Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer always hang at startup


  • Please log in to reply

#1
adeline

adeline

    Member

  • Member
  • PipPip
  • 58 posts
Good day, not sure if i've posted at the right section but here's my problem. :yes:

My system is constantly hanging up whenever i boot the com. It will usually hang at the part where all the taskbars are loading so i have to do a hard reset. Once in a while, it will hang when i load a program, or the system will auto reset on its own when i was in the middle of a game. This hanging issue always happen for the first time i boot up my com, but after that it doesnt hang up too often.. I don't think im low on memory or anything as im not running many background applications. I have tried running an antivirus scan but could not find anything malicious.

I'm using a desktop computer, and realise that sometimes when i accidentally knock on the foot of my table or something, the com will freeze on its own. :) Anyone knows how to solve this problem? I'm thinking it might be a hardware issue.
  • 0

Advertisements


#2
adeline

adeline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
This is an old thread but any solution to the above?? The problem still persist till now.

One more thing to add, my internet connection has been kind of unstable lately. I'm using wireless adapator from Linksys with the main router located in another room. Recently, the internet will cut off on its own after about 1 hour or so.. and the connection will only come back if i right click and select repair. I have an ipad and mobile phone connected to wifi at the same time, and most of the time the ipad and my phone will stop receiving internet connection after some time. I'm not sure if connecting to too much devices at one time is creating such a problem.

Advice pls? :(
  • 0

#3
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#4
adeline

adeline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hi there, thanks for the reply. The original problem still persist. So far the only thing i have done is to run an antivirus scan in which no malicious objects were found.


I will be posting my OLT report below. Pls take a look :help:
  • 0

#5
adeline

adeline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
OTL logfile created on: 4/28/2012 7:57:19 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\Adeline Peck\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 77.08% Memory free
4.84 Gb Paging File | 4.32 Gb Available in Paging File | 89.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 362.05 Gb Free Space | 77.74% Space Free | Partition Type: NTFS

Computer Name: ADELINE | User Name: Adeline Peck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/28 19:48:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adeline Peck\Desktop\OTL.exe
PRC - [2012/03/24 00:26:25 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/24 00:26:23 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/17 17:24:26 | 000,436,600 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2011/12/17 23:26:02 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/09/01 17:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/22 05:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/09 05:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/11/24 10:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe
PRC - [2010/02/24 11:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- C:\Program Files\PPStream\PPSAP.exe
PRC - [2009/12/16 17:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/11/25 00:16:08 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2009/11/25 00:16:08 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2009/11/19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 08:12:15 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe
PRC - [2005/11/09 01:33:42 | 005,264,384 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
PRC - [2005/07/04 16:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
PRC - [2001/09/24 09:39:28 | 000,098,304 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/24 00:26:25 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/03/24 00:26:23 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/03/08 07:56:47 | 000,034,152 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsdone.dll
MOD - [2012/02/05 12:26:05 | 000,349,608 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsclient.dll
MOD - [2012/01/26 13:58:54 | 000,034,152 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsstatistic.dll
MOD - [2012/01/17 17:24:18 | 000,404,328 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\MngModule.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/22 05:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/22 05:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/07/30 18:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2005/09/02 23:25:26 | 000,045,056 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\Security.dll
MOD - [2005/02/24 20:15:20 | 000,102,400 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\ses_cl.dll
MOD - [2004/09/29 15:51:28 | 000,122,880 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\ez54g.dll
MOD - [2003/10/13 15:30:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\GTW32N50.dll
MOD - [2002/04/24 00:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\GEMWEP.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe -- (WUSB54Gv42SVC)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/22 22:56:13 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/24 00:26:25 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/11/24 10:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe -- (NSL)
SRV - [2009/12/16 17:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/11/25 00:16:08 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/02/20 23:01:36 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/10/13 17:50:00 | 000,133,632 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/13 17:37:00 | 000,079,360 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2009/06/29 19:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/06/25 14:07:44 | 005,095,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/25 14:07:40 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/06/25 14:07:40 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/05/15 13:11:18 | 000,029,184 | R--- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2009/02/16 17:35:06 | 000,017,536 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2008/07/09 14:11:34 | 000,022,016 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2006/02/28 20:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2005/10/17 19:50:06 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/09/24 09:39:18 | 000,010,261 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVBulk.sys -- (LVBulk)
DRV - [2001/09/24 09:38:26 | 000,033,280 | ---- | M] (Logitech Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\LVSound2.sys -- (lusbaudio)
DRV - [2001/09/20 03:39:44 | 000,193,574 | ---- | M] (Tekom Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvvi500a.sys -- (LVVI500A)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-436374069-1708537768-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\SearchScopes\{3E027E52-82F1-432E-8CBD-0EE57AE6B2EC}: "URL" = http://sg.search.yah...p={searchTerms}
IE - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\SearchScopes\{4463617B-F7B2-4093-AD8E-39BF13CABFF1}: "URL" = http://www.google.co...2788:4067623346
IE - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\SearchScopes\{556ABD7E-7ACC-4391-AAF5-D207ABECB95D}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7SUNC_en
IE - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\SearchScopes\{6C3E0067-B444-4bcb-871C-A78B8F479EFD}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-01-02 17:35:15&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2653012
IE - HKU\S-1-5-21-436374069-1708537768-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-436374069-1708537768-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "www.google.com.sg"
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {9b339f6e-ddcd-401b-8764-230adbd01761}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.1
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894
FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.23
FF - prefs.js..extensions.enabledItems: {203FB6B2-2E1E-4474-863B-4C483ECCE78E}:1.2.0
FF - prefs.js..keyword.URL: "http://isearch.avg.c...5:15&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/19 23:42:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/19 23:42:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/17 23:26:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/06 20:17:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/24 00:26:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.7\coFFNST\ [2012/01/26 15:52:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/15 20:03:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/27 23:49:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/01/15 12:12:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/15 12:13:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2009/11/25 00:03:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\dict@www.youdao.com: C:\Program Files\Youdao\Dict4\stable\extensions\firefox [2012/03/27 23:27:24 | 000,000,000 | ---D | M]

[2009/11/24 11:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adeline Peck\Application Data\Mozilla\Extensions
[2012/04/08 12:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adeline Peck\Application Data\Mozilla\Firefox\Profiles\izpnm5hh.default\extensions
[2012/02/15 20:03:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Adeline Peck\Application Data\Mozilla\Firefox\Profiles\izpnm5hh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/04/08 12:07:33 | 000,000,000 | ---D | M] (Messenger Plus Live Community Toolbar) -- C:\Documents and Settings\Adeline Peck\Application Data\Mozilla\Firefox\Profiles\izpnm5hh.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}
[2012/01/27 23:49:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/24 00:26:31 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\10.2.0.3
[2012/02/06 20:17:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2009/11/25 00:03:55 | 000,000,000 | ---D | M] (Download Accelerator Plus Integration) -- C:\PROGRAM FILES\DAP\DAPFIREFOX
[2010/05/23 13:04:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/15 20:03:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/24 00:26:23 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/15 20:03:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/15 20:03:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: \u6709\u9053\u8BCD\u5178Chrome\u9F20\u6807\u53D6\u8BCD\u63D2\u4EF6 = C:\Documents and Settings\Adeline Peck\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohddidmgooofkgohkbkaohadkolgejj\1.2_0\
CHR - Extension: DivX HiQ = C:\Documents and Settings\Adeline Peck\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Adeline Peck\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Adeline Peck\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Adeline Peck\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\

O1 HOSTS File: ([2006/02/28 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo2.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\Toolbar\WebBrowser: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O3 - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\prxtbVeo2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-436374069-1708537768-725345543-1004..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKU\S-1-5-21-436374069-1708537768-725345543-1004..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-436374069-1708537768-725345543-1004..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKU\S-1-5-21-436374069-1708537768-725345543-1004..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKU\S-1-5-21-436374069-1708537768-725345543-1004..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
O4 - HKU\S-1-5-21-436374069-1708537768-725345543-1004..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKU\S-1-5-21-436374069-1708537768-725345543-1004..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-436374069-1708537768-725345543-1004..\Run: [YodaoDict] C:\Program Files\Youdao\Dict4\RunDict.exe (网易公司)
O4 - Startup: C:\Documents and Settings\Adeline Peck\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Adeline Peck\Start Menu\Programs\Startup\PPS.lnk = C:\Program Files\PPStream\PPStream.exe (PPStream Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-1708537768-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BCF38D8-4F7E-4DD7-9165-B5AF35E99288}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2F1CCA5-5D9A-4DFD-9ACA-18DE658D20D2}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Adeline Peck\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adeline Peck\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/24 10:20:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/28 19:48:34 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adeline Peck\Desktop\OTL.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/28 19:56:15 | 000,000,536 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/28 19:55:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/28 19:48:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adeline Peck\Desktop\OTL.exe
[2012/04/28 19:46:41 | 000,002,932 | ---- | M] () -- C:\WINDOWS\psnetwork.ini
[2012/04/28 19:46:26 | 1606,320,128 | ---- | M] () -- C:\ppsds.pgf
[2012/04/28 19:46:26 | 000,000,091 | ---- | M] () -- C:\WINDOWS\PCDNSetting.ini
[2012/04/28 19:44:55 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/04/28 19:44:50 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-436374069-1708537768-725345543-1004.job
[2012/04/28 19:44:47 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/28 19:44:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/28 18:39:47 | 096,476,685 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/27 08:27:56 | 000,013,708 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/26 01:19:01 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-436374069-1708537768-725345543-1004.job
[2012/04/25 22:58:50 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/25 22:56:57 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/21 19:41:26 | 000,019,996 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/18 22:45:07 | 001,683,921 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Desktop\Kimberley - 爱你.mp3
[2012/04/13 22:49:47 | 001,497,237 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Desktop\A-Lin - 等你.wma
[2012/04/11 22:34:48 | 000,433,440 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 22:34:48 | 000,068,286 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 22:23:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/10 22:45:01 | 000,001,850 | ---- | M] () -- C:\WINDOWS\powerplayer.ini
[2012/04/10 22:41:26 | 000,002,075 | ---- | M] () -- C:\WINDOWS\Powerlist.ini
[2012/04/10 22:41:19 | 000,000,060 | ---- | M] () -- C:\WINDOWS\MediaList.ini
[2012/04/10 22:25:54 | 000,000,134 | ---- | M] () -- C:\WINDOWS\ppsarea.ini
[2012/04/10 22:25:54 | 000,000,028 | ---- | M] () -- C:\WINDOWS\OOIIEProxy.ini
[2012/04/09 23:16:32 | 000,156,767 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Desktop\untitled.JPG
[2012/04/08 17:36:38 | 002,321,059 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Desktop\Coldplay - Charlie Brown.wma
[2012/04/08 17:35:42 | 002,192,415 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Desktop\Hinder - Lips of an Angel.wma
[2012/04/08 17:32:58 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Adeline Peck.job
[2012/04/08 12:14:50 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Start Menu\Programs\Startup\PPS.lnk
[2012/04/08 12:14:50 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2012/04/08 12:14:50 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PPS影音.lnk
[2012/04/06 10:57:42 | 001,832,003 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Desktop\Super Junior - U.wma
[2012/04/06 10:53:25 | 001,843,957 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Desktop\东海 with HENRY From SUPER JUNIOR M - 这是爱.wma
[2012/04/06 10:37:15 | 001,531,007 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Desktop\Selena Gomez & The Scene - Love You Like a Love Song.wma
[2012/04/06 10:34:45 | 001,726,267 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Desktop\hyunA - Bubble Pop!.wma
[2012/04/06 10:31:31 | 001,783,343 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Desktop\hyunA - Troublemaker.wma
[2012/04/06 10:27:30 | 001,603,103 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Desktop\T-ara - Cry Cry.wma
[2012/04/06 10:27:03 | 001,747,295 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Desktop\T-ara - Lovey-Dovey.wma
[2012/04/06 10:25:50 | 001,744,291 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Desktop\T-ara - Roly-Poly.wma
[2012/04/06 10:24:26 | 002,140,819 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Desktop\罗志祥 - 有我在.wma
[2012/04/06 10:21:14 | 003,443,880 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Desktop\大嘴巴 - 你怕谁.mp3
[2012/04/06 10:17:44 | 002,201,291 | ---- | M] () -- C:\Documents and Settings\Adeline Peck\Desktop\刘力扬 - 旅途.wma
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/22 22:23:44 | 000,000,536 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/18 22:44:49 | 001,683,921 | ---- | C] () -- C:\Documents and Settings\Adeline Peck\Desktop\Kimberley - 爱你.mp3
[2012/04/13 22:49:11 | 001,497,237 | ---- | C] () -- C:\Documents and Settings\Adeline Peck\Desktop\A-Lin - 等你.wma
[2012/04/09 23:16:32 | 000,156,767 | ---- | C] () -- C:\Documents and Settings\Adeline Peck\Desktop\untitled.JPG
[2012/04/08 17:36:16 | 002,321,059 | ---- | C] () -- C:\Documents and Settings\Adeline Peck\Desktop\Coldplay - Charlie Brown.wma
[2012/04/08 17:35:30 | 002,192,415 | ---- | C] () -- C:\Documents and Settings\Adeline Peck\Desktop\Hinder - Lips of an Angel.wma
[2012/04/08 12:14:59 | 000,000,134 | ---- | C] () -- C:\WINDOWS\ppsarea.ini
[2012/04/06 10:57:37 | 001,832,003 | ---- | C] () -- C:\Documents and Settings\Adeline Peck\Desktop\Super Junior - U.wma
[2012/04/06 10:53:13 | 001,843,957 | ---- | C] () -- C:\Documents and Settings\Adeline Peck\Desktop\东海 with HENRY From SUPER JUNIOR M - 这是爱.wma
[2012/04/06 10:37:33 | 001,531,007 | ---- | C] () -- C:\Documents and Settings\Adeline Peck\Desktop\Selena Gomez & The Scene - Love You Like a Love Song.wma
[2012/04/06 10:34:29 | 001,726,267 | ---- | C] () -- C:\Documents and Settings\Adeline Peck\Desktop\hyunA - Bubble Pop!.wma
[2012/04/06 10:30:26 | 001,783,343 | ---- | C] () -- C:\Documents and Settings\Adeline Peck\Desktop\hyunA - Troublemaker.wma
[2012/04/06 10:27:20 | 001,603,103 | ---- | C] () -- C:\Documents and Settings\Adeline Peck\Desktop\T-ara - Cry Cry.wma
[2012/04/06 10:26:18 | 001,747,295 | ---- | C] () -- C:\Documents and Settings\Adeline Peck\Desktop\T-ara - Lovey-Dovey.wma
[2012/04/06 10:25:03 | 001,744,291 | ---- | C] () -- C:\Documents and Settings\Adeline Peck\Desktop\T-ara - Roly-Poly.wma
[2012/04/06 10:23:43 | 002,140,819 | ---- | C] () -- C:\Documents and Settings\Adeline Peck\Desktop\罗志祥 - 有我在.wma
[2012/04/06 10:21:22 | 003,443,880 | ---- | C] () -- C:\Documents and Settings\Adeline Peck\Desktop\大嘴巴 - 你怕谁.mp3
[2012/04/06 10:16:38 | 002,201,291 | ---- | C] () -- C:\Documents and Settings\Adeline Peck\Desktop\刘力扬 - 旅途.wma
[2012/02/16 20:28:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/17 16:34:20 | 000,291,176 | ---- | C] () -- C:\WINDOWS\System32\kindling.dll
[2011/10/26 11:43:04 | 000,000,025 | ---- | C] () -- C:\WINDOWS\PPStream.ini
[2011/10/18 08:51:15 | 000,038,320 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/05 00:47:48 | 001,623,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/23 22:58:09 | 000,000,028 | ---- | C] () -- C:\WINDOWS\OOIIEProxy.ini
[2011/04/23 22:48:42 | 000,000,091 | ---- | C] () -- C:\WINDOWS\PCDNSetting.ini
[2011/04/23 22:33:42 | 000,000,030 | ---- | C] () -- C:\WINDOWS\msgtn.ini
[2011/04/23 22:10:57 | 000,000,060 | ---- | C] () -- C:\WINDOWS\MediaList.ini
[2011/04/23 22:10:42 | 000,002,075 | ---- | C] () -- C:\WINDOWS\Powerlist.ini
[2011/04/23 22:10:40 | 000,001,850 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2011/04/23 22:10:37 | 000,002,932 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2011/04/01 02:04:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Adeline Peck\Local Settings\Application Data\prvlcl.dat
[2010/11/25 22:09:49 | 000,000,544 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/10/08 00:05:19 | 000,000,094 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2010/10/08 00:05:19 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2010/10/08 00:03:51 | 000,196,993 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2010/08/22 22:22:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

========== LOP Check ==========

[2012/01/02 17:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adeline Peck\Application Data\AVG Secure Search
[2012/01/02 17:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adeline Peck\Application Data\AVG2012
[2010/12/19 23:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adeline Peck\Application Data\Local
[2012/04/08 12:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adeline Peck\Application Data\Neopets Toolbar
[2012/01/26 13:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adeline Peck\Application Data\PPLive
[2012/04/10 22:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adeline Peck\Application Data\PPStream
[2012/04/28 19:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adeline Peck\Application Data\PriceGong
[2012/01/03 02:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adeline Peck\Application Data\Research In Motion
[2010/02/19 22:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adeline Peck\Application Data\Search Settings
[2009/12/13 09:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adeline Peck\Application Data\Thunderbird
[2012/03/24 00:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/01/02 17:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/01/02 17:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/15 22:12:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/26 13:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2012/04/28 18:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/26 13:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2012/01/03 02:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/11/25 00:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2012/04/28 19:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/03/27 23:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Youdao
[2011/09/29 23:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/04/18 22:09:17 | 000,000,000 | R--D | M](C:\Documents and Settings\Adeline Peck\Desktop\Adeline's Music ? Folder) -- C:\Documents and Settings\Adeline Peck\Desktop\Adeline's Music ♫ Folder
[2009/11/28 22:30:39 | 003,905,376 | ---- | M] ()(C:\Documents and Settings\Adeline Peck\Desktop\? ???1-Obsessed.mp3) -- C:\Documents and Settings\Adeline Peck\Desktop\ ˹-Obsessed.mp3
[2009/11/28 22:28:59 | 003,905,376 | ---- | C] ()(C:\Documents and Settings\Adeline Peck\Desktop\? ???1-Obsessed.mp3) -- C:\Documents and Settings\Adeline Peck\Desktop\ ˹-Obsessed.mp3
[2009/11/28 22:23:00 | 000,000,000 | R--D | C](C:\Documents and Settings\Adeline Peck\Desktop\Adeline's Music ? Folder) -- C:\Documents and Settings\Adeline Peck\Desktop\Adeline's Music ♫ Folder
[2009/04/14 15:29:16 | 000,435,576 | ---- | M] (www.pps.tv)(C:\WINDOWS\System32\pps???£.scr) -- C:\WINDOWS\System32\ppsӰѶ.scr
[2009/04/14 15:29:16 | 000,435,576 | ---- | C] (www.pps.tv)(C:\WINDOWS\System32\pps???£.scr) -- C:\WINDOWS\System32\ppsӰѶ.scr

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5

< End of report >
  • 0

#6
adeline

adeline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
OTL Extras logfile created on: 4/28/2012 7:57:19 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\Adeline Peck\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 77.08% Memory free
4.84 Gb Paging File | 4.32 Gb Available in Paging File | 89.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 362.05 Gb Free Space | 77.74% Space Free | Partition Type: NTFS

Computer Name: ADELINE | User Name: Adeline Peck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-436374069-1708537768-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc2.exe" = C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc2.exe:*:Enabled:Wireless Network Monitor -- ()
"C:\Program Files\WIZET\MapleStory\MapleStory.exe" = C:\Program Files\WIZET\MapleStory\MapleStory.exe:*:Enabled:MapleStory
"C:\Program Files\WIZET\MapleStory\hshield\HSUpdate.exe" = C:\Program Files\WIZET\MapleStory\hshield\HSUpdate.exe:*:Enabled:HSUpdate
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Outlook Express\msimn.exe" = C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation)
"C:\Program Files\PPSGame\PPSGame.exe" = C:\Program Files\PPSGame\PPSGame.exe:*:Enabled:??′???? -- (传聚网络科技有限公司)
"C:\Program Files\WIZET\MapleStory\Patcher.exe" = C:\Program Files\WIZET\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\PPLive\PPTV\PPLiveU.exe" = C:\Program Files\PPLive\PPTV\PPLiveU.exe:*:Enabled:PPLiveU -- (PPLive Corporation)
"C:\Program Files\PPLive\PPTV\PPLive.exe" = C:\Program Files\PPLive\PPTV\PPLive.exe:*:Enabled:PPLive -- (PPLive Corporation)
"C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" = C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe:*:Enabled:PPLive -- (PPLive Corporation)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS网络电视 -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS 网络加速器 -- (PPStream Inc)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{069C1AD7-AC72-40E0-A156-7442EA6A48D7}" = AVG 2012
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353B1E6D-7073-4450-8C80-699BD8FCFB49}" = MTP Porting Kit
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5E15DBCA-73E1-49F1-87D8-9DD528740295}" = BlackBerry Device Software v7.1.0 for the BlackBerry 9900 smartphone
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}" = Logitech QuickCam
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FD7FB8C-2C75-4A8E-A236-EB23C5CD1033}" = Nero 8 Essentials
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BCC552D-5E01-494A-B503-0915384F048C}_is1" = MapleStorySEA version v1.06
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EAF85F6-CDAB-4806-A9A7-26EE4A0C1BA9}" = iPhone Configuration Utility
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AhnLab Online Security" = AhnLab Online Security
"AVG" = AVG 2012
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"conduitEngine" = Conduit Engine
"DivX Setup.divx.com" = DivX Setup
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.1 (x86 en-US)" = Mozilla Firefox 10.0.1 (x86 en-US)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NSS" = Norton Security Scan
"NST" = Norton Safe Web Lite
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Pos Pro" = Photo Pos Pro
"PhotoScape" = PhotoScape
"PPLive" = PPTV V3.1.2.0041
"PPSGame" = PPSϷ V1.0.1.322
"PPStream" = PPS影音 V2.7.0.1450 正式版
"QCDrivers" = QuickCam Drivers
"RealPlayer 15.0" = RealPlayer
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"Veoh Video Compass" = Veoh Video Compass
"Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar
"VLC media player" = VLC media player 1.0.3
"Vtune_is1" = Vtune 7.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"有道词典" = 有道词典

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-436374069-1708537768-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 4/27/2012 11:32:41 AM | Computer Name = ADELINE | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 4/27/2012 11:38:44 AM | Computer Name = ADELINE | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 4/27/2012 11:51:47 AM | Computer Name = ADELINE | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 4/28/2012 4:01:47 AM | Computer Name = ADELINE | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 4/28/2012 4:19:09 AM | Computer Name = ADELINE | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 4/28/2012 4:24:24 AM | Computer Name = ADELINE | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 4/28/2012 4:25:40 AM | Computer Name = ADELINE | Source = System Error | ID = 1003
Description = Error code 000000ea, parameter1 8a3bb698, parameter2 8a01c008, parameter3
8ac52070, parameter4 00000001.

Error - 4/28/2012 7:38:31 AM | Computer Name = ADELINE | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 4/28/2012 7:40:23 AM | Computer Name = ADELINE | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 4/28/2012 7:45:07 AM | Computer Name = ADELINE | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2


< End of report >
  • 0

#7
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2009/12/16 17:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo2.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
    IE - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2653012
    FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\dict@www.youdao.com: C:\Program Files\Youdao\Dict4\stable\extensions\firefox [2012/03/27 23:27:24 | 000,000,000 | ---D | M]
    [2012/04/08 12:07:33 | 000,000,000 | ---D | M] (Messenger Plus Live Community Toolbar) -- C:\Documents and Settings\Adeline Peck\Application Data\Mozilla\Firefox\Profiles\izpnm5hh.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
    O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo2.dll (Conduit Ltd.)
    O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
    O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo2.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\Toolbar\WebBrowser: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
    O3 - HKU\S-1-5-21-436374069-1708537768-725345543-1004\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\prxtbVeo2.dll (Conduit Ltd.)
    O4 - HKU\S-1-5-21-436374069-1708537768-725345543-1004..\Run: [YodaoDict] C:\Program Files\Youdao\Dict4\RunDict.exe (网易公司)
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2012/04/08 12:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adeline Peck\Application Data\Neopets Toolbar
    [2012/04/28 19:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adeline Peck\Application Data\PriceGong
    [2010/02/19 22:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adeline Peck\Application Data\Search Settings
    [2012/03/27 23:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Youdao
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\Adeline Peck\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohddidmgooofkgohkbkaohadkolgejj
    C:\Program Files\Application Updater
    C:\Program Files\Veoh_Web_Player
    C:\Program Files\Search Settings
    C:\Program Files\Youdao
    C:\Program Files\ConduitEngine
    C:\Program Files\Neopets
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.





Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#8
adeline

adeline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.28.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Adeline Peck :: ADELINE [administrator]

4/29/2012 10:52:54 AM
mbam-log-2012-04-29 (10-52-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196339
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#9
adeline

adeline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
ComboFix 12-04-28.01 - Adeline Peck 9/2012 Sun 11:06:24.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.3070.2295 [GMT 8:00]
执行位置: c:\documents and settings\Adeline Peck\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Adeline Peck\Application Data\Local
c:\documents and settings\Adeline Peck\Application Data\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\documents and settings\Adeline Peck\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20110823133140_pptv110823jiaobiao.png
c:\favoritevideo\InvisibleFolder\20111118162412_tongyisucaif111119zanting.swf
c:\favoritevideo\InvisibleFolder\20111118162556_tongyisucaif111119zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111216211930_juststyle111216zanting.swf
c:\favoritevideo\InvisibleFolder\20111216212107_juststyle111216chabo.swf
c:\favoritevideo\InvisibleFolder\20120217163942_ximenzi120220zanting.swf
c:\favoritevideo\InvisibleFolder\20120222214741_pinganchexian120223zhufuceng.swf
c:\favoritevideo\InvisibleFolder\20120222214917_pinganchexian120223zhuzt.swf
c:\favoritevideo\InvisibleFolder\20120228170510_ximenzi120220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120307165433_ximenziguangfuxian120308zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120307165630_ximenzi120308zanting.swf
c:\favoritevideo\InvisibleFolder\20120307183628_ximenzi120309zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120307183850_ximenzi120309zanting.swf
c:\favoritevideo\InvisibleFolder\20120323162225_jianengpowershot120326zanting.swf
c:\favoritevideo\InvisibleFolder\20120328141614_zhengtu120331zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120329101854_chuangshi120329zanting.swf
c:\favoritevideo\InvisibleFolder\20120329162451_baidu120330zanting.swf
c:\favoritevideo\InvisibleFolder\20120329180439_120120.jpg
c:\favoritevideo\InvisibleFolder\20120330142116_37wan120330zhu15sanew.swf
c:\favoritevideo\InvisibleFolder\20120330143311_doupocangqiong120331zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120330143753_doupocangqiong120331zhuzt.swf
c:\favoritevideo\InvisibleFolder\20120330144017_doupocangqiong120331cha15s.swf
c:\favoritevideo\InvisibleFolder\20120331130512_qunaer120331zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120331131607_yulongzaitian120401zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120331174113_kunlun120401zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120331174230_kunlun120401zanting.swf
c:\favoritevideo\InvisibleFolder\20120331184428_tengxinfengbao120331zanting.swf
c:\favoritevideo\InvisibleFolder\20120401105211_dongnanyishen120401zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\20120401105450_dongnanyishen120401zhufuceng.swf
c:\favoritevideo\InvisibleFolder\20120401114814_dongfeng308120401zanting.swf
c:\favoritevideo\InvisibleFolder\20120401133418_suitangyanyi120402zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120401143842_guangqibentian120409zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\20120401161738_lining120405qipao.swf
c:\favoritevideo\InvisibleFolder\20120401172107_maikaolin120401zhuzt.swf
c:\favoritevideo\InvisibleFolder\20120401191211_kelaisile120401zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120401191415_kelaisile120401zanting.swf
c:\favoritevideo\InvisibleFolder\20120405105019_feixian120406zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120405131243_feixian120406zanting.swf
c:\favoritevideo\InvisibleFolder\20120405131446_feixian120406chabo.swf
c:\favoritevideo\InvisibleFolder\20120405140324_suunmofangchan120405zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120405172747_91wan120406zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120405172909_91wan120406zanting.swf
c:\favoritevideo\InvisibleFolder\20120405180345_guangqichuanqi120409zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\20120405180515_yiqidazhong120409zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120405181936_wendao120406zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120406103657_beiqi120406zanting.swf
c:\favoritevideo\InvisibleFolder\20120406145607_lining120406zanting.swf
c:\favoritevideo\InvisibleFolder\20120406160259_cangqiong120409zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120406160829_cangqiong120409zanting.swf
c:\favoritevideo\InvisibleFolder\20120406161029_cangqiong120409chabo.swf
c:\favoritevideo\InvisibleFolder\20120406164513_kongzhongwang120406zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\20120406172238_hubeiyidong120409zanting.swf
c:\favoritevideo\InvisibleFolder\20120406173149_dongnanyishen120307zhuzt.swf
c:\favoritevideo\InvisibleFolder\20120406175417_37wan120409zanting.swf
c:\favoritevideo\InvisibleFolder\20120406185924_vip120406zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120406193018_jiamei120407fengxiongzanting.swf
c:\favoritevideo\InvisibleFolder\20120406193028_jiamei120407fengxiongqipao.swf
c:\favoritevideo\InvisibleFolder\20120406194759_yunying120406zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120409103249_guangqichuanqi120409zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\20120409105616_p57120409cha15s.swf
c:\favoritevideo\InvisibleFolder\20120409161633_mozhijingling120410zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120409161803_mozhijingling120410zanting.swf
c:\favoritevideo\InvisibleFolder\20120409170431_p57120410zanting.swf
c:\favoritevideo\InvisibleFolder\20120409171905_beiqi120410zanting.swf
c:\favoritevideo\InvisibleFolder\20120409180612_yunying120409chabo.swf
c:\favoritevideo\InvisibleFolder\20120409180656_yunying120410zanting.swf
c:\favoritevideo\InvisibleFolder\20120409183755_lianxiang120410zanting.swf
c:\favoritevideo\InvisibleFolder\20120410095200_yunying120410zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120410095641_jianengeos120411zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120410101637_lianxiang120410zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120410140821_yunying120410chabo.swf
c:\favoritevideo\InvisibleFolder\20120410143527_u88120410jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20120410182841_fanren120412zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120410183331_fanren120412zanting.swf
c:\favoritevideo\InvisibleFolder\20120410183441_fanren120412chabo.swf
c:\favoritevideo\InvisibleFolder\20120411114056_37wan120411zanting.swf
c:\favoritevideo\InvisibleFolder\20120411114450_yiqidazhong120411zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120411153240_qiannvyouhun120413zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120411153937_mozhijingling120412zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120411154110_mozhijingling120412zanting.swf
c:\favoritevideo\InvisibleFolder\20120411182045_zhengtu2120412jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20120412175229_zhengtu2120413jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20120413105554_shenxiandao120415zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120413105804_shenxiandao120415zanting.swf
c:\favoritevideo\InvisibleFolder\20120413110039_shenxiandao120415chabo.swf
c:\favoritevideo\InvisibleFolder\20120413155437_tunshi120416zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120413155620_tunshi120416zanting.swf
c:\favoritevideo\InvisibleFolder\20120413155900_tunshi120416chabo.swf
c:\favoritevideo\InvisibleFolder\20120413172043_zhengtu2120414jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20120413174433_37wan120414zhuzt.swf
c:\favoritevideo\InvisibleFolder\20120413175136_longcheng120415zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120413182816_kasadi120416zanting.swf
c:\favoritevideo\InvisibleFolder\20120413183300_kasadi120416cha15s.swf
c:\favoritevideo\InvisibleFolder\20120413183555_kasadi120416jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20120413185524_pangshi120416zanting.swf
c:\favoritevideo\InvisibleFolder\20120414112323_zhengtu120414zanting15s.swf
c:\favoritevideo\InvisibleFolder\20120414112508_zhengtu120414jiaobiao15s.swf
c:\favoritevideo\InvisibleFolder\20120414123212_guangqichuanqi120414zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\20120414175254_huadi120416zhuzt.swf
c:\favoritevideo\InvisibleFolder\20120416100443_tongyisucaiN120416zanting.swf
c:\favoritevideo\InvisibleFolder\20120416103940_chuanyangfeilipu120416zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120416112036_chuanyanghuangjindajiean120416zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120416144009_tongyisucaiN120416zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120416152316_37wan120417zanting.swf
c:\favoritevideo\InvisibleFolder\20120416172028_yedian120417zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120416172514_yedian120417zanting.swf
c:\favoritevideo\InvisibleFolder\20120416175324_zhengtu2120417zanting.swf
c:\favoritevideo\InvisibleFolder\20120416194416_120-120.swf
c:\favoritevideo\InvisibleFolder\20120416202813_505x60.swf
c:\favoritevideo\InvisibleFolder\20120417095314_qiannvyouhun120418zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120417095530_qiannvyouhun120418zanting.swf
c:\favoritevideo\InvisibleFolder\20120417104617_guangqichuanqi120416zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\20120417112247_37wan120418zanting.swf
c:\favoritevideo\InvisibleFolder\20120417112736_tianxingbaobei120418zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120417112947_tianxingbaobei120418zanting.swf
c:\favoritevideo\InvisibleFolder\20120417115433_hubeiyidong120417zanting.swf
c:\favoritevideo\InvisibleFolder\20120417141227_zhengtu2120418zanting.swf
c:\favoritevideo\InvisibleFolder\20120417214107_zhentian120418zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120417214151_zhentian120418zanting.swf
c:\favoritevideo\InvisibleFolder\20120417214425_zhentian120418chabo.swf
c:\favoritevideo\InvisibleFolder\20120418101152_tongyisucai120418zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120418101441_tongyisucai120418zanting.swf
c:\favoritevideo\InvisibleFolder\20120418103551_maidanglao120418zanting15s.swf
c:\favoritevideo\InvisibleFolder\20120418111407_chuanyanginnisfree120418zhu15sA.swf
c:\favoritevideo\InvisibleFolder\20120418111542_chuanyanginnisfree120418zhu15sB.swf
c:\favoritevideo\InvisibleFolder\20120418130832_ecco120418zanting.swf
c:\favoritevideo\InvisibleFolder\20120418133509_xinlangqiche120423zanting.swf
c:\favoritevideo\InvisibleFolder\20120418153013_37wan120419zanting.swf
c:\favoritevideo\InvisibleFolder\20120418155156_zhengtu2120419zanting.swf
c:\favoritevideo\InvisibleFolder\20120418181757_sunno120418zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120418183124_longjiang120419zanting.swf
c:\favoritevideo\InvisibleFolder\20120419095622_chuanyang120419zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\20120419095808_shengdoushi120419zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120419095926_shengdoushi120419zanting.swf
c:\favoritevideo\InvisibleFolder\20120419114703_moyu120425zanting.swf
c:\favoritevideo\InvisibleFolder\20120419140603_kasadichanpin120420zanting.swf
c:\favoritevideo\InvisibleFolder\20120419142118_guangqichuanqi120423zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\20120419164813_qiannvyouhun120420zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120419184756_zuibaxian120420zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120419184834_zhengtu120420zhuzt.swf
c:\favoritevideo\InvisibleFolder\20120419185223_zuibaxian120420zanting.swf
c:\favoritevideo\InvisibleFolder\20120420132651_rexuesanguo120421zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\20120420133043_rexuesanguo120421zhuzt.swf
c:\favoritevideo\InvisibleFolder\20120420134252_tunshisanguo120423zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120420135423_tunshisanguo120423zanting.swf
c:\favoritevideo\InvisibleFolder\20120420135539_tunshisanguo120423cha15s.swf
c:\favoritevideo\InvisibleFolder\20120420150509_tongyisucai120421zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120420150525_tongyisucai120421zanting.swf
c:\favoritevideo\InvisibleFolder\20120420150822_qiannvyouhun120421zanting.swf
c:\favoritevideo\InvisibleFolder\20120420153842_tongyisucai120423zanting.swf
c:\favoritevideo\InvisibleFolder\20120420162530_dongfengfengshen120423chabo.swf
c:\favoritevideo\InvisibleFolder\20120420165617_balabala120423zanting.swf
c:\favoritevideo\InvisibleFolder\20120420170500_zhengtu2120421zanting.swf
c:\favoritevideo\InvisibleFolder\20120420172550_chuanyang120420zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\20120420175227_weipinhui120421zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\20120420180242_weipinhui120423zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\20120420180315_feilipu120421zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120420183638_zhengtu2120423zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120423102820_lininglanqiu120423qipao.swf
c:\favoritevideo\InvisibleFolder\20120423160724_kangshifulvcha120424qipao.swf
c:\favoritevideo\InvisibleFolder\20120423165106_zhongguoyinhang120425zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120424100746_feilipuzhuanqu120424zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120424112112_kangshifulvcha120424qipaonew.swf
c:\favoritevideo\InvisibleFolder\20120424122419_chuanyangchunqiu120425zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120424133547_feixian120425zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120424133732_feixian120425zanting.swf
c:\favoritevideo\InvisibleFolder\20120424133914_feixian120425chabo.swf
c:\favoritevideo\InvisibleFolder\20120424170847_haierkongtiao120424zanting.swf
c:\favoritevideo\InvisibleFolder\20120424173504_tianlongbabu120425zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120424180434_weipinhui120424zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\20120424183332_vip120424zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120425103313_qiannvyouhun120425zanting.swf
c:\favoritevideo\InvisibleFolder\20120425103516_qiannvyouhun120426zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120425115918_longjiang120425zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120425150039_longjiang120425zanting.swf
c:\favoritevideo\InvisibleFolder\20120425164309_haierkongtiao120425zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120425202912_quanqiushiming120426zanting.swf
c:\favoritevideo\InvisibleFolder\20120425203947_longjiang120426zanting.swf
c:\favoritevideo\InvisibleFolder\20120425204755_tianlongbabu120426zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120426102602_danengmaidong120426fuceng.swf
c:\favoritevideo\InvisibleFolder\20120426111833_danengmaidong120426zhuzt.swf
c:\favoritevideo\InvisibleFolder\20120426154658_moyu120429zanting.swf
c:\favoritevideo\InvisibleFolder\20120426155411_xinxiwang120428yixingqipao.swf
c:\favoritevideo\InvisibleFolder\20120426155556_xinxiwang120428zhuzt.swf
c:\favoritevideo\InvisibleFolder\20120426155707_moyu120502zanting.swf
c:\favoritevideo\InvisibleFolder\20120426164518_37wan120427zantinga.swf
c:\favoritevideo\InvisibleFolder\20120426164715_37wan120427zantingb.swf
c:\favoritevideo\InvisibleFolder\20120426171417_weipinhui120427zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\20120426171834_zhuxian120427zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120426171937_zhuxian120427zanting.swf
c:\favoritevideo\InvisibleFolder\20120426174936_tianlongbabu120427zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120426182424_zuixiaoyao120427zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120426182526_zuixiaoyao120427zanting.swf
c:\favoritevideo\InvisibleFolder\20120426183123_shengdoushi120427zanting.swf
c:\favoritevideo\InvisibleFolder\20120427111530_shengdoushi120428zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120427113746_fanren120428zanting.swf
c:\favoritevideo\InvisibleFolder\20120427114609_fanren120428zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120427114851_qqfeiche120428zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120427115243_qqfeiche120428zanting.swf
c:\favoritevideo\InvisibleFolder\20120427141405_fanren120428chabo.swf
c:\favoritevideo\InvisibleFolder\20120427153958_weipinhui120428zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\20120427164651_37wan120429zanting1.swf
c:\favoritevideo\InvisibleFolder\20120427164737_37wan120429zanting2.swf
c:\favoritevideo\InvisibleFolder\20120427165209_changyou120428zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120427183835_zhengtu1120429zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120428102745_dongnanyishen120428zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\20120428102846_dongnanyishen120428zhufuceng.swf
c:\favoritevideo\InvisibleFolder\20120428102942_dongnanyishen120428zhuzt.swf
c:\favoritevideo\InvisibleFolder\20120428165635_weipinhui120429zhuhuanchong15s.swf
c:\favoritevideo\InvisibleFolder\admodule(0).dll
c:\favoritevideo\InvisibleFolder\admodule.dll
c:\favoritevideo\InvisibleFolder\peer.dll
c:\favoritevideo\InvisibleFolder\tipsbubble.dll
C:\install.exe
c:\windows\system32\aac_parser.ax
c:\windows\system32\ac3file.ax
c:\windows\system32\ac3filter.ax
c:\windows\system32\acelpdec.ax
c:\windows\system32\ativdaxx.ax
c:\windows\system32\ativmvxx.ax
c:\windows\system32\atxdec.ax
c:\windows\system32\atxparser.ax
c:\windows\system32\avi2ac3filter.ax
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a639bc4846cd914e.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\ce849af2e7bafdfd.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\cdxareader.ax
c:\windows\system32\CoreAAC.ax
c:\windows\system32\CoreVorbis.ax
c:\windows\system32\DCBassSource.ax
c:\windows\system32\declrds.ax
c:\windows\system32\DivXDecH264.ax
c:\windows\system32\dtsac3source.ax
c:\windows\system32\ffdshow.ax
c:\windows\system32\FLVSplitter.ax
c:\windows\system32\g711codc.ax
c:\windows\system32\iac25_32.ax
c:\windows\system32\ipsink.ax
c:\windows\system32\ir41_32.ax
c:\windows\system32\ivfsrc.ax
c:\windows\system32\Ivinav.ax
c:\windows\system32\IVIVIDEO.ax
c:\windows\system32\ksproxy.ax
c:\windows\system32\kstvtune.ax
c:\windows\system32\kswdmcap.ax
c:\windows\system32\ksxbar.ax
c:\windows\system32\l3codecx.ax
c:\windows\system32\mpeg2data.ax
c:\windows\system32\mpg2splt.ax
c:\windows\system32\mpg4ds32.ax
c:\windows\system32\msadds32.ax
c:\windows\system32\msscds32.ax
c:\windows\system32\OggSplitter.ax
c:\windows\system32\RealMediaSplitter.ax
c:\windows\system32\RLOFRDec.ax
c:\windows\system32\splitter.ax
c:\windows\system32\vbisurf.ax
c:\windows\system32\vidcap.ax
c:\windows\system32\vp6dec.ax
c:\windows\system32\vp7dec.ax
c:\windows\system32\wiasf.ax
c:\windows\system32\wmv8ds32.ax
c:\windows\system32\wmvds32.ax
.
.
((((((((((((((((((((((((( 2012-03-28 至 2012-04-29 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-04-29 02:50 . 2012-04-29 02:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-29 02:50 . 2012-04-04 07:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-28 16:45 . 2012-04-28 16:45 -------- d-----w- c:\documents and settings\Adeline Peck\Application Data\Neopets Toolbar
2012-04-28 16:42 . 2012-04-28 16:42 -------- d-----w- c:\program files\Neopets
2012-04-28 16:42 . 2012-04-28 16:42 -------- d-----w- C:\_OTL
2012-04-22 14:23 . 2012-04-22 14:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-22 14:56 . 2011-05-17 03:50 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 12:03 . 2012-01-27 15:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-23 16:26 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-23 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2009-05-12 2158592]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-11-24 2803200]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-11-24 1435240]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"PPS Accelerator"="c:\program files\PPStream\PPSAP.exe" [2010-02-24 214408]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"PPAP"="c:\program files\Common Files\PPLiveNetwork\PPAP.exe" [2012-01-17 436600]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"RTHDCPL"="RTHDCPL.EXE" [2009-06-25 17887232]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-10 2221352]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-17 296056]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-23 982880]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-15 928096]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\documents and settings\Adeline Peck\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
PPS.lnk - c:\program files\PPStream\PPStream.exe [2012-3-23 6481328]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Linksys Wireless-G USB Wireless Network Monitor\\InvokeSvc2.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\PPSGame\\PPSGame.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\PPLive\\PPTV\\PPLiveU.exe"=
"c:\\Program Files\\PPLive\\PPTV\\PPLive.exe"=
"c:\\Program Files\\Common Files\\PPLiveNetwork\\PPAP.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [11/24/2009 11:00 AM 219360]
R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe [1/26/2012 3:51 PM 130000]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/24/2009 11:09 AM 22016]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/24/2012 12:26 AM 918880]
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [11/24/2009 11:19 AM 53307]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/23/2010 1:05 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/22/2012 10:23 PM 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/24/2009 11:02 AM 1684736]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/23/2010 1:05 PM 136176]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [11/25/2009 12:28 AM 133632]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [11/25/2009 12:28 AM 79360]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [11/24/2009 11:09 AM 29184]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [11/24/2009 11:09 AM 17536]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
.
计划任务 文件夹 里的内容
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 14:56]
.
2012-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 05:05]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 05:05]
.
2012-04-08 c:\windows\Tasks\Norton Security Scan for Adeline Peck.job
- c:\progra~1\NORTON~2\Engine\310~1.21\Nss.exe [2011-04-13 15:47]
.
2012-04-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-436374069-1708537768-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 08:02]
.
2012-04-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-436374069-1708537768-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 08:02]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Adeline Peck\Application Data\Mozilla\Firefox\Profiles\izpnm5hh.default\
FF - prefs.js: browser.startup.homepage - www.google.com.sg
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Baae5f679-b4d0-4240-a053-225e4267b4d0%7D&mid=a13f6fdec78ba111e0ed245ede840c50-5366b409aed6aac463a0ac5c217667129efeddb7&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2012-01-02%2017%3A35%3A15&sap=ku&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-Veoh_Web_Player Toolbar - c:\program files\Veoh_Web_Player\uninstall.exe
AddRemove-有道词典 - c:\program files\Youdao\Dict4\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-29 11:13
Windows 5.1.2600 Service Pack 3 NTFS
.
扫描被隐藏的进程 。。。
.
扫描被隐藏的启动组 。。。
.
扫描被隐藏的文件 。。。
.
扫描完成
被隐藏的档案: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- 运行进程下的动态链接库 ---------------------
.
- - - - - - - > 'explorer.exe'(3320)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\IoctlSvc.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
c:\windows\system32\conime.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
.
**************************************************************************
.
完成时间: 2012-04-29 11:18:06 - 电脑已重新启动
ComboFix-quarantined-files.txt 2012-04-29 03:18
.
Pre-Run: 396,661,514,240 bytes free
Post-Run: 396,591,263,744 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-CHS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B3462D9E04F4C645D39D23B90BC9E90A
  • 0

#10
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Services
    adfs
    
    :Files
    c:\documents and settings\Adeline Peck\Application Data\Neopets Toolbar
    c:\program files\Neopets
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

How is your computer running after doing the above?
  • 0

#11
adeline

adeline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hi Gammo, it seem that my computer has stopped hanging at boot up.
Is there any more further actions required?

Thanks alot! :thumbsup:
  • 0

#12
adeline

adeline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Well.. maybe not. Seem to stop hanging at first, but today i still experience this problem. Though its not so frequent as before.

It will hang when i load a webpage, or stream videos on youtube. Sometimes. :surrender:
  • 0

#13
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post.

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


If your PC still keeps hanging, you can start a new topic about it here. :thumbsup:
  • 0

#14
adeline

adeline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello Gammo,

I have successfully removed all the components used in the malware cleanup.

Computer is much faster and didn't hang as much as before. So far, it didnt hang today. HAHA :lol:

I will start a new topic in the other section if the problem comes back again.

Lastly, thanks a lot for the time and effort in replying to my thread. The steps that you have posted are very clear and simple to follow and i really appreciate the help :thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP