http://i.163vv.com/ Virus?

View previous topic View next topic Go down

http://i.163vv.com/ Virus?

Post by cwizzy on Sat Oct 09, 2010 4:50 am

So I just got a new laptop and just finished installing all the drivers etc, and now there always appears an internet explorer icon, and when I delete it it re-appers about 10 seconds later. I clicked on it and it takes me to this Chinese site (http://i.163vv.com/)

Can someone please help me remove it!
Thanks
Smile

cwizzy
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2010-08-20
Gender : Male
OS : Windows 7 Professional 64-bit

View user profile

Back to top Go down

Re: http://i.163vv.com/ Virus?

Post by TheAvatar on Sat Oct 09, 2010 9:05 am

Hi cwizzy,

Welcome to GeekPolice.net

My name is TheAvatar and I will be tying to help you resolve your issues.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you haven't, please keep reading.
Note Before we start the process you should:

  • POST your logs, don't attach them, as it makes it harder to read.
  • Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
  • Please be patient, there is no quick fix for malware. Removal can take several attempts. Just because symptoms have gone away, does not mean the infection is gone.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.
  • If I have not replied to your thread within 2 days, please PM me.


===

Please download OTL from one of the following links
  • [You must be registered and logged in to see this link.]
  • [You must be registered and logged in to see this link.]

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in;

      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.


Thanks.


- The Avatar
If I have helped you, please consider donating to [You must be registered and logged in to see this link.]

GeekPolice.net [You must be registered and logged in to see this link.]    [You must be registered and logged in to see this link.]

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

TheAvatar
Intermediate
Intermediate

Status :
Online
Offline

Posts : 137
Joined : 2010-10-02
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: http://i.163vv.com/ Virus?

Post by cwizzy on Sat Oct 09, 2010 9:29 am

Hi, thanks so much for your reply. These are these result for OTL.txt


OTL logfile created on: 9/10/2010 10:23:43 p.m. - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\PG\Desktop\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1,014.00 Mb Total Physical Memory | 496.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31.38 Gb Total Space | 20.60 Gb Free Space | 65.63% Space Free | Partition Type: NTFS
Drive D: | 98.01 Gb Total Space | 93.08 Gb Free Space | 94.97% Space Free | Partition Type: FAT32
Drive E: | 98.04 Gb Total Space | 97.95 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive F: | 70.63 Gb Total Space | 70.54 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive G: | 1.88 Gb Total Space | 1.88 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive H: | 465.76 Gb Total Space | 9.42 Gb Free Space | 2.02% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: PG-PC
Current User Name: PG
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/09 22:14:29 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\PG\Desktop\Downloads\OTL.exe
PRC - [2010/09/21 18:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Users\PG\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/06/11 21:56:42 | 000,976,872 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/11/19 14:05:42 | 000,284,160 | ---- | M] (ASUSTek) -- C:\Program Files\ASUS\LivCam\LivCam.exe
PRC - [2009/11/02 02:32:42 | 000,172,050 | -HS- | M] () -- C:\Windows\System32\wuauolts.exe
PRC - [2009/10/26 14:30:00 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2009/10/16 21:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/09/29 18:28:44 | 007,744,032 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/09/11 11:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/18 17:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/07/20 17:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2009/07/14 14:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 14:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\program files\windows defender\MpCmdRun.exe
PRC - [2009/07/14 14:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/07/14 14:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe


========== Modules (SafeList) ==========

MOD - [2010/10/09 22:14:29 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\PG\Desktop\Downloads\OTL.exe
MOD - [2010/10/09 19:47:58 | 000,017,920 | -HS- | M] () -- C:\Windows\System32\iajsd.dll
MOD - [2009/07/14 14:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 14:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 14:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 14:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 14:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 14:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 14:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 14:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 14:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 14:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 14:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 14:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (MSDTC)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/08/18 17:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 14:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 14:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 14:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 14:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 14:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 14:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 14:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 14:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 14:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 14:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 14:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 14:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 14:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 14:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 14:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 14:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 14:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 14:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 14:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 14:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 14:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\PG\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/05/08 08:40:06 | 002,710,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2010/04/28 07:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/09/29 18:16:02 | 002,776,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/27 23:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/07/20 17:48:32 | 000,213,552 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/20 17:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/14 14:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 14:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 14:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 14:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 14:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 14:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 14:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 14:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 14:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 14:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 14:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 14:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 14:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 14:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 14:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 14:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 14:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 14:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 14:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 14:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 14:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 14:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 14:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 14:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 14:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 14:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 14:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 14:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 14:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 14:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 14:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 14:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 14:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 14:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 14:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 14:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 14:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 14:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 14:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 14:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 14:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 14:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 14:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 13:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 13:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 13:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 12:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 12:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 12:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 12:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 12:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 12:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 12:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 12:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 12:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 12:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 12:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 12:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 12:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 12:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 12:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 12:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 12:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 12:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 11:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 11:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 11:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 11:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 11:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 11:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 11:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 11:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 11:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/06 10:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-nz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB 31 80 AE 63 67 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/10/09 19:48:19 | 000,004,432 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 05505.cn
O1 - Hosts: 127.0.0.1 7055.net
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 155 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LivCam] C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek)
O4 - HKLM..\Run: [LiveUpdate] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SuperHybridEngine] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O27 - HKLM IFEO\360rpt.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\360Safe.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\360safebox.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\360tray.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\alogserv.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\avconsol.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\avsynmgr.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\CCenter.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\ccRegVfy.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\DSMain.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\FYFireWall.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\KavPFW.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\KAVPlus.EXE: Debugger - ntsd -d File not found
O27 - HKLM IFEO\KAVStart.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\KAVSvc.EXE: Debugger - ntsd -d File not found
O27 - HKLM IFEO\KMailMon.EXE: Debugger - ntsd -d File not found
O27 - HKLM IFEO\knownsvr.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\KPfwSvc.EXE: Debugger - ntsd -d File not found
O27 - HKLM IFEO\KPopMon.EXE: Debugger - ntsd -d File not found
O27 - HKLM IFEO\KULANSyn.EXE: Debugger - ntsd -d File not found
O27 - HKLM IFEO\KWatch.EXE: Debugger - ntsd -d File not found
O27 - HKLM IFEO\KWatchUI.EXE: Debugger - ntsd -d File not found
O27 - HKLM IFEO\Navapsvc.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\NPFMntor.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\pfw.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\ras.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\Rav.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\RavMon.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\RavMonD.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\RavTask.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\RAVTIMER.EXE: Debugger - ntsd -d File not found
O27 - HKLM IFEO\rfwmain.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\rfwsrv.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\RsMain.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\rsnetsvr.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\RsTray.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\rstry.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\rtvscan.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\safeboxTray.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\ScanFrm.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\vptray.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\vshwin32.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\vsmon.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\vsstat.exe: Debugger - ntsd -d File not found
O27 - HKLM IFEO\webscanx.exe: Debugger - ntsd -d File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 10:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/10/09 19:47:59 | 000,000,143 | -HS- | M] () - C:\AutoRun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/09 19:48:00 | 000,000,143 | -HS- | M] () - D:\AutoRun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/10/09 19:47:59 | 000,000,143 | -HS- | M] () - E:\AutoRun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/09 19:47:59 | 000,000,143 | -HS- | M] () - F:\AutoRun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/10 07:18:30 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/10/10 07:18:16 | 000,000,000 | ---D | C] -- C:\Boot
[2010/10/09 19:41:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/09 19:41:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/09 19:41:05 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Local\temp
[2010/10/09 19:26:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/09 19:26:31 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/10/09 19:10:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/09 19:10:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/09 19:10:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/09 19:10:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/09 19:10:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/09 17:40:50 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Roaming\vlc
[2010/10/09 17:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/10/09 17:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/10/09 17:24:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/10/09 17:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/10/09 17:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/10/09 17:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/10/09 17:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/10/09 17:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/09 17:20:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/10/09 17:04:02 | 000,000,000 | ---D | C] -- C:\Users\PG\Tracing
[2010/10/09 17:04:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/10/09 16:49:54 | 000,000,000 | ---D | C] -- C:\Users\PG\Desktop\Windows Loader
[2010/10/09 16:46:15 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Local\Windows Live
[2010/10/09 16:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/10/09 16:43:17 | 000,000,000 | ---D | C] -- C:\Users\PG\Desktop\Downloads
[2010/10/09 16:42:24 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Roaming\Macromedia
[2010/10/09 16:42:23 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Roaming\Adobe
[2010/10/09 16:41:16 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Local\Google
[2010/10/09 16:40:49 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Local\Deployment
[2010/10/09 16:40:49 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Local\Apps
[2010/10/09 16:36:36 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Local\ElevatedDiagnostics
[2010/10/09 16:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AzureWave
[2010/10/09 16:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installations
[2010/10/09 16:05:44 | 001,221,632 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2010/10/09 16:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2010/10/09 16:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2010/10/09 16:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver
[2010/10/09 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/10/09 15:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2010/10/09 15:55:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\Atheros_L1e
[2010/10/09 15:53:04 | 000,035,304 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\System32\AsusSender.exe
[2010/10/09 15:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\EeePC
[2010/10/09 15:51:13 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Roaming\E-Cam
[2010/10/09 15:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\E-Cam
[2010/10/09 15:50:01 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010/10/09 15:47:08 | 000,000,000 | ---D | C] -- C:\Intel
[2010/10/09 15:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/10/09 15:46:59 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Roaming\InstallShield
[2010/10/09 15:46:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010/10/09 15:45:48 | 001,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2010/10/09 15:45:48 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2010/10/09 15:45:48 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2010/10/09 15:45:48 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2010/10/09 15:45:48 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2010/10/09 15:45:47 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2010/10/09 15:45:47 | 000,347,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2010/10/09 15:45:47 | 000,306,176 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2010/10/09 15:45:47 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2010/10/09 15:45:47 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2010/10/09 15:45:47 | 000,164,864 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2010/10/09 15:45:47 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2010/10/09 15:45:47 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2010/10/09 15:45:47 | 000,059,392 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2010/10/09 15:45:46 | 000,280,576 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2010/10/09 15:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/10/09 15:45:42 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2010/10/09 15:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/10/09 15:45:05 | 000,178,688 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010/10/09 15:45:05 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010/10/09 15:45:05 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2010/10/09 15:45:05 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2010/10/09 15:44:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/10/09 15:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Avanquest software Shared
[2010/10/09 15:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\3G Connection Manager
[2010/10/09 15:44:18 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/10/09 15:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2010/10/09 15:41:53 | 000,213,552 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\drivers\SynTP.sys
[2010/10/09 15:41:53 | 000,161,064 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPAPI.dll
[2010/10/09 15:41:53 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPCo4.dll
[2010/10/09 15:41:52 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCtrl.dll
[2010/10/09 15:41:52 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCOM.dll
[2010/10/09 15:41:40 | 000,051,712 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\L1C62x86.sys
[2010/10/09 15:41:39 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2010/10/09 15:40:47 | 000,000,000 | ---D | C] -- C:\Users\PG\Desktop\Drivers for Laptop
[2010/10/09 15:29:10 | 000,000,000 | R--D | C] -- C:\Users\PG\Searches
[2010/10/09 15:29:10 | 000,000,000 | -H-D | C] -- C:\Users\PG\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/10/09 15:28:59 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Roaming\Identities
[2010/10/09 15:28:55 | 000,000,000 | R--D | C] -- C:\Users\PG\Contacts
[2010/10/09 15:28:40 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Local\VirtualStore
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\AppData\Local\Temporary Internet Files
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\Templates
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\Start Menu
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\SendTo
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\Recent
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\PrintHood
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\NetHood
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\Documents\My Videos
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\Documents\My Pictures
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\Local Settings
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\AppData\Local\History
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\Cookies
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\Application Data
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\AppData\Local\Application Data
[2010/10/09 15:28:36 | 000,000,000 | --SD | C] -- C:\Users\PG\AppData\Roaming\Microsoft
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\Videos
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\Saved Games
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\Pictures
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\Music
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\Links
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\Favorites
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\Downloads
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\My Documents
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\Desktop
[2010/10/09 15:28:36 | 000,000,000 | -HSD | C] -- C:\Users\PG\Documents\My Music
[2010/10/09 15:28:36 | 000,000,000 | -HSD | C] -- C:\Users\PG\My Documents
[2010/10/09 15:28:36 | 000,000,000 | -H-D | C] -- C:\Users\PG\AppData
[2010/10/09 15:28:36 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Local\Microsoft
[2010/10/09 15:28:36 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Roaming\Media Center Programs
[2010/10/09 15:28:17 | 000,000,000 | ---D | C] -- C:\Recovery
[2010/10/09 10:22:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/10/09 10:19:55 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/10/09 10:19:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 90 Days ==========

[2010/10/10 07:18:18 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/10/09 22:23:50 | 000,786,432 | -HS- | M] () -- C:\Users\PG\NTUSER.DAT
[2010/10/09 22:11:23 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779176046-1231755855-4256573212-1000UA.job
[2010/10/09 22:11:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/09 19:54:53 | 000,018,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/09 19:54:53 | 000,018,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/09 19:53:21 | 000,001,132 | ---- | M] () -- C:\Users\PG\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2010/10/09 19:53:21 | 000,001,108 | ---- | M] () -- C:\Users\PG\Desktop\Internet Explorer.lnk
[2010/10/09 19:52:02 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/10/09 19:52:02 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/09 19:52:02 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/09 19:48:19 | 000,004,432 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/09 19:47:59 | 000,000,143 | -HS- | M] () -- C:\Windows\System32\iajsd.sss
[2010/10/09 19:47:59 | 000,000,143 | -HS- | M] () -- C:\AutoRun.inf
[2010/10/09 19:47:58 | 000,017,920 | -HS- | M] () -- C:\Windows\System32\iajsd.dll
[2010/10/09 19:47:57 | 000,000,851 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iajsd.lnk
[2010/10/09 19:47:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/09 19:47:31 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/09 19:46:51 | 000,946,844 | -H-- | M] () -- C:\Users\PG\AppData\Local\IconCache.db
[2010/10/09 19:37:08 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/10/09 17:40:36 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/09 16:51:50 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2010/10/09 16:51:49 | 000,410,654 | RHS- | M] () -- C:\QYJWH
[2010/10/09 16:46:01 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779176046-1231755855-4256573212-1000Core.job
[2010/10/09 16:42:06 | 000,002,263 | ---- | M] () -- C:\Users\PG\Desktop\Google Chrome.lnk
[2010/10/09 16:40:50 | 000,057,560 | ---- | M] () -- C:\Users\PG\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/10/09 16:40:08 | 000,001,411 | ---- | M] () -- C:\Users\PG\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/09 16:26:03 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2010/10/09 16:23:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/09 16:00:34 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010/10/09 15:59:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/10/09 15:51:39 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\E-Cam.lnk
[2010/10/09 15:49:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/09 15:49:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/09 15:30:30 | 000,524,288 | -HS- | M] () -- C:\Users\PG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/10/09 15:30:30 | 000,524,288 | -HS- | M] () -- C:\Users\PG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/10/09 15:30:30 | 000,065,536 | -HS- | M] () -- C:\Users\PG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/10/09 15:28:37 | 000,000,020 | -HS- | M] () -- C:\Users\PG\ntuser.ini
[2010/10/09 10:25:25 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/09 10:24:01 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf

========== Files Created - No Company Name ==========

[2010/10/10 07:18:18 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010/10/10 07:18:17 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010/10/09 19:43:12 | 000,000,143 | -HS- | C] () -- C:\AutoRun.inf
[2010/10/09 19:43:05 | 000,172,050 | -HS- | C] () -- C:\Windows\System32\wuauolts.exe
[2010/10/09 19:10:50 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/09 19:10:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/09 19:10:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/09 19:10:50 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/09 19:10:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/09 17:40:36 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/09 17:38:51 | 000,001,108 | ---- | C] () -- C:\Users\PG\Desktop\Internet Explorer.lnk
[2010/10/09 16:51:50 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2010/10/09 16:51:49 | 000,410,654 | RHS- | C] () -- C:\QYJWH
[2010/10/09 16:45:57 | 000,006,144 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2010/10/09 16:42:06 | 000,002,263 | ---- | C] () -- C:\Users\PG\Desktop\Google Chrome.lnk
[2010/10/09 16:41:18 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779176046-1231755855-4256573212-1000UA.job
[2010/10/09 16:41:17 | 000,000,844 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779176046-1231755855-4256573212-1000Core.job
[2010/10/09 16:40:08 | 000,001,411 | ---- | C] () -- C:\Users\PG\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/09 16:24:36 | 000,001,132 | ---- | C] () -- C:\Users\PG\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2010/10/09 16:24:28 | 000,172,050 | -HS- | C] () -- C:\QGS.exe
[2010/10/09 16:24:26 | 000,000,143 | -HS- | C] () -- C:\Windows\System32\iajsd.sss
[2010/10/09 16:24:25 | 000,017,920 | -HS- | C] () -- C:\Windows\System32\iajsd.dll
[2010/10/09 16:24:24 | 000,172,050 | -HS- | C] () -- C:\Program Files\mosss.exe
[2010/10/09 16:24:24 | 000,000,851 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iajsd.lnk
[2010/10/09 16:23:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/09 16:05:44 | 000,293,373 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2010/10/09 16:05:44 | 000,049,563 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2010/10/09 16:03:51 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2010/10/09 16:01:55 | 000,011,448 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys
[2010/10/09 16:00:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010/10/09 15:59:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/10/09 15:53:04 | 000,219,136 | ---- | C] () -- C:\Windows\System32\AsusService.exe
[2010/10/09 15:53:04 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini
[2010/10/09 15:51:39 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\E-Cam.lnk
[2010/10/09 15:49:31 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/10/09 15:49:31 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/10/09 15:43:41 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/10/09 15:28:37 | 000,000,020 | -HS- | C] () -- C:\Users\PG\ntuser.ini
[2010/10/09 15:28:36 | 000,524,288 | -HS- | C] () -- C:\Users\PG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/10/09 15:28:36 | 000,524,288 | -HS- | C] () -- C:\Users\PG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/10/09 15:28:36 | 000,262,144 | -HS- | C] () -- C:\Users\PG\ntuser.dat.LOG1
[2010/10/09 15:28:36 | 000,065,536 | -HS- | C] () -- C:\Users\PG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/10/09 15:28:36 | 000,000,290 | ---- | C] () -- C:\Users\PG\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/09 15:28:36 | 000,000,272 | ---- | C] () -- C:\Users\PG\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/09 15:28:36 | 000,000,000 | -HS- | C] () -- C:\Users\PG\ntuser.dat.LOG2
[2010/10/09 15:28:35 | 000,786,432 | -HS- | C] () -- C:\Users\PG\NTUSER.DAT
[2010/10/09 10:19:01 | 797,532,160 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/14 12:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 12:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/10/09 15:51:13 | 000,000,000 | ---D | M] -- C:\Users\PG\AppData\Roaming\E-Cam
[2009/07/14 17:53:46 | 000,002,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/11 10:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/10/09 19:47:59 | 000,000,143 | -HS- | M] () -- C:\AutoRun.inf
[2009/07/14 14:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/10/10 07:18:18 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/10/09 19:41:03 | 000,012,078 | ---- | M] () -- C:\ComboFix.txt
[2009/06/11 10:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/09 19:47:31 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/09 16:08:18 | 000,082,952 | ---- | M] () -- C:\if.log
[2010/10/09 15:49:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/09 15:49:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/09 20:16:16 | 1358,954,496 | -HS- | M] () -- C:\pagefile.sys
[2009/11/02 02:32:42 | 000,172,050 | -HS- | M] () -- C:\QGS.exe
[2010/10/09 16:51:49 | 000,410,654 | RHS- | M] () -- C:\QYJWH
[2010/10/09 16:51:50 | 000,000,020 | RHS- | M] () -- C:\win7.ld

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-09 03:42:07

< End of report >

cwizzy
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2010-08-20
Gender : Male
OS : Windows 7 Professional 64-bit

View user profile

Back to top Go down

Re: http://i.163vv.com/ Virus?

Post by cwizzy on Sat Oct 09, 2010 9:30 am

And these are the Extras.txt results


OTL Extras logfile created on: 9/10/2010 10:23:43 p.m. - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\PG\Desktop\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1,014.00 Mb Total Physical Memory | 496.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31.38 Gb Total Space | 20.60 Gb Free Space | 65.63% Space Free | Partition Type: NTFS
Drive D: | 98.01 Gb Total Space | 93.08 Gb Free Space | 94.97% Space Free | Partition Type: FAT32
Drive E: | 98.04 Gb Total Space | 97.95 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive F: | 70.63 Gb Total Space | 70.54 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive G: | 1.88 Gb Total Space | 1.88 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive H: | 465.76 Gb Total Space | 9.42 Gb Free Space | 2.02% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: PG-PC
Current User Name: PG
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6336C0CC-BA32-4949-9D3D-C86B76147CCA}" = 3G Connection Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{75E9CAA3-B336-439D-85FB-7C7B2ACA1A16}" = LivCam
"{7D39E592-F19F-4B4F-A786-B1DF34775E0B}" = Mobile PhoneTools
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/10/2010 11:02:38 p.m. | Computer Name = PG-PC | Source = Application Error | ID = 1000
Description = Faulting application name: setup.exe_InstallShield, version: 12.0.0.58855,
time stamp: 0x46d48420 Faulting module name: ISSetup.dll, version: 12.0.0.58855,
time stamp: 0x46eef1f1 Exception code: 0xc0000005 Fault offset: 0x00096f3b Faulting
process id: 0x9d8 Faulting application start time: 0x01cb675e68159a56 Faulting application
path: C:\Users\PG\Desktop\Drivers for Laptop\Wlan-NE762H-V3_0_7_1_Win7\Install_CD\setup.exe
Faulting
module path: C:\Users\PG\Desktop\Drivers for Laptop\Wlan-NE762H-V3_0_7_1_Win7\Install_CD\ISSetup.dll
Report
Id: abfa9dce-d351-11df-8718-20cf3014e9dc

Error - 8/10/2010 11:15:38 p.m. | Computer Name = PG-PC | Source = Application Error | ID = 1000
Description = Faulting application name: setup.exe_InstallShield, version: 12.0.0.58855,
time stamp: 0x46d48420 Faulting module name: ISSetup.dll, version: 12.0.0.58855,
time stamp: 0x46eef1f1 Exception code: 0xc0000005 Fault offset: 0x00096f3b Faulting
process id: 0xe4c Faulting application start time: 0x01cb676038a2aa97 Faulting application
path: C:\Users\PG\Desktop\Drivers for Laptop\Wlan-NE762H-V3_0_7_1_Win7\Install_CD\setup.exe
Faulting
module path: C:\Users\PG\Desktop\Drivers for Laptop\Wlan-NE762H-V3_0_7_1_Win7\Install_CD\ISSetup.dll
Report
Id: 7ca43e92-d353-11df-9ad2-20cf3014e9dc

Error - 8/10/2010 11:27:16 p.m. | Computer Name = PG-PC | Source = VSS | ID = 8194
Description =

Error - 8/10/2010 11:46:24 p.m. | Computer Name = PG-PC | Source = VSS | ID = 8194
Description =

Error - 8/10/2010 11:46:57 p.m. | Computer Name = PG-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wlsetup-web.exe, version: 15.4.3502.922,
time stamp: 0x4c9afdef Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0xe58 Faulting application start time: 0x01cb67647b16d356 Faulting application path:
C:\Users\PG\Desktop\Downloads\wlsetup-web.exe Faulting module path: unknown Report
Id: dcf4a52c-d357-11df-99df-74f06da15d28

Error - 8/10/2010 11:54:13 p.m. | Computer Name = PG-PC | Source = VSS | ID = 8194
Description =

Error - 8/10/2010 11:54:38 p.m. | Computer Name = PG-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wlsetup-web.exe, version: 15.4.3502.922,
time stamp: 0x4c9afdef Faulting module name: RstrtMgr.DLL, version: 6.1.7600.16385,
time stamp: 0x4a5bdae3 Exception code: 0xc0000005 Fault offset: 0x00013298 Faulting
process id: 0xff0 Faulting application start time: 0x01cb676594d035d4 Faulting application
path: C:\Users\PG\Desktop\Downloads\wlsetup-web.exe Faulting module path: C:\Windows\system32\RstrtMgr.DLL
Report
Id: ef902fad-d358-11df-bc44-74f06da15d28

Error - 8/10/2010 11:55:50 p.m. | Computer Name = PG-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wlsetup-web.exe, version: 15.4.3502.922,
time stamp: 0x4c9afdef Faulting module name: RstrtMgr.DLL, version: 6.1.7600.16385,
time stamp: 0x4a5bdae3 Exception code: 0xc0000005 Fault offset: 0x0001338f Faulting
process id: 0xe5c Faulting application start time: 0x01cb6765b84494c8 Faulting application
path: C:\Users\PG\Desktop\Downloads\wlsetup-web.exe Faulting module path: C:\Windows\system32\RstrtMgr.DLL
Report
Id: 1acf4fc7-d359-11df-bc44-74f06da15d28

Error - 9/10/2010 12:13:51 a.m. | Computer Name = PG-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wlsetup-web (1).exe, version: 15.4.3502.922,
time stamp: 0x4c9afdef Faulting module name: RstrtMgr.DLL, version: 6.1.7600.16385,
time stamp: 0x4a5bdae3 Exception code: 0xc0000005 Fault offset: 0x00013298 Faulting
process id: 0xaa8 Faulting application start time: 0x01cb67684a1654d0 Faulting application
path: C:\Users\PG\Desktop\Downloads\wlsetup-web (1).exe Faulting module path: C:\Windows\system32\RstrtMgr.DLL
Report
Id: 9e8d2ce7-d35b-11df-bc44-74f06da15d28

Error - 9/10/2010 5:18:13 a.m. | Computer Name = PG-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.14.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: dcc Start Time:
01cb6792620882e0 Termination Time: 40 Application Path: C:\Users\PG\Desktop\Downloads\OTL.exe

Report
Id:

[ System Events ]
Error - 9/10/2010 2:37:00 a.m. | Computer Name = PG-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 9/10/2010 2:43:25 a.m. | Computer Name = PG-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/10/2010 2:47:44 a.m. | Computer Name = PG-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/10/2010 2:47:46 a.m. | Computer Name = PG-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/10/2010 2:47:48 a.m. | Computer Name = PG-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/10/2010 2:47:48 a.m. | Computer Name = PG-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 9/10/2010 2:47:56 a.m. | Computer Name = PG-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/10/2010 2:47:56 a.m. | Computer Name = PG-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/10/2010 2:48:00 a.m. | Computer Name = PG-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/10/2010 5:11:11 a.m. | Computer Name = PG-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.


< End of report >

cwizzy
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2010-08-20
Gender : Male
OS : Windows 7 Professional 64-bit

View user profile

Back to top Go down

Re: http://i.163vv.com/ Virus?

Post by TheAvatar on Sat Oct 09, 2010 9:47 am

Hi cwizzy,

I see you have previously ran Combofix before, please download a fresh copy following the following:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]







* IMPORTANT !!! Save Combo-Fix.exe to your Desktop



  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this [You must be registered and logged in to see this link.] for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.


  • Double click on Combo-Fix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.


- The Avatar
If I have helped you, please consider donating to [You must be registered and logged in to see this link.]

GeekPolice.net [You must be registered and logged in to see this link.]    [You must be registered and logged in to see this link.]

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

TheAvatar
Intermediate
Intermediate

Status :
Online
Offline

Posts : 137
Joined : 2010-10-02
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: http://i.163vv.com/ Virus?

Post by cwizzy on Sat Oct 09, 2010 10:13 am

Hi, here is the result


ComboFix 10-10-08.01 - PG 09/10/2010 22:52:22.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.64.1033.18.1014.513 [GMT 13:00]
Running from: c:\users\PG\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\windows\system32\wuauolts.exe
D:\Autorun.inf
E:\Autorun.inf
F:\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2010-09-09 to 2010-10-09 )))))))))))))))))))))))))))))))
.

2010-10-09 18:18 . 2010-10-09 02:28 -------- d-----w- c:\windows\Panther
2010-10-09 18:18 . 2010-10-09 18:18 -------- d-----w- C:\Boot
2010-10-09 10:03 . 2010-10-09 10:03 -------- d-----w- c:\users\PG\AppData\Local\temp
2010-10-09 10:03 . 2010-10-09 10:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-09 10:03 . 2010-10-09 10:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-09 09:50 . 2010-10-09 09:50 -------- d-----w- C:\32788R22FWJFW
2010-10-09 05:14 . 2009-07-14 01:14 301568 ------w- c:\windows\system32\kdcsvo.dll
2010-10-09 04:40 . 2010-10-09 05:43 -------- d-----w- c:\users\PG\AppData\Roaming\vlc
2010-10-09 04:40 . 2010-10-09 04:40 -------- d-----w- c:\program files\VideoLAN
2010-10-09 04:24 . 2010-10-09 04:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-09 04:24 . 2010-10-09 04:24 -------- dc----w- c:\windows\system32\DRVSTORE
2010-10-09 04:24 . 2010-04-27 18:44 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-09 04:24 . 2010-10-09 04:24 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-10-09 04:23 . 2006-11-29 00:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-09 04:22 . 2010-10-09 04:22 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-09 04:21 . 2010-10-09 04:21 -------- d-----w- c:\program files\Microsoft
2010-10-09 04:21 . 2010-10-09 04:21 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-10-09 04:21 . 2010-10-09 04:24 -------- d-----w- c:\program files\Windows Live
2010-10-09 04:20 . 2010-10-09 04:20 -------- d-----w- c:\windows\PCHEALTH
2010-10-09 04:10 . 2010-05-21 01:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-09 04:04 . 2010-10-09 09:58 -------- d-----w- c:\users\PG\Tracing
2010-10-09 03:46 . 2010-10-09 03:46 -------- d-----w- c:\users\PG\AppData\Local\Windows Live
2010-10-09 03:46 . 2010-10-09 03:46 -------- d-----w- c:\program files\Common Files\Windows Live
2010-10-09 03:45 . 1999-03-05 15:38 6144 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-10-09 03:41 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-10-09 03:41 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-10-09 03:41 . 2010-10-09 03:42 -------- d-----w- c:\users\PG\AppData\Local\Google
2010-10-09 03:40 . 2010-10-09 03:40 57560 ----a-w- c:\users\PG\AppData\Local\GDIPFONTCACHEV1.DAT
2010-10-09 03:40 . 2010-10-09 03:41 -------- d-----w- c:\users\PG\AppData\Local\Deployment
2010-10-09 03:40 . 2010-10-09 03:40 -------- d-----w- c:\users\PG\AppData\Local\Apps
2010-10-09 03:36 . 2010-10-09 03:36 -------- d-----w- c:\users\PG\AppData\Local\ElevatedDiagnostics
2010-10-09 03:27 . 2010-05-07 19:39 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-10-09 03:27 . 2010-05-07 19:39 91448 ----a-w- c:\programdata\AzureWave\Broadcom Wireless Network Adapter\bcmwlcoi.dll
2010-10-09 03:27 . 2009-07-17 00:19 10752 ----a-w- c:\programdata\AzureWave\Broadcom Wireless Network Adapter\Tool\DIFxCmd.exe
2010-10-09 03:27 . 2009-04-15 09:32 55808 ----a-w- c:\programdata\AzureWave\Broadcom Wireless Network Adapter\Tool\devcon.exe
2010-10-09 03:27 . 2006-11-01 18:21 319456 ----a-w- c:\programdata\AzureWave\Broadcom Wireless Network Adapter\Tool\DIFxAPI.dll
2010-10-09 03:27 . 2010-05-07 19:40 2710592 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-10-09 03:27 . 2010-05-07 19:40 2710592 ----a-w- c:\programdata\AzureWave\Broadcom Wireless Network Adapter\bcmwl6.sys
2010-10-09 03:27 . 2010-05-07 19:39 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-10-09 03:27 . 2010-05-07 19:39 3866624 ----a-w- c:\programdata\AzureWave\Broadcom Wireless Network Adapter\bcmihvsrv.dll
2010-10-09 03:27 . 2010-05-07 19:39 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2010-10-09 03:27 . 2010-05-07 19:39 3555328 ----a-w- c:\programdata\AzureWave\Broadcom Wireless Network Adapter\bcmihvui.dll
2010-10-09 03:26 . 2010-10-09 03:27 -------- d-----w- c:\programdata\AzureWave
2010-10-09 03:24 . 2009-11-01 13:32 172050 --sh--w- C:\QGS.exe
2010-10-09 03:24 . 2010-10-09 06:47 17920 --sh--w- c:\windows\system32\iajsd.dll
2010-10-09 03:24 . 2009-11-01 13:32 172050 --sh--w- c:\program files\mosss.exe
2010-10-09 03:07 . 2010-10-09 03:07 -------- d-----w- c:\program files\Downloaded Installations
2010-10-09 03:05 . 2010-10-09 03:05 -------- d-----w- c:\program files\Atheros
2010-10-09 03:05 . 2009-10-04 20:31 1221632 ----a-w- c:\windows\system32\athr.sys
2010-10-09 03:04 . 2010-10-09 03:04 -------- d-----w- c:\programdata\Atheros
2010-10-09 03:03 . 2009-09-11 00:19 221184 ----a-w- c:\programdata\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaCoInst.dll
2010-10-09 03:03 . 2009-09-11 00:19 13931 ----a-w- c:\windows\system32\RaCoInst.dat
2010-10-09 03:03 . 2010-10-09 03:03 -------- d-----w- c:\programdata\Ralink Driver
2010-10-09 03:03 . 2009-09-11 00:20 626688 ----a-w- c:\programdata\Ralink Driver\RT2860 Wireless LAN Card\Driver\netr28.sys
2010-10-09 03:03 . 2008-09-14 04:35 313856 ----a-w- c:\programdata\Ralink Driver\RT2860 Wireless LAN Card\Driver\difxapi.dll
2010-10-09 03:03 . 2008-08-06 03:31 528384 ----a-w- c:\programdata\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaInst.exe
2010-10-09 03:03 . 2007-05-16 22:17 192512 ----a-w- c:\programdata\Ralink Driver\RT2860 Wireless LAN Card\Driver\CoInstaller.dll
2010-10-09 03:01 . 2009-07-05 21:48 11448 ----a-w- c:\windows\system32\drivers\AsUpIO.sys
2010-10-09 02:59 . 2010-10-09 02:59 -------- d-----w- c:\program files\Synaptics
2010-10-09 02:57 . 2010-10-09 03:09 -------- d-----w- c:\program files\ASUS
2010-10-09 02:55 . 2010-10-09 02:55 -------- d-----w- c:\windows\system32\Atheros_L1e
2010-10-09 02:53 . 2010-05-24 03:47 35304 ----a-w- c:\windows\system32\AsusSender.exe
2010-10-09 02:53 . 2009-08-18 04:35 219136 ----a-w- c:\windows\system32\AsusService.exe
2010-10-09 02:53 . 2010-10-09 02:58 -------- d-----w- c:\program files\EeePC
2010-10-09 02:51 . 2010-10-09 02:51 -------- d-----w- c:\users\PG\AppData\Roaming\E-Cam
2010-10-09 02:51 . 2010-10-09 02:51 -------- d-----w- c:\program files\E-Cam
2010-10-09 02:50 . 2009-08-26 10:04 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-10-09 02:47 . 2010-10-09 02:47 -------- d-----w- C:\Intel
2010-10-09 02:47 . 2009-06-04 05:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-10-09 02:47 . 2010-10-09 02:50 -------- d-----w- c:\program files\Intel
2010-10-09 02:46 . 2010-10-09 02:46 -------- d-----w- c:\users\PG\AppData\Roaming\InstallShield
2010-10-09 02:46 . 2010-10-09 02:46 -------- d-----w- c:\windows\system32\RTCOM
2010-10-09 02:44 . 2010-10-09 04:24 -------- d-sh--w- c:\windows\Installer
2010-10-09 02:44 . 2010-10-09 02:44 -------- d-----w- c:\program files\Common Files\Avanquest software Shared
2010-10-09 02:44 . 2010-10-09 02:44 -------- d-----w- c:\program files\3G Connection Manager
2010-10-09 02:44 . 2010-10-09 03:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-10-09 02:44 . 2010-10-09 02:44 -------- d-----w- c:\programdata\BVRP Software
2010-10-09 02:42 . 2010-10-09 06:52 -------- d-----w- c:\windows\system32\wbem\Performance
2010-10-09 02:41 . 2009-07-20 04:48 213552 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-10-09 02:41 . 2009-07-20 04:47 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-10-09 02:41 . 2009-07-20 04:47 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-10-09 02:41 . 2008-07-07 21:55 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-10-09 02:41 . 2009-07-20 04:47 206120 ----a-w- c:\windows\system32\SynCtrl.dll
2010-10-09 02:41 . 2009-07-20 04:46 169256 ----a-w- c:\windows\system32\SynCOM.dll
2010-10-09 02:41 . 2009-08-06 20:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-10-09 02:41 . 2009-07-27 10:06 51712 ----a-w- c:\windows\system32\drivers\L1C62x86.sys
2010-10-09 02:41 . 2009-07-20 04:29 13880 ----a-w- c:\windows\system32\drivers\kbfiltr.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-09 03:23 . 2010-10-09 03:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-10-09 03:01 . 2010-10-09 02:45 -------- d-----w- c:\program files\Common Files\InstallShield
2010-10-09 03:00 . 2010-10-09 03:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-10-09 02:59 . 2010-10-09 02:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-10-09 02:46 . 2010-10-09 02:45 -------- d--h--w- c:\program files\Temp
2010-10-09 02:45 . 2010-10-09 02:45 -------- d-----w- c:\program files\Realtek
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\PG\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-09 136176]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"HotkeyMon"="AsusSender.exe" [2010-05-24 35304]
"HotkeyService"="AsusSender.exe" [2010-05-24 35304]
"LivCam"="c:\program files\ASUS\LivCam\LivCam.exe" [2009-11-19 284160]
"SuperHybridEngine"="AsusSender.exe" [2010-05-24 35304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"LiveUpdate"="AsusSender.exe" [2010-05-24 35304]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-18 219136]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-05 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]

.
Contents of the 'Scheduled Tasks' folder

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1779176046-1231755855-4256573212-1000Core.job
- c:\users\PG\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 03:41]

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1779176046-1231755855-4256573212-1000UA.job
- c:\users\PG\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 03:41]
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-09 23:11:39
ComboFix-quarantined-files.txt 2010-10-09 10:11
ComboFix2.txt 2010-10-09 06:41
ComboFix3.txt 2010-10-09 06:24

Pre-Run: 22,088,425,472 bytes free
Post-Run: 21,911,777,280 bytes free

- - End Of File - - B0010DD0C1BDA029CEB28C7A115F8EC4

cwizzy
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2010-08-20
Gender : Male
OS : Windows 7 Professional 64-bit

View user profile

Back to top Go down

Re: http://i.163vv.com/ Virus?

Post by TheAvatar on Sat Oct 09, 2010 10:26 am

Hi cwizzy,

We have a bit of work to do here, your computer is in a mess. I am confident we can get it running top notch again though. Please do the following:


Step 1:

Run OTL.exe
  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    PRC - [2009/11/02 02:32:42 | 000,172,050 | -HS- | M] () -- C:\Windows\System32\wuauolts.exe
    MOD - [2010/10/09 19:47:58 | 000,017,920 | -HS- | M] () -- C:\Windows\System32\iajsd.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O27 - HKLM IFEO\360rpt.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\360Safe.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\360safebox.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\360tray.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\alogserv.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\avconsol.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\avsynmgr.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\CCenter.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\ccRegVfy.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\DSMain.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\FYFireWall.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\KavPFW.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\KAVPlus.EXE: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\KAVStart.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\KAVSvc.EXE: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\KMailMon.EXE: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\knownsvr.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\KPfwSvc.EXE: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\KPopMon.EXE: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\KULANSyn.EXE: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\KWatch.EXE: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\KWatchUI.EXE: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\Navapsvc.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\NPFMntor.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\pfw.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\ras.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\Rav.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\RavMon.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\RavMonD.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\RavTask.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\RAVTIMER.EXE: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\rfwmain.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\rfwsrv.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\RsMain.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\rsnetsvr.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\RsTray.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\rstry.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\rtvscan.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\safeboxTray.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\ScanFrm.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\vptray.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\vshwin32.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\vsmon.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\vsstat.exe: Debugger - ntsd -d File not found
    O27 - HKLM IFEO\webscanx.exe: Debugger - ntsd -d File not found
    O32 - AutoRun File - [2010/10/09 19:47:59 | 000,000,143 | -HS- | M] () - C:\AutoRun.inf -- [ NTFS ]
    O32 - AutoRun File - [2010/10/09 19:48:00 | 000,000,143 | -HS- | M] () - D:\AutoRun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2010/10/09 19:47:59 | 000,000,143 | -HS- | M] () - E:\AutoRun.inf -- [ NTFS ]
    O32 - AutoRun File - [2010/10/09 19:47:59 | 000,000,143 | -HS- | M] () - F:\AutoRun.inf -- [ NTFS ]
    [2010/10/09 16:51:49 | 000,410,654 | RHS- | C] () -- C:\QYJWH
    [2010/10/09 16:24:26 | 000,000,143 | -HS- | C] () -- C:\Windows\System32\iajsd.sss
    [2010/10/09 16:24:24 | 000,000,851 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iajsd.lnk
    [2010/10/09 16:24:36 | 000,001,132 | ---- | C] () -- C:\Users\PG\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk


    :Files
    C:\QGS.exe
    c:\windows\system32\iajsd.dll


    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [resethosts]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • After rebooting, please post the OTL you are presented with on startup.




Step 2:

Please download [You must be registered and logged in to see this link.].

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full Scan, then click Scan.
    The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.



In your next reply please include:
  • The log from OTL.
  • The MBAM log.


Thanks.


- The Avatar
If I have helped you, please consider donating to [You must be registered and logged in to see this link.]

GeekPolice.net [You must be registered and logged in to see this link.]    [You must be registered and logged in to see this link.]

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

TheAvatar
Intermediate
Intermediate

Status :
Online
Offline

Posts : 137
Joined : 2010-10-02
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: http://i.163vv.com/ Virus?

Post by cwizzy on Sat Oct 09, 2010 10:39 am

All processes killed
========== OTL ==========
No active process named wuauolts.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccRegVfy.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DSMain.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KavPFW.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPlus.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSvc.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knownsvr.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPopMon.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KULANSyn.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchUI.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfw.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVTIMER.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsMain.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstry.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe\ not found.
File C:\AutoRun.inf not found.
File D:\AutoRun.inf not found.
File E:\AutoRun.inf not found.
File F:\AutoRun.inf not found.
C:\QYJWH moved successfully.
C:\Windows\System32\iajsd.sss moved successfully.
File move failed. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iajsd.lnk scheduled to be moved on reboot.
C:\Users\PG\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk moved successfully.
========== FILES ==========
C:\QGS.exe moved successfully.
c:\windows\system32\iajsd.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: PG
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 379898 bytes
->Google Chrome cache emptied: 62904772 bytes
->Flash cache emptied: 1626 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 60.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: PG
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.14.1 log created on 10092010_233209

Files\Folders moved on Reboot...
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iajsd.lnk moved successfully.

Registry entries deleted on Reboot...

cwizzy
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2010-08-20
Gender : Male
OS : Windows 7 Professional 64-bit

View user profile

Back to top Go down

Re: http://i.163vv.com/ Virus?

Post by cwizzy on Sat Oct 09, 2010 11:29 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4784

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/10/2010 12:27:56 a.m.
mbam-log-2010-10-10 (00-27-56).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 184098
Time elapsed: 43 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\PG\Desktop\Downloads\Big project.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Users\PG\Desktop\Downloads\Essays.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Users\PG\Desktop\Downloads\Library Website.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Users\PG\Desktop\Downloads\Muuusic.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Program Files\mosss.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\wuauolts.exe.vir (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\10092010_233209\C_\QGS.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
D:\QGS.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\QGS.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
F:\QGS.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

cwizzy
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2010-08-20
Gender : Male
OS : Windows 7 Professional 64-bit

View user profile

Back to top Go down

Re: http://i.163vv.com/ Virus?

Post by TheAvatar on Sat Oct 09, 2010 12:47 pm

Hi cwizzy,

Things are looking better, I am sure it is starting to feel it. We still have some important scans to do. Please do the following:


Step 1:

It can be updated by the Java control panel
  • click on Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
  • An update should begin.
  • Just follow the prompts.



Step 2:

Using Internet Explorer or Firefox, visit [You must be registered and logged in to see this link.]

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click [You must be registered and logged in to see this link.] to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.




  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply




In your next reply please include:
  • The Kaspersky log.
  • A fresh log from OTL (open and click "quick scan")
  • How is your machine running now?


Thanks.


- The Avatar
If I have helped you, please consider donating to [You must be registered and logged in to see this link.]

GeekPolice.net [You must be registered and logged in to see this link.]    [You must be registered and logged in to see this link.]

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

TheAvatar
Intermediate
Intermediate

Status :
Online
Offline

Posts : 137
Joined : 2010-10-02
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: http://i.163vv.com/ Virus?

Post by cwizzy on Sat Oct 09, 2010 9:10 pm

Here is the Kasreport


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, October 10, 2010
Operating system: Microsoft Professional (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 09, 2010 08:16:29
Records in database: 4230446
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 60079
Threats found: 3
Infected objects found: 27
Suspicious objects found: 0
Scan duration: 02:22:22


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\AutoRun.inf.vir Infected: Trojan.Win32.AutoRun.wn 1
C:\Qoobox\Quarantine\D\AutoRun.inf.vir Infected: Trojan.Win32.AutoRun.wn 1
C:\Qoobox\Quarantine\D\av1.zip Infected: Trojan.Win32.AutoRun.wn 1
C:\Qoobox\Quarantine\D\av2.zip Infected: Trojan.Win32.AutoRun.wn 1
C:\Qoobox\Quarantine\E\AutoRun.inf.vir Infected: Trojan.Win32.AutoRun.wn 1
C:\Qoobox\Quarantine\E\av1.zip Infected: Trojan.Win32.AutoRun.wn 1
C:\Qoobox\Quarantine\E\av2.zip Infected: Trojan.Win32.AutoRun.wn 1
C:\Qoobox\Quarantine\F\AutoRun.inf.vir Infected: Trojan.Win32.AutoRun.wn 1
C:\Qoobox\Quarantine\F\av1.zip Infected: Trojan.Win32.AutoRun.wn 1
C:\Qoobox\Quarantine\F\av2.zip Infected: Trojan.Win32.AutoRun.wn 1
C:\_OTL\MovedFiles\10092010_233209\C_Windows\System32\iajsd.dll Infected: not-a-virus:Monitor.Win32.ActualSpy.27 1
C:\_OTL\MovedFiles\10092010_233209\C_Windows\System32\iajsd.sss Infected: Trojan.Win32.AutoRun.wn 1
D:\System Volume Information\_restore{D9350BC7-2916-4898-9A8A-328405A8DFAE}\RP12\A0003060.exe Infected: Virus.Win32.Kate.b 1
D:\System Volume Information\_restore{D9350BC7-2916-4898-9A8A-328405A8DFAE}\RP19\A0008724.exe Infected: Virus.Win32.Kate.b 1
D:\System Volume Information\_restore{D9350BC7-2916-4898-9A8A-328405A8DFAE}\RP19\A0008725.inf Infected: Trojan.Win32.AutoRun.wn 1
D:\System Volume Information\_restore{D9350BC7-2916-4898-9A8A-328405A8DFAE}\RP19\A0008834.exe Infected: Virus.Win32.Kate.b 1
D:\System Volume Information\_restore{D9350BC7-2916-4898-9A8A-328405A8DFAE}\RP19\A0008835.inf Infected: Trojan.Win32.AutoRun.wn 1
D:\System Volume Information\_restore{D9350BC7-2916-4898-9A8A-328405A8DFAE}\RP20\A0008873.exe Infected: Virus.Win32.Kate.b 1
D:\System Volume Information\_restore{D9350BC7-2916-4898-9A8A-328405A8DFAE}\RP20\A0008874.inf Infected: Trojan.Win32.AutoRun.wn 1
D:\System Volume Information\_restore{D9350BC7-2916-4898-9A8A-328405A8DFAE}\RP20\A0008983.exe Infected: Virus.Win32.Kate.b 1
D:\System Volume Information\_restore{D9350BC7-2916-4898-9A8A-328405A8DFAE}\RP20\A0008984.inf Infected: Trojan.Win32.AutoRun.wn 1
D:\System Volume Information\_restore{D9350BC7-2916-4898-9A8A-328405A8DFAE}\RP20\A0009983.exe Infected: Virus.Win32.Kate.b 1
D:\System Volume Information\_restore{D9350BC7-2916-4898-9A8A-328405A8DFAE}\RP20\A0009984.inf Infected: Trojan.Win32.AutoRun.wn 1
D:\System Volume Information\_restore{D9350BC7-2916-4898-9A8A-328405A8DFAE}\RP20\A0010983.exe Infected: Virus.Win32.Kate.b 1
D:\System Volume Information\_restore{D9350BC7-2916-4898-9A8A-328405A8DFAE}\RP20\A0010984.inf Infected: Trojan.Win32.AutoRun.wn 1
D:\System Volume Information\_restore{D9350BC7-2916-4898-9A8A-328405A8DFAE}\RP20\A0011983.exe Infected: Virus.Win32.Kate.b 1
D:\System Volume Information\_restore{D9350BC7-2916-4898-9A8A-328405A8DFAE}\RP20\A0011984.inf Infected: Trojan.Win32.AutoRun.wn 1

Selected area has been scanned.


and the OTL


OTL logfile created on: 10/10/2010 10:07:03 a.m. - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\PG\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1,014.00 Mb Total Physical Memory | 479.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 36.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31.38 Gb Total Space | 20.59 Gb Free Space | 65.59% Space Free | Partition Type: NTFS
Drive D: | 98.01 Gb Total Space | 93.08 Gb Free Space | 94.97% Space Free | Partition Type: FAT32
Drive E: | 98.04 Gb Total Space | 97.95 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive F: | 70.63 Gb Total Space | 70.54 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive G: | 1.88 Gb Total Space | 1.88 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive H: | 465.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: PG-PC
Current User Name: PG
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/10 02:13:13 | 000,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Users\PG\AppData\Local\temp\jkos-PG\binaries\ScanningProcess.exe
PRC - [2010/10/10 02:08:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2010/10/10 02:08:34 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2010/10/10 00:21:06 | 002,985,328 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2010/10/09 22:14:29 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\PG\Desktop\OTL.exe
PRC - [2010/09/21 18:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Users\PG\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/06/11 21:56:42 | 000,976,872 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2010/04/16 19:55:32 | 000,223,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/11/19 14:05:42 | 000,284,160 | ---- | M] (ASUSTek) -- C:\Program Files\ASUS\LivCam\LivCam.exe
PRC - [2009/10/26 14:30:00 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2009/10/16 21:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/09/29 18:28:44 | 007,744,032 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/09/11 11:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/18 17:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/07/20 17:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2009/07/14 14:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 14:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/07/14 14:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 14:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe


========== Modules (SafeList) ==========

MOD - [2010/10/09 22:14:29 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\PG\Desktop\OTL.exe
MOD - [2009/07/14 14:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 14:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 14:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 14:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 14:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 14:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 14:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 14:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 14:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 14:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 14:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 14:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/08/18 17:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 14:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 14:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 14:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 14:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 14:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 14:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 14:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 14:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 14:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 14:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 14:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 14:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 14:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 14:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 14:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 14:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 14:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 14:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 14:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 14:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 14:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\PG\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/05/08 08:40:06 | 002,710,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2010/04/28 07:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/09/29 18:16:02 | 002,776,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/27 23:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/07/20 17:48:32 | 000,213,552 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/20 17:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/14 14:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 14:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 14:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 14:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 14:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 14:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 14:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 14:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 14:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 14:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 14:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 14:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 14:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 14:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 14:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 14:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 14:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 14:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 14:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 14:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 14:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 14:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 14:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 14:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 14:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 14:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 14:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 14:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 14:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 14:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 14:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 14:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 14:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 14:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 14:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 14:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 14:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 14:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 14:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 14:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 14:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 14:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 14:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 13:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 13:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 13:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 12:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 12:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 12:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 12:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 12:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 12:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 12:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 12:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 12:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 12:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 12:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 12:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 12:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 12:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 12:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 12:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 12:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 12:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 11:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 11:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 11:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 11:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 11:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 11:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 11:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 11:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 11:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/06 10:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-nz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 86 86 61 B3 67 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



Hosts file not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LivCam] C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek)
O4 - HKLM..\Run: [LiveUpdate] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SuperHybridEngine] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 10:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/10 07:18:30 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/10/10 07:18:16 | 000,000,000 | ---D | C] -- C:\Boot
[2010/10/10 02:11:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/10 02:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/10 02:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/10 02:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/10 01:28:18 | 000,000,000 | ---D | C] -- C:\Users\PG\Desktop\Pictures
[2010/10/10 00:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/10/10 00:20:49 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Roaming\BitTorrent
[2010/10/10 00:11:58 | 000,000,000 | ---D | C] -- C:\Users\PG\Desktop\Trapped In The Closet
[2010/10/09 23:42:45 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Roaming\Malwarebytes
[2010/10/09 23:42:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/09 23:42:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/09 23:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/09 23:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/09 23:41:57 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\PG\Desktop\mbam-setup-1.46.exe
[2010/10/09 23:32:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/09 23:12:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/09 23:11:55 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Local\temp
[2010/10/09 23:03:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/09 22:50:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/09 22:50:13 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/10/09 22:14:11 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\PG\Desktop\OTL.exe
[2010/10/09 19:10:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/09 19:10:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/09 19:10:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/09 19:10:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/09 19:10:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/09 17:40:50 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Roaming\vlc
[2010/10/09 17:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/10/09 17:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/10/09 17:24:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/10/09 17:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/10/09 17:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/10/09 17:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/10/09 17:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/10/09 17:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/09 17:20:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/10/09 17:04:02 | 000,000,000 | ---D | C] -- C:\Users\PG\Tracing
[2010/10/09 17:04:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/10/09 16:49:54 | 000,000,000 | ---D | C] -- C:\Users\PG\Desktop\Windows Loader
[2010/10/09 16:46:15 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Local\Windows Live
[2010/10/09 16:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/10/09 16:43:17 | 000,000,000 | ---D | C] -- C:\Users\PG\Desktop\Downloads
[2010/10/09 16:42:24 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Roaming\Macromedia
[2010/10/09 16:42:23 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Roaming\Adobe
[2010/10/09 16:41:16 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Local\Google
[2010/10/09 16:40:49 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Local\Deployment
[2010/10/09 16:40:49 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Local\Apps
[2010/10/09 16:36:36 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Local\ElevatedDiagnostics
[2010/10/09 16:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AzureWave
[2010/10/09 16:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installations
[2010/10/09 16:05:44 | 001,221,632 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2010/10/09 16:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2010/10/09 16:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2010/10/09 16:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver
[2010/10/09 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/10/09 15:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2010/10/09 15:55:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\Atheros_L1e
[2010/10/09 15:53:04 | 000,035,304 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\System32\AsusSender.exe
[2010/10/09 15:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\EeePC
[2010/10/09 15:51:13 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Roaming\E-Cam
[2010/10/09 15:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\E-Cam
[2010/10/09 15:50:01 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010/10/09 15:47:08 | 000,000,000 | ---D | C] -- C:\Intel
[2010/10/09 15:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/10/09 15:46:59 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Roaming\InstallShield
[2010/10/09 15:46:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010/10/09 15:45:48 | 001,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2010/10/09 15:45:48 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2010/10/09 15:45:48 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2010/10/09 15:45:48 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2010/10/09 15:45:48 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2010/10/09 15:45:47 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2010/10/09 15:45:47 | 000,347,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2010/10/09 15:45:47 | 000,306,176 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2010/10/09 15:45:47 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2010/10/09 15:45:47 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2010/10/09 15:45:47 | 000,164,864 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2010/10/09 15:45:47 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2010/10/09 15:45:47 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2010/10/09 15:45:47 | 000,059,392 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2010/10/09 15:45:46 | 000,280,576 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2010/10/09 15:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/10/09 15:45:42 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2010/10/09 15:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/10/09 15:45:05 | 000,178,688 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010/10/09 15:45:05 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010/10/09 15:45:05 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2010/10/09 15:45:05 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2010/10/09 15:44:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/10/09 15:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Avanquest software Shared
[2010/10/09 15:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\3G Connection Manager
[2010/10/09 15:44:18 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/10/09 15:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2010/10/09 15:41:53 | 000,213,552 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\drivers\SynTP.sys
[2010/10/09 15:41:53 | 000,161,064 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPAPI.dll
[2010/10/09 15:41:53 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPCo4.dll
[2010/10/09 15:41:52 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCtrl.dll
[2010/10/09 15:41:52 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCOM.dll
[2010/10/09 15:41:40 | 000,051,712 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\L1C62x86.sys
[2010/10/09 15:41:39 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2010/10/09 15:40:47 | 000,000,000 | ---D | C] -- C:\Users\PG\Desktop\Drivers for Laptop
[2010/10/09 15:29:10 | 000,000,000 | R--D | C] -- C:\Users\PG\Searches
[2010/10/09 15:29:10 | 000,000,000 | -H-D | C] -- C:\Users\PG\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/10/09 15:28:59 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Roaming\Identities
[2010/10/09 15:28:55 | 000,000,000 | R--D | C] -- C:\Users\PG\Contacts
[2010/10/09 15:28:40 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Local\VirtualStore
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\AppData\Local\Temporary Internet Files
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\Templates
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\Start Menu
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\SendTo
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\Recent
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\PrintHood
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\NetHood
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\Documents\My Videos
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\Documents\My Pictures
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\Local Settings
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\AppData\Local\History
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\Cookies
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\Application Data
[2010/10/09 15:28:37 | 000,000,000 | -HSD | C] -- C:\Users\PG\AppData\Local\Application Data
[2010/10/09 15:28:36 | 000,000,000 | --SD | C] -- C:\Users\PG\AppData\Roaming\Microsoft
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\Videos
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\Saved Games
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\Pictures
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\Music
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\Links
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\Favorites
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\Downloads
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\My Documents
[2010/10/09 15:28:36 | 000,000,000 | R--D | C] -- C:\Users\PG\Desktop
[2010/10/09 15:28:36 | 000,000,000 | -HSD | C] -- C:\Users\PG\Documents\My Music
[2010/10/09 15:28:36 | 000,000,000 | -HSD | C] -- C:\Users\PG\My Documents
[2010/10/09 15:28:36 | 000,000,000 | -H-D | C] -- C:\Users\PG\AppData
[2010/10/09 15:28:36 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Local\Microsoft
[2010/10/09 15:28:36 | 000,000,000 | ---D | C] -- C:\Users\PG\AppData\Roaming\Media Center Programs
[2010/10/09 15:28:17 | 000,000,000 | ---D | C] -- C:\Recovery
[2010/10/09 10:22:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/10/09 10:19:55 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/10/09 10:19:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 90 Days ==========

[2010/10/10 10:09:05 | 000,786,432 | -HS- | M] () -- C:\Users\PG\NTUSER.DAT
[2010/10/10 10:02:44 | 000,018,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/10 10:02:44 | 000,018,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/10 09:46:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779176046-1231755855-4256573212-1000UA.job
[2010/10/10 07:18:18 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/10/10 00:34:42 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/10/10 00:34:42 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/10 00:34:42 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/10 00:30:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/10 00:30:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/10 00:30:00 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/10 00:29:19 | 001,412,898 | -H-- | M] () -- C:\Users\PG\AppData\Local\IconCache.db
[2010/10/10 00:21:06 | 000,000,961 | ---- | M] () -- C:\Users\PG\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2010/10/10 00:21:06 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2010/10/09 23:42:40 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/09 23:42:05 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\PG\Desktop\mbam-setup-1.46.exe
[2010/10/09 23:04:21 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/10/09 22:48:24 | 003,876,009 | R--- | M] () -- C:\Users\PG\Desktop\Combo-Fix.exe
[2010/10/09 22:14:29 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\PG\Desktop\OTL.exe
[2010/10/09 17:40:36 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/09 16:51:50 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2010/10/09 16:46:01 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779176046-1231755855-4256573212-1000Core.job
[2010/10/09 16:42:06 | 000,002,263 | ---- | M] () -- C:\Users\PG\Desktop\Google Chrome.lnk
[2010/10/09 16:40:50 | 000,057,560 | ---- | M] () -- C:\Users\PG\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/10/09 16:40:08 | 000,001,411 | ---- | M] () -- C:\Users\PG\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/09 16:26:03 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2010/10/09 16:23:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/09 16:00:34 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010/10/09 15:59:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/10/09 15:51:39 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\E-Cam.lnk
[2010/10/09 15:49:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/09 15:49:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/09 15:30:30 | 000,524,288 | -HS- | M] () -- C:\Users\PG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/10/09 15:30:30 | 000,524,288 | -HS- | M] () -- C:\Users\PG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/10/09 15:30:30 | 000,065,536 | -HS- | M] () -- C:\Users\PG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/10/09 15:28:37 | 000,000,020 | -HS- | M] () -- C:\Users\PG\ntuser.ini
[2010/10/09 10:25:25 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/09 10:24:01 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf

========== Files Created - No Company Name ==========

[2010/10/10 07:18:18 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010/10/10 07:18:17 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010/10/10 00:21:06 | 000,000,961 | ---- | C] () -- C:\Users\PG\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2010/10/10 00:21:06 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2010/10/09 23:42:40 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/09 22:48:23 | 003,876,009 | R--- | C] () -- C:\Users\PG\Desktop\Combo-Fix.exe
[2010/10/09 19:10:50 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/09 19:10:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/09 19:10:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/09 19:10:50 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/09 19:10:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/09 17:40:36 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/09 16:51:50 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2010/10/09 16:45:57 | 000,006,144 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2010/10/09 16:42:06 | 000,002,263 | ---- | C] () -- C:\Users\PG\Desktop\Google Chrome.lnk
[2010/10/09 16:41:18 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779176046-1231755855-4256573212-1000UA.job
[2010/10/09 16:41:17 | 000,000,844 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779176046-1231755855-4256573212-1000Core.job
[2010/10/09 16:40:08 | 000,001,411 | ---- | C] () -- C:\Users\PG\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/09 16:23:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/09 16:05:44 | 000,293,373 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2010/10/09 16:05:44 | 000,049,563 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2010/10/09 16:03:51 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2010/10/09 16:01:55 | 000,011,448 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys
[2010/10/09 16:00:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010/10/09 15:59:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/10/09 15:53:04 | 000,219,136 | ---- | C] () -- C:\Windows\System32\AsusService.exe
[2010/10/09 15:53:04 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini
[2010/10/09 15:51:39 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\E-Cam.lnk
[2010/10/09 15:49:31 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/10/09 15:49:31 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/10/09 15:43:41 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/10/09 15:28:37 | 000,000,020 | -HS- | C] () -- C:\Users\PG\ntuser.ini
[2010/10/09 15:28:36 | 000,524,288 | -HS- | C] () -- C:\Users\PG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/10/09 15:28:36 | 000,524,288 | -HS- | C] () -- C:\Users\PG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/10/09 15:28:36 | 000,262,144 | -HS- | C] () -- C:\Users\PG\ntuser.dat.LOG1
[2010/10/09 15:28:36 | 000,065,536 | -HS- | C] () -- C:\Users\PG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/10/09 15:28:36 | 000,000,290 | ---- | C] () -- C:\Users\PG\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/09 15:28:36 | 000,000,272 | ---- | C] () -- C:\Users\PG\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/09 15:28:36 | 000,000,000 | -HS- | C] () -- C:\Users\PG\ntuser.dat.LOG2
[2010/10/09 15:28:35 | 000,786,432 | -HS- | C] () -- C:\Users\PG\NTUSER.DAT
[2010/10/09 10:19:01 | 797,532,160 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/14 12:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 12:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/10/10 10:01:25 | 000,000,000 | ---D | M] -- C:\Users\PG\AppData\Roaming\BitTorrent
[2010/10/09 15:51:13 | 000,000,000 | ---D | M] -- C:\Users\PG\AppData\Roaming\E-Cam
[2009/07/14 17:53:46 | 000,003,168 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


And the computer is running a lot smoother, thanks so much for your help!!

Anything else left to do?

cwizzy
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2010-08-20
Gender : Male
OS : Windows 7 Professional 64-bit

View user profile

Back to top Go down

Re: http://i.163vv.com/ Virus?

Post by TheAvatar on Sat Oct 09, 2010 11:58 pm

Hi cwizzy,

I just need you to do a bit of cleanup and let me know how it goes please.


Step 1:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :OTL
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [resethosts]
    [clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • After rebooting, please post the OTL you are presented with on startup.



Step 2:


  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.




Step 3:

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.



Please let me know how it all goes! Thanks.


- The Avatar
If I have helped you, please consider donating to [You must be registered and logged in to see this link.]

GeekPolice.net [You must be registered and logged in to see this link.]    [You must be registered and logged in to see this link.]

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

TheAvatar
Intermediate
Intermediate

Status :
Online
Offline

Posts : 137
Joined : 2010-10-02
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: http://i.163vv.com/ Virus?

Post by cwizzy on Sun Oct 10, 2010 12:27 am

Here is the OTL results


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: PG
->Temp folder emptied: 112479402 bytes
->Temporary Internet Files folder emptied: 14496577 bytes
->Java cache emptied: 128094 bytes
->Google Chrome cache emptied: 28590469 bytes
->Flash cache emptied: 1017 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 531118 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 149.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: PG
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

HOSTS file reset successfully


OTL by OldTimer - Version 3.2.14.1 log created on 10102010_132400

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cwizzy
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2010-08-20
Gender : Male
OS : Windows 7 Professional 64-bit

View user profile

Back to top Go down

Re: http://i.163vv.com/ Virus?

Post by TheAvatar on Sun Oct 10, 2010 1:04 am

Hey!

Let me know when you have done step 2 and 3. Thanks.


- The Avatar
If I have helped you, please consider donating to [You must be registered and logged in to see this link.]

GeekPolice.net [You must be registered and logged in to see this link.]    [You must be registered and logged in to see this link.]

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

TheAvatar
Intermediate
Intermediate

Status :
Online
Offline

Posts : 137
Joined : 2010-10-02
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: http://i.163vv.com/ Virus?

Post by cwizzy on Sun Oct 10, 2010 1:06 am

Yeah I've done all the steps

cwizzy
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2010-08-20
Gender : Male
OS : Windows 7 Professional 64-bit

View user profile

Back to top Go down

Re: http://i.163vv.com/ Virus?

Post by TheAvatar on Sun Oct 10, 2010 1:23 am

Ok good. Smile

The following are very important for you to do.

No Anti-virus

Looking over your log ... there is NO evidence of anti-virus software installed.. This puts you at serious risk.
Anti-virus software will help detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.

To protect your computer from infection...download a (free for personal use) anti-virus program from one these reliable vendors.


  1. [You must be registered and logged in to see this link.]- Superior detection, the free version has no email scan.
  2. [You must be registered and logged in to see this link.] - Excellent detection, the freeware version includes email scanning.
  3. [You must be registered and logged in to see this link.] - New, from Microsoft, with email scanning, easy to install, easy to use.
    ** Your PC must run genuine Windows to install Microsoft Security Essentials.


A good (pay for) Anti-virus program is [You must be registered and logged in to see this link.]- 30 day free trial.

Installing a new AV product.
Do NOT unistall any existing anti-virus product yet!
  1. Download the new Anti-virus product to your computer.
  2. Save any work. Close all applications, especially your Internet connection.
  3. Uninstall any existing anti-virus product... Use the AV uninstall option if available.
  4. Reboot your computer, if not done during the uninstall.
  5. Install the new AV product... following installation instructions.
  6. Check for updates to the new AV product, if not done during install setup.
  7. Run a full scan of your computer.

It is strongly recommended that you run only one antivirus program at a time.
Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.



No Firewall
It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions.

Below is a list of some free firewalls (in no order of preference).

It is important to note that you should only have one firewall installed at a time, but you can download to your Desktop and install each in turn to see which one you prefer.



Here is my usual all clean:

Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


Turn On Automatic Updates:

    Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    or visit [You must be registered and logged in to see this link.] regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Antispyware programs:

I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • [You must be registered and logged in to see this link.] As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

  • [You must be registered and logged in to see this link.] - By altering your registry, this program stops harmful sites from installing things like [You must be registered and logged in to see this link.] on your machines.

  • Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recommend keeping it and using often.



Please read this great article by miekiemoes [You must be registered and logged in to see this link.]
and this great article by Tony Klein [You must be registered and logged in to see this link.]



Best wishes!

-TheAvatar


- The Avatar
If I have helped you, please consider donating to [You must be registered and logged in to see this link.]

GeekPolice.net [You must be registered and logged in to see this link.]    [You must be registered and logged in to see this link.]

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

TheAvatar
Intermediate
Intermediate

Status :
Online
Offline

Posts : 137
Joined : 2010-10-02
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: http://i.163vv.com/ Virus?

Post by cwizzy on Sun Oct 10, 2010 1:34 am

Great. Thankyou soo much for your help The Avatar!!!

Thank You!

Fixed my computer up all nice.
Thanks again !!!

cwizzy
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2010-08-20
Gender : Male
OS : Windows 7 Professional 64-bit

View user profile

Back to top Go down

Re: http://i.163vv.com/ Virus?

Post by TheAvatar on Sun Oct 10, 2010 1:41 am

My pleasure cwizzy Smile !

Safe surfing and thanks for thanks
Honored

Be sure to recommend GeekPolice.net to any friends or relatives who may have been infected! And/or follow us on Facebook or Twitter (image links in my signature)

See you round!


- The Avatar
If I have helped you, please consider donating to [You must be registered and logged in to see this link.]

GeekPolice.net [You must be registered and logged in to see this link.]    [You must be registered and logged in to see this link.]

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

TheAvatar
Intermediate
Intermediate

Status :
Online
Offline

Posts : 137
Joined : 2010-10-02
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum