2B20F8FF-CEDB-49F3-B00E-94B8E93F35A1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0411-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Japanese) 2007
"{90120000-0018-0411-0000-0000000FF1CE}_POWERPOINTR_{2B20F8FF-CEDB-49F3-B00E-94B8E93F35A1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0411-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Japanese) 2007
"{90120000-001A-0411-0000-0000000FF1CE}_PERSONALR_{2B20F8FF-CEDB-49F3-B00E-94B8E93F35A1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0411-0000-0000000FF1CE}" = Microsoft Office Word MUI (Japanese) 2007
"{90120000-001B-0411-0000-0000000FF1CE}_PERSONALR_{2B20F8FF-CEDB-49F3-B00E-94B8E93F35A1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PERSONALR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2007
"{90120000-001F-0411-0000-0000000FF1CE}_PERSONALR_{09FD8ECF-B585-47FD-8E53-68BB8741DA65}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0411-0000-0000000FF1CE}_POWERPOINTR_{09FD8ECF-B585-47FD-8E53-68BB8741DA65}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007
"{90120000-0028-0411-0000-0000000FF1CE}_PERSONALR_{85644C8B-569F-4998-9A4F-0845AA579E9E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0028-0411-0000-0000000FF1CE}_POWERPOINTR_{85644C8B-569F-4998-9A4F-0845AA579E9E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0411-0000-0000000FF1CE}" = Microsoft Office Proofing (Japanese) 2007
"{90120000-006E-0411-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Japanese) 2007
"{90120000-006E-0411-0000-0000000FF1CE}_PERSONALR_{B780C954-17E3-41D7-902B-94D21B349E08}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0411-0000-0000000FF1CE}_POWERPOINTR_{B780C954-17E3-41D7-902B-94D21B349E08}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{91120000-0018-0000-0000-0000000FF1CE}_POWERPOINTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0018-0000-0000-0000000FF1CE}_POWERPOINTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0033-0000-0000-0000000FF1CE}" = Microsoft Office Personal 2007
"{91120000-0033-0000-0000-0000000FF1CE}_PERSONALR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0033-0000-0000-0000000FF1CE}_PERSONALR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{932245FB-2F3B-3E2E-B8AB-BDE96E434F21}" = Microsoft .NET Framework 3.5 Language Pack SP1 - jpn
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95120000-0122-0411-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1041-7B44-A81300000003}" = Adobe Reader 8.1.5 - Japanese
"{AC76BA86-7AD7-1041-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5C74A5-F566-4E49-8A3D-7E5A05714806}" = Windows Live サインインアシスタント
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG8Uninstall" = AVG Free 8.5
"Cool Timer_is1" = Cool Timer 3.6
"CravingExplorer_is1" = Craving Explorer Version 1.0.0 RC9a
"ed5e8a3f-5c27-6059-1937-5a180ff8bbb9" = Spicetraffic Advanced Targeting
"ExpressRip" = Express Rip
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube Download_is1" = Free YouTube Download 2.3
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"KeepV Flash Converter_is1" = KeepV Flash Converter
"LimeWire" = LimeWire 4.18.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - jpn" = Microsoft .NET Framework 3.5 Language Pack SP1 - 日本語
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"PERSONALR" = Microsoft Office Personal 2007
"Pixillion" = Pixillion Image Converter
"POWERPOINTR" = Microsoft Office PowerPoint 2007
"Prism" = Prism Video Converter
"Protected Music Converter_is1" = Protected Music Converter 1.1
"Recordpad" = RecordPad Sound Recorder
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Vuze" = Vuze
"WavePad" = WavePad Sound Editor
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/14/2010 1:43:27 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/14/2010 1:43:27 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/14/2010 1:43:27 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/14/2010 1:43:27 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/14/2010 1:43:27 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/14/2010 1:43:28 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/14/2010 1:43:28 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/14/2010 1:43:28 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/14/2010 1:43:28 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/14/2010 1:43:28 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 10/11/2009 11:32:50 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = ?

Error - 11/6/2009 2:33:51 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = ?

Error - 11/15/2009 2:32:05 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = ?

Error - 1/17/2010 3:07:57 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = ?

Error - 2/9/2010 3:00:07 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = ?

Error - 2/12/2010 2:35:20 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = ?

Error - 2/17/2010 2:34:11 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = ?

Error - 3/3/2010 2:49:55 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = ?

Error - 3/17/2010 3:45:17 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = ?

Error - 3/21/2010 7:49:00 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = ?

[ System Events ]
Error - 6/5/2010 4:24:17 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = ???? \Device\Harddisk1\DR4 ?????????????

Error - 6/5/2010 4:24:17 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = ???? \Device\Harddisk1\DR4 ?????????????

Error - 6/5/2010 4:24:17 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = ???? \Device\Harddisk1\DR4 ?????????????

Error - 6/6/2010 8:37:48 AM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002
Description = ?????? ????? 00C0A8F48164 ??????? ??????? IP ???? 192.168.1.105 ??????DHCP
???? 0.0.0.0 ??????????DHCP ????? DHCPNACK ?????????????

Error - 6/7/2010 10:20:36 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327693
Description = : ?????????? (EC) ??????????????????????????EC ???????????????????????????BIOS
? EC ???????????????????????????????? BIOS ??????????????????????????????????????????????????????????????????

Error - 6/9/2010 12:38:39 AM | Computer Name = Owner-PC | Source = Server | ID = 2505
Description = ?????????????????????????????????????????? \Device\NetBT_Tcpip_{84316291-184B-4BB6-A0ED-A8C272D96821}
??????????????????????????????

Error - 6/9/2010 5:00:12 AM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS ? PCI ???? 3???????? 0 ?????? IRQ ?????????? ???????
???????????????

Error - 6/9/2010 5:01:21 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/9/2010 7:10:05 PM | Computer Name = Owner-PC | Source = Server | ID = 2505
Description = ?????????????????????????????????????????? \Device\NetBT_Tcpip_{84316291-184B-4BB6-A0ED-A8C272D96821}
??????????????????????????????

Error - 6/12/2010 12:24:44 AM | Computer Name = Owner-PC | Source = Server | ID = 2505
Description = ?????????????????????????????????????????? \Device\NetBT_Tcpip_{84316291-184B-4BB6-A0ED-A8C272D96821}
??????????????????????????????

< End of report >

syasa · « **Reply #3 on:** June 15, 2010, 08:27:35 AM »

OTL logfile created on: 6/14/2010 1:24:35 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: 米国 | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 518.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 84.31 Gb Total Space | 20.94 Gb Free Space | 24.84% Space Free | Partition Type: NTFS
Drive D: | 8.85 Gb Total Space | 0.01 Gb Free Space | 0.07% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\System32\TsService.exe (Teruten Inc.)
PRC - C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPCMNT.EXE (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\System32\conime.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)

========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\IMJP12.IME (Microsoft Corporation)
MOD - C:\Program Files\Common Files\microsoft shared\IME12\SHARED\IMETIP.DLL (Microsoft Corporation)
MOD - C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPPRED.DLL (Microsoft Corporation)
MOD - C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPAPI.DLL (Microsoft Corporation)
MOD - C:\WINDOWS\System32\IMJP12K.DLL (Microsoft Corporation)
MOD - C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPTIP.DLL (Microsoft Corporation)
MOD - C:\Program Files\Common Files\microsoft shared\IME12\SHARED\IMJKAPI.DLL (Microsoft Corporation)
MOD - C:\Program Files\Common Files\microsoft shared\IME12\SHARED\IMECFM.DLL (Microsoft Corporation)
MOD - C:\WINDOWS\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPCMPS.DLL (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (McSysmon) -- File not found
SRV - (McShield) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (TsService) -- C:\WINDOWS\System32\TsService.exe (Teruten Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (AgereModemAudio) -- C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)

========== Driver Services (SafeList) ==========

DRV - (NCHSSVAD) SoundTap Recorder (32 Bit) -- C:\WINDOWS\System32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM) -- C:\WINDOWS\System32\drivers\lmvac.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (GDISpyDevice) -- C:\WINDOWS\System32\GDISpy.sys (Teruten Co. LTD.)
DRV - (STHDA) -- C:\WINDOWS\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw2v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (RTL85n86) -- C:\WINDOWS\System32\drivers\RTL85n86.sys (Realtek)
DRV - (yukonwlh) -- C:\WINDOWS\System32\drivers\yk60x86.sys (Marvell)
DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=JPN_JP&Sys=PTB&M=MT3304j

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://spicesearch.net/search.php?src=tops&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.2
FF - prefs.js..extensions.enabledItems: {6b6601f1-361e-4b9f-bb6d-f8305000e4f6}:0.9.20.03
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {01bdc2d6-b0e3-d1a0-d711-c919e598f67c}:4.6.6.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.21
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..keyword.URL: "http://spicesearch.net/search.php?src=tops&q="
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 10:33:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/09 03:40:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/20 23:46:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/20 23:46:54 | 000,000,000 | ---D | M]

[2009/03/21 00:39:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2010/06/13 05:03:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\oa0muvx5.default\extensions
[2010/04/28 22:36:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\oa0muvx5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/16 12:20:02 | 000,000,000 | ---D | M] (googlebar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\oa0muvx5.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2010/04/28 23:04:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\oa0muvx5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/21 00:04:14 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\oa0muvx5.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/05/16 07:26:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\oa0muvx5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/08/13 01:17:39 | 000,000,239 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\FireFox\Profiles\oa0muvx5.default\searchplugins\Search.xml
[2009/12/29 10:21:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/29 10:21:32 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{01bdc2d6-b0e3-d1a0-d711-c919e598f67c}

O1 HOSTS File: ([2009/09/25 13:23:37 | 000,335,252 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 11489 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IME JPN 2007 Migration] C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPKLMG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Recordpad] C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe (NCH Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google サイドウィキ... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {29BC57E0-018D-46D2-B233-338B779C169C} http://view.books.yahoo.co.jp/dor/drm/components/WebShell_2_1_0_3.cab (WebShell Control)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\linkscanner Reg Error: Invalid data type. - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img6.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img6.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/13 01:48:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apple
[2010/06/12 09:16:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2010/06/09 03:10:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/19 23:07:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\QuickScan
[2010/05/16 07:12:18 | 000,000,000 | R-SD | C] -- C:\Users\Owner\Documents\My Stationery
[2009/07/25 17:24:05 | 000,135,168 | ---- | C] ( ) -- C:\Windows\System32\EaseDll.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/14 01:35:55 | 008,650,752 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2010/06/14 01:29:53 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/14 01:29:53 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/14 00:39:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/14 00:30:40 | 000,013,025 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\nvModes.dat
[2010/06/14 00:30:40 | 000,013,025 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\nvModes.001
[2010/06/14 00:29:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/13 08:38:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/12 09:38:22 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\prvlcl.dat
[2010/06/09 04:00:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/09 04:00:37 | 1005,240,320 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/09 03:58:20 | 001,744,243 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/06/08 04:52:27 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\Switch Sound File Converter.lnk
[2010/06/06 19:44:51 | 000,000,558 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Owner.job
[2010/06/06 13:29:43 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/05 06:16:24 | 001,218,210 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/05 06:16:24 | 000,615,922 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/05 06:16:24 | 000,397,420 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2010/06/05 06:16:24 | 000,104,868 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2010/06/05 06:16:24 | 000,104,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/19 23:08:08 | 000,000,682 | ---- | M] () -- C:\Users\Owner\Desktop\QuickScan Folder.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/08 04:52:27 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\Switch Sound File Converter.lnk
[2010/05/20 20:05:26 | 003,020,574 | ---- | C] () -- C:\Users\Owner\Documents\Project.pptx
[2010/05/20 20:03:49 | 002,117,629 | ---- | C] () -- C:\Users\Owner\Documents\without love we have nothing.3gp
[2010/05/19 23:08:08 | 000,000,682 | ---- | C] () -- C:\Users\Owner\Desktop\QuickScan Folder.lnk
[2009/07/25 17:24:05 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ARIntl.dll
[2009/07/25 17:24:05 | 000,016,384 | ---- | C] () -- C:\Windows\System32\ARVIntl.dll
[2009/07/02 00:23:18 | 000,126,976 | ---- | C] () -- C:\Windows\System32\TptmLib.dll
[2009/03/13 13:29:48 | 000,208,896 | ---- | C] () -- C:\Windows\System32\TptLIB.dll
[2009/02/09 16:27:08 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TsCheckHook.dll
[2009/01/08 11:04:06 | 000,126,976 | ---- | C] () -- C:\Windows\System32\TptBmlib.dll
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2007/11/16 03:36:25 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Files - Unicode (All) ==========
[2009/11/06 09:40:55 | 000,000,766 | ---- | M] ()(C:\Users\Owner\Documents\

.lnk) -- C:\Users\Owner\Documents\共有フォルダ.lnk
[2009/09/10 10:08:51 | 000,000,000 | ---D | M](C:\Users\Owner\Documents\Google

??) -- C:\Users\Owner\Documents\Google ガジェット
[2009/08/22 20:36:59 | 000,000,000 | ---D | M](C:\Users\Owner\Documents\

??) -- C:\Users\Owner\Documents\受信したファイル
[2008/11/30 23:56:15 | 000,167,096 | ---- | M] ()(C:\Users\Owner\Documents\

???1.pptx) -- C:\Users\Owner\Documents\プレゼンテーション1.pptx
[2008/11/30 23:56:09 | 000,167,096 | ---- | C] ()(C:\Users\Owner\Documents\

???1.pptx) -- C:\Users\Owner\Documents\プレゼンテーション1.pptx
[2008/10/14 09:43:52 | 000,000,766 | ---- | C] ()(C:\Users\Owner\Documents\

.lnk) -- C:\Users\Owner\Documents\共有フォルダ.lnk
[2008/09/25 22:55:05 | 000,000,000 | ---D | C](C:\Users\Owner\Documents\

??) -- C:\Users\Owner\Documents\受信したファイル
[2008/06/28 09:11:24 | 000,002,620 | ---- | M] ()(C:\Users\Owner\Documents\

.rtf) -- C:\Users\Owner\Documents\ドキュメント.rtf
[2008/06/28 06:50:54 | 000,002,620 | ---- | C] ()(C:\Users\Owner\Documents\

.rtf) -- C:\Users\Owner\Documents\ドキュメント.rtf
[2008/03/26 07:15:37 | 000,000,000 | ---D | C](C:\Users\Owner\Documents\Google

??) -- C:\Users\Owner\Documents\Google ガジェット
[2008/03/26 07:12:28 | 000,000,000 | -HSD | M](C:\Users\Owner\

?

?) -- C:\Users\Owner\スタートメニュー
[2008/03/26 07:07:26 | 000,000,000 | -HSD | M](C:\ProgramData\

) -- C:\ProgramData\デスクトップ
[2008/03/26 07:07:26 | 000,000,000 | -HSD | M](C:\ProgramData\

?

?) -- C:\ProgramData\スタートメニュー
(C:\Users\Owner\

?

?) -- C:\Users\Owner\スタートメニュー
(C:\ProgramData\

) -- C:\ProgramData\デスクトップ
(C:\ProgramData\

?

?) -- C:\ProgramData\スタートメニュー

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:7C8950EF
< End of report >

Kevin · « **Reply #4 on:** June 15, 2010, 08:11:25 PM »

I don't see any other suspicious entries here. Do you still have any problems now?

syasa · « **Reply #5 on:** June 16, 2010, 09:15:57 AM »

yes,....my computer still has the problem.
while doing net surfing, adds come up on the screen.

Kevin · « **Reply #6 on:** June 20, 2010, 08:56:57 AM »

Sorry for the delay.

Is this happening to any browser you use (Internet Explorer & Firefox)?

Download Hoster at http://www.greyknight17.com/spy/Hoster.exe and run it. Click on Restore Original Hosts button and press OK. If you used a custom HOSTS file, you will need to restore the file back. You can get one at:

http://www.mvps.org/winhelp2002/hosts.htm

Download ATF Cleaner at http://www.atribune.org/ccount/click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

Quote

ADS::
C:\ProgramData\TEMP

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

See if there is any improvement now.

syasa · « **Reply #7 on:** July 26, 2010, 10:15:40 PM »

I got a problem when I Drag the CFScript.txt into ComboFix.exe.
ComboFix did not open and show error message.

Before doing the step, I download Combofix to my computer , and run it.
After that, almost every files which I have in my computer cannot open.
Did I do wrong?

ComboFix 10-07-24.06 - Owner 07/26/2010 17:16:36.6.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1041.18.958.419 [GMT -5:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: AVG Anti-Virus Free *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: McAfee VirusScan *disabled* (Outdated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-06-26 to 2010-07-26 )))))))))))))))))))))))))))))))
.

2010-07-26 22:29 . 2010-07-26 22:35   --------   d-----w-   c:\users\Owner\AppData\Local\temp
2010-07-26 22:29 . 2010-07-26 22:29   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-07-26 22:03 . 2010-07-26 22:10   --------   d-----w-   C:\32788R22FWJFW
2010-06-29 14:35 . 2010-06-29 14:35   --------   d-----w-   c:\program files\Common Files\Skype
2010-06-29 14:35 . 2010-06-29 14:36   --------   d-----r-   c:\program files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-26 21:38 . 2010-04-02 13:13   0   ----a-w-   c:\users\Owner\AppData\Local\prvlcl.dat
2010-07-25 12:28 . 2008-03-27 04:58   13025   ----a-w-   c:\users\Owner\AppData\Roaming\nvModes.dat
2010-07-16 08:04 . 2008-03-26 12:19   --------   d-----w-   c:\programdata\Microsoft Help
2010-07-14 08:09 . 2008-05-22 05:22   --------   d-----w-   c:\program files\Common Files\Adobe
2010-07-14 08:02 . 2008-05-20 01:38   --------   d-----w-   c:\users\Owner\AppData\Roaming\Skype
2010-07-14 05:01 . 2008-05-20 01:59   --------   d-----w-   c:\users\Owner\AppData\Roaming\skypePM
2010-06-29 14:34 . 2008-05-20 01:37   --------   d-----w-   c:\programdata\Skype
2010-06-19 20:02 . 2010-06-19 20:02   --------   d-----w-   c:\program files\AltoMP3 Gold
2010-06-17 12:19 . 2006-11-02 16:01   397420   ----a-w-   c:\windows\system32\perfh011.dat
2010-06-17 12:19 . 2006-11-02 16:01   104868   ----a-w-   c:\windows\system32\perfc011.dat
2010-06-16 23:10 . 2009-08-26 23:02   --------   d-----w-   c:\programdata\Norton
2010-06-16 23:10 . 2009-01-26 08:29   --------   d-----w-   c:\program files\Norton Security Scan
2010-06-16 23:10 . 2009-08-26 23:01   --------   d-----w-   c:\programdata\NortonInstaller
2010-06-13 12:15 . 2009-03-21 05:05   --------   d-----w-   c:\program files\QvodPlayer
2010-06-12 04:50 . 2009-09-11 04:47   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-06-09 09:00 . 2009-11-06 15:34   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-06-06 23:03 . 2009-08-30 23:02   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-06-01 01:46 . 2010-05-20 04:07   --------   d-----w-   c:\users\Owner\AppData\Roaming\QuickScan
2010-05-30 11:59 . 2009-11-06 15:32   --------   d-----w-   c:\program files\Microsoft Office Outlook Connector
2010-05-30 11:58 . 2008-09-26 03:46   --------   d-----w-   c:\program files\Windows Live
2010-05-21 19:14 . 2009-10-03 04:37   221568   ------w-   c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-13 3660848]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-17 3872080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-31 39408]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-16 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-20 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-20 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-20 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-01 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"IME JPN 2007 Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2009-02-14 63856]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [2009-12-12 913412]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-05-03 40072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-11-16 2348584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-06 1029456]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-04 7408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-09-11 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-09-11 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-04 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-04 74480]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-09-11 297752]
S2 GDISpyDevice;GDISpyDevice;c:\windows\system32\GDISpy.sys [2009-03-13 37701]
S2 TsService;TsService;c:\windows\system32\TsService.exe [2009-03-19 167936]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2009-05-21 25616]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 311808]

.
Contents of the 'Scheduled Tasks' folder

2010-07-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 18:29]

2010-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 09:35]

2010-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 09:35]

2010-07-24 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-16 23:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=JPN_JP&Sys=PTB&M=MT3304j
uInternet Settings,ProxyOverride = <local>;*.local
IE: Google ??????...
IE: Google ??????... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Microsoft Excel ???????(&X)
IE: Microsoft Excel ???????(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {29BC57E0-018D-46D2-B233-338B779C169C} - hxxp://view.books.yahoo.co.jp/dor/drm/components/WebShell_2_1_0_3.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oa0muvx5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://spicesearch.net/search.php?src=tops&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://spicesearch.net/search.php?src=tops&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{01bdc2d6-b0e3-d1a0-d711-c919e598f67c}\components\8d33b518-0325-6cc2-3f20-42835fcacc56.dll
FF - component: c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oa0muvx5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oa0muvx5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere __temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-26 17:36
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\SigmaTel\C-Major Audio\WDM\STacSV.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\UI0Detect.exe
c:\windows\system32\conime.exe
c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\lpremove.exe
c:\windows\system32\lpksetup.exe
.
**************************************************************************
.
Completion time: 2010-07-26 17:51:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-26 22:50
ComboFix2.txt 2010-01-06 00:39
ComboFix3.txt 2009-12-29 16:05
ComboFix4.txt 2009-12-25 01:55
ComboFix5.txt 2010-01-10 04:10

Pre-Run: 21,566,926,848 bytes free
Post-Run: 21,524,115,456 bytes free

- - End Of File - - E09BE6AC5D1E961B57E36E40637D7478

Kevin · « **Reply #8 on:** July 27, 2010, 09:49:51 PM »

Are you still getting redirected now? If so, run the following scan also:

Go to http://www.trendmicro.com/hc_intro/default.asp and click on that link to run the free scan. Check the box to accept the terms of use. Then click on Launching HouseCall button. If you have Java installed, click on the first button (that says Starting HouseCall). Otherwise, choose the second one to download an ActiveX version. You will get a security warning. Click on Run. Under Quick Select, choose the option that scans the whole computer and click Next. The scan should begin. After it's done scanning, get the log and post it here.

KRC Forum

News:

Author Topic: HJT Checkup (Read 226 times)

syasa

HJT Checkup

Kevin

Re: HJT Checkup

syasa

Re: HJT Checkup

syasa

Re: HJT Checkup

Kevin

Re: HJT Checkup

syasa

Re: HJT Checkup

Kevin

Re: HJT Checkup

syasa

Re: HJT Checkup

Kevin

Re: HJT Checkup