Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

MIX.dj search engine ?

(In Progress)
(!)

neofan3's Avatar
neofan3 neofan3 is offline
Computer Specs
Member with 415 posts.
THREAD STARTER
 
Join Date: Jan 2007
Experience: Intermediate
11-Mar-2013, 01:37 AM #1
MIX.dj search engine ?
This thing is VERY weird. It started when I installed a powertoy for wallpapers. This powertoy looks exactly the same as MS powertoy, except it doesn't require validation. * and it started all kinds of trouble. This MIX.dj can not be get rid off. It is always on firefox when I start this browser. Since it is not even listed as one of the search engine in firefox so I adopted a solution: I set home page as google search. Now, I will not see it although it is there.

No anti spy and malware work.

* Now I downloaded the MS powertoy for wallpapers with validation. And this one is good.

Last edited by neofan3; 11-Mar-2013 at 12:39 PM..
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 95,169 posts.
 
Join Date: Aug 2003
11-Mar-2013, 06:49 PM #2
Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the dds.scr file to run the program.

It will automatically run in silent mode and then you will see the following note:

"Two logs shall be created on your Desktop".

The logs will be named dds.txt and attach.txt.

Wait until the logs appear and then copy and paste their contents in your post.


Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.
__________________
Microsoft MVP - Consumer Security
neofan3's Avatar
neofan3 neofan3 is offline
Computer Specs
Member with 415 posts.
THREAD STARTER
 
Join Date: Jan 2007
Experience: Intermediate
11-Mar-2013, 08:22 PM #3
1. dds.txt :

Quote:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by lyhong at 20:18:00 on 2013-03-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2637 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [BingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
StartupFolder: c:\docume~1\lyhong\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\docume~1\lyhong\startm~1\programs\startup\wallpa~1.lnk - c:\program files\wallpapertoy\Wallpapertoy.Exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350115032062
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350117906906
TCP: NameServer = 192.168.1.1 184.16.4.22
TCP: Interfaces\{29A4F8CA-FD1B-4723-8C16-EFD7A0BE97D7} : DHCPNameServer = 192.168.1.1 184.16.4.22
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lyhong\application data\mozilla\firefox\profiles\rw342h46.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2013-03-10 21:21; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\documents and settings\lyhong\application data\mozilla\firefox\profiles\rw342h46.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 195296]
R0 SysTrace;SysTrace;c:\windows\system32\drivers\SysTrace.sys [2012-10-14 92800]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2013-1-25 166408]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-10-13 12808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="c:\program files\just great software\editpad lite 7\EditPadLite7.exe" "%1"
.
=============== Created Last 30 ================
.
2013-03-11 21:57:22 6954968 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8e337c35-005d-4505-8bc7-7c986f6cc202}\mpengine.dll
2013-03-11 18:01:56 6954968 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-03-11 18:01:55 -------- d-----w- c:\documents and settings\lyhong\application data\Windows Desktop Search
2013-03-11 18:01:39 -------- d-----w- c:\windows\system32\GroupPolicy
2013-03-11 18:01:39 -------- d-----w- c:\program files\Windows Desktop Search
2013-03-11 18:01:16 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2013-03-11 18:01:16 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2013-03-11 18:01:15 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2013-03-11 16:31:40 187072 ----a-w- C:\powertoys_wpchanger.exe
2013-03-11 16:30:58 187072 ----a-w- c:\windows\walltoyUninst.exe
2013-03-11 16:30:58 -------- d-----w- c:\program files\WallpaperToy
2013-03-11 05:21:11 -------- d-----w- c:\program files\VS Revo Group
2013-03-11 04:44:47 -------- d-----w- c:\documents and settings\lyhong\application data\SUPERAntiSpyware.com
2013-03-11 04:44:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-03-11 04:44:41 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-03-11 02:26:33 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-03-11 02:25:50 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2013-03-11 02:13:33 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-03-11 01:20:56 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-03-11 00:52:42 -------- d-----w- c:\documents and settings\lyhong\local settings\application data\Deployment
2013-03-11 00:31:53 -------- d-sh--w- c:\documents and settings\lyhong\IECompatCache
2013-03-11 00:26:01 -------- dc-h--w- c:\windows\ie8
2013-03-10 23:40:33 -------- d-----w- c:\documents and settings\lyhong\application data\Malwarebytes
2013-03-10 23:40:24 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-03-10 23:01:28 -------- d-----w- c:\documents and settings\lyhong\application data\PriceGong
2013-03-10 22:49:46 -------- d-----w- c:\program files\Conduit
2013-03-10 22:49:42 -------- d-----w- c:\documents and settings\lyhong\local settings\application data\Conduit
2013-03-10 22:48:28 -------- d-----w- c:\documents and settings\lyhong\local settings\application data\AWC
2013-03-10 22:48:15 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-03-10 22:48:12 -------- d-----w- c:\documents and settings\all users\application data\Strongvault Online Backup
2013-03-10 22:48:07 -------- d-sh--w- C:\AI_RecycleBin
2013-03-10 22:47:39 98304 ----a-w- c:\windows\system32\ccrpUCW6.dll
2013-03-10 22:47:39 98304 ----a-w- c:\windows\system32\ccrpDtp6.ocx
2013-03-10 22:47:39 90112 ----a-w- c:\windows\system32\ccrpTmr6.dll
2013-03-10 22:47:39 86016 ----a-w- c:\windows\system32\ccrpudn6.ocx
2013-03-10 22:47:39 77824 ----a-w- c:\windows\system32\ccrphky6.ocx
2013-03-10 22:47:39 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2013-03-10 22:47:39 40960 ----a-w- c:\windows\system32\DLLDesktop.dll
2013-03-10 22:47:39 36864 ----a-w- c:\windows\system32\AlphaImageCreator.dll
2013-03-10 22:47:39 2805760 ----a-w- c:\windows\system32\FreeImage.dll
2013-03-10 22:47:39 167936 ----a-w- c:\windows\system32\ccrpftv6.ocx
2013-03-10 22:47:38 209608 ----a-w- c:\windows\system32\TABCTL32.OCX
2013-03-10 22:47:38 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2013-03-10 20:10:33 -------- d-----w- c:\documents and settings\lyhong\local settings\application data\Help
2013-03-10 14:27:15 92184 ----a-w- c:\documents and settings\all users\application data\microsoft\bingdesktop\updater\BingDesktopRestarter.exe
2013-03-10 14:08:51 892704 ----a-w- c:\windows\system32\nvdispgenco3220162.dll
2013-03-10 14:08:51 1012512 ----a-w- c:\windows\system32\nvdispco3220294.dll
2013-03-10 13:53:32 -------- d-----w- c:\program files\Microsoft
2013-03-10 13:47:34 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-03-10 13:47:29 -------- d-----w- c:\program files\Windows Media Connect 2
2013-03-10 13:46:35 -------- d-----w- c:\windows\system32\LogFiles
2013-03-10 12:22:57 53248 ----a-r- c:\documents and settings\lyhong\application data\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2013-03-10 12:22:51 -------- d-----w- c:\documents and settings\lyhong\local settings\application data\Logishrd
.
==================== Find3M ====================
.
2013-03-10 14:09:13 1079188 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-03-10 14:09:13 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-03-10 14:09:12 1079188 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-03-10 12:28:14 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-10 12:28:14 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-10 12:22:44 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-03-06 10:38:36 770384 ----a-w- c:\windows\system32\msvcr100.dll
2013-03-06 10:38:36 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-02-10 03:20:28 7749632 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-10 03:20:28 6070272 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-10 03:20:28 4078976 ----a-w- c:\windows\system32\nv4_disp.dll
2013-02-10 03:20:28 2731296 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-10 03:20:28 2481664 ----a-w- c:\windows\system32\nvapi.dll
2013-02-10 03:20:28 1990944 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-10 03:20:28 19685376 ----a-w- c:\windows\system32\nvoglnt.dll
2013-02-10 03:20:28 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-10 03:20:28 10707360 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-02-10 00:27:31 54272 ----a-w- c:\windows\system32\nvwddi.dll
2013-02-10 00:27:29 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-02-10 00:27:29 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2013-02-10 00:27:29 15664416 ----a-w- c:\windows\system32\nvcpl.dll
2013-02-10 00:27:28 144160 ----a-w- c:\windows\system32\nvcolor.exe
2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-20 19:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 08:18:04 56200 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
2013-01-03 08:18:04 40200 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2013-01-03 08:18:04 1584520 ----a-w- c:\windows\system32\LkmdfCoInst.dll
2013-01-03 08:18:00 44680 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2013-01-03 08:18:00 12808 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16:28 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40:59 385024 ------w- c:\windows\system32\html.iec
2012-12-19 05:41:58 28600 ----a-w- c:\windows\system32\nvhdap32.dll
2012-12-19 05:41:55 128440 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2012-12-18 08:31:23 892856 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 20:18:16.93 ===============
neofan3's Avatar
neofan3 neofan3 is offline
Computer Specs
Member with 415 posts.
THREAD STARTER
 
Join Date: Jan 2007
Experience: Intermediate
11-Mar-2013, 08:23 PM #4
2. attach.txt:

Quote:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/12/2012 3:50:36 PM
System Uptime: 3/11/2013 5:55:02 PM (3 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | 790FX-GD70(MS-7577)
Processor: AMD Phenom(tm) II X4 955 Processor | CPU1 | 3200/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 140 GiB total, 107.966 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1799.534 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_75771462&REV_03\4&72AE7A8&0&0030
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek PCIe GBE Family Controller #2
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_75771462&REV_03\4&72AE7A8&0&0030
Service: RTLE8023xp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\191674E10DC00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\191674E10DC00
Service: NIC1394
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_75771462&REV_3C\3&267A616A&0&A0
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_75771462&REV_3C\3&267A616A&0&A0
Service:
.
==== System Restore Points ===================
.
RP122: 12/12/2012 7:43:06 AM - Software Distribution Service 3.0
RP123: 12/13/2012 8:30:32 AM - Software Distribution Service 3.0
RP124: 12/15/2012 8:11:28 AM - Software Distribution Service 3.0
RP125: 12/16/2012 1:46:34 AM - Software Distribution Service 3.0
RP126: 12/17/2012 6:54:15 AM - Software Distribution Service 3.0
RP127: 12/18/2012 7:56:09 AM - Software Distribution Service 3.0
RP128: 12/19/2012 8:02:48 AM - Software Distribution Service 3.0
RP129: 12/20/2012 8:45:48 AM - Software Distribution Service 3.0
RP130: 12/21/2012 9:18:37 AM - System Checkpoint
RP131: 12/22/2012 9:46:38 AM - Software Distribution Service 3.0
RP132: 12/23/2012 11:37:57 PM - Software Distribution Service 3.0
RP133: 12/25/2012 3:24:07 AM - Software Distribution Service 3.0
RP134: 12/26/2012 11:02:17 AM - Software Distribution Service 3.0
RP135: 12/27/2012 11:02:18 AM - Software Distribution Service 3.0
RP136: 12/28/2012 11:02:07 AM - Software Distribution Service 3.0
RP137: 12/29/2012 11:02:03 AM - Software Distribution Service 3.0
RP138: 12/30/2012 1:54:13 AM - Software Distribution Service 3.0
RP139: 12/30/2012 11:02:02 AM - Software Distribution Service 3.0
RP140: 12/31/2012 11:02:06 AM - Software Distribution Service 3.0
RP141: 1/1/2013 10:21:12 PM - Software Distribution Service 3.0
RP142: 3/10/2013 8:16:30 AM - Software Distribution Service 3.0
RP143: 3/10/2013 8:33:52 AM - Software Distribution Service 3.0
RP144: 3/10/2013 9:19:42 AM - Software Distribution Service 3.0
RP145: 3/10/2013 9:31:46 AM - Software Distribution Service 3.0
RP146: 3/10/2013 9:46:12 AM - Software Distribution Service 3.0
RP147: 3/10/2013 10:00:25 AM - Software Distribution Service 3.0
RP148: 3/10/2013 6:48:21 PM - Installed Strongvault Online Backup
RP149: 3/10/2013 7:00:15 PM - Removed Strongvault Online Backup
RP150: 3/10/2013 7:01:03 PM - Removed Strongvault Online Backup
RP151: 3/10/2013 7:57:19 PM - Software Distribution Service 3.0
RP152: 3/10/2013 8:26:27 PM - Installed Windows Internet Explorer 8.
RP153: 3/10/2013 8:26:48 PM - Software Distribution Service 3.0
RP154: 3/10/2013 8:32:46 PM - Software Distribution Service 3.0
RP155: 3/10/2013 8:38:52 PM - Software Distribution Service 3.0
RP156: 3/10/2013 10:44:20 PM - Software Distribution Service 3.0
RP157: 3/11/2013 1:14:58 AM - Software Distribution Service 3.0
RP158: 3/11/2013 2:01:09 PM - Software Distribution Service 3.0
RP159: 3/11/2013 5:54:01 PM - Software Distribution Service 3.0
RP160: 3/11/2013 5:57:19 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
AMD Processor Driver
Bing Desktop
CCleaner
CleanUp!
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
Deus Ex
EditPad Lite 7.1.2
eReg
Freedom Fighters
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Java 7 Update 7
Java Auto Updater
Logitech SetPoint 6.52
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mount&Blade
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
Mplayer.com
No One Lives Forever
No One Lives Forever 2
NVIDIA Control Panel 314.07
NVIDIA Graphics Driver 314.07
NVIDIA HD Audio Driver 1.3.23.1
NVIDIA Install Application
NVIDIA nView 136.53
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Update 1.12.12
NVIDIA Update Components
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847-v2)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sound Blaster X-Fi
SUPERAntiSpyware
Titan Quest
Titan Quest Immortal Throne
Tomb Raider: Legend 1.1
Total Commander (Remove or Repair)
TQ Defiler.NET
TQVault
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
Wallpaper Changer for Windows XP
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Wise Registry Cleaner 7.65
zeckensack's Glide wrapper (remove only)
.
==== Event Viewer Messages From Past Week ========
.
3/11/2013 1:47:44 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
neofan3's Avatar
neofan3 neofan3 is offline
Computer Specs
Member with 415 posts.
THREAD STARTER
 
Join Date: Jan 2007
Experience: Intermediate
11-Mar-2013, 08:27 PM #5
3. result from search by ADWCLEANER:


Quote:
# AdwCleaner v2.114 - Logfile created 03/11/2013 at 20:24:10
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : lyhong - LYHONG-XP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\lyhong\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Documents and Settings\lyhong\Application Data\PriceGong
Folder Found : C:\Documents and Settings\lyhong\Local Settings\Application Data\Conduit
Folder Found : C:\Program Files\Conduit

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\SmartBar
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287822
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Tarma Installer
Key Found : HKU\S-1-5-21-507921405-1647877149-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\lyhong\Application Data\Mozilla\Firefox\Profiles\rw342h46.default\prefs.js

Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3287822&SearchSource=1[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\lyhong\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2124 octets] - [11/03/2013 20:24:10]

########## EOF - C:\AdwCleaner[R1].txt - [2184 octets] ##########
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 95,169 posts.
 
Join Date: Aug 2003
11-Mar-2013, 09:23 PM #6
Please run AdwCleaner again and this time select the "delete" option and post the resulting log.
neofan3's Avatar
neofan3 neofan3 is offline
Computer Specs
Member with 415 posts.
THREAD STARTER
 
Join Date: Jan 2007
Experience: Intermediate
11-Mar-2013, 09:40 PM #7
From adwcleaner:

Quote:
# AdwCleaner v2.114 - Logfile created 03/11/2013 at 21:32:12
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : lyhong - LYHONG-XP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\lyhong\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\lyhong\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\lyhong\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287822
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\lyhong\Application Data\Mozilla\Firefox\Profiles\rw342h46.default\prefs.js

C:\Documents and Settings\lyhong\Application Data\Mozilla\Firefox\Profiles\rw342h46.default\user.js ... Deleted !

Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3287822&SearchSource=1[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\lyhong\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2253 octets] - [11/03/2013 20:24:10]
AdwCleaner[R2].txt - [2313 octets] - [11/03/2013 21:31:38]
AdwCleaner[S1].txt - [2246 octets] - [11/03/2013 21:32:12]

########## EOF - C:\AdwCleaner[S1].txt - [2306 octets] ##########
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 95,169 posts.
 
Join Date: Aug 2003
11-Mar-2013, 10:07 PM #8
Please do not enclose the logs in quote tags but just copy and paste them in the reply.

Please download OTL to your Desktop.
  • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under Custom Scans/Fixes type in Netsvcs
  • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
  • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy and paste the contents of both of these files here in your next reply.
neofan3's Avatar
neofan3 neofan3 is offline
Computer Specs
Member with 415 posts.
THREAD STARTER
 
Join Date: Jan 2007
Experience: Intermediate
11-Mar-2013, 10:21 PM #9
OTL.text:

OTL logfile created on: 3/11/2013 10:15:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\lyhong\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 82.99% Memory free
5.09 Gb Paging File | 4.55 Gb Available in Paging File | 89.38% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 107.91 Gb Free Space | 77.23% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1799.53 Gb Free Space | 96.59% Space Free | Partition Type: NTFS
Drive E: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LYHONG-XP | User Name: lyhong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/11 22:11:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lyhong\Desktop\OTL.exe
PRC - [2013/02/20 22:44:22 | 002,238,704 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2013/02/09 23:20:28 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/02/08 14:32:00 | 000,150,768 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/01/25 10:34:04 | 000,166,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2012/11/01 15:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/10/13 11:15:01 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/12 11:46:54 | 000,020,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2006/12/12 11:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/12/12 11:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2005/11/04 18:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2002/12/18 14:12:26 | 000,110,592 | ---- | M] (Microsoft Corp.) -- C:\Program Files\WallpaperToy\Wallpapertoy.Exe


========== Modules (No Company Name) ==========

MOD - [2013/02/09 23:20:28 | 001,564,008 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nView.dll
MOD - [2013/02/09 23:20:28 | 001,125,224 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvwimg.dll
MOD - [2013/02/09 23:20:28 | 000,357,224 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
MOD - [2006/06/11 23:33:08 | 000,003,072 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL
MOD - [2005/06/07 09:10:50 | 000,070,656 | ---- | M] () -- C:\WINDOWS\system32\CTMMACTL.DLL


========== Services (SafeList) ==========

SRV - [2013/03/10 21:35:02 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/10 08:28:14 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/09 23:20:28 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/08 14:29:56 | 000,295,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/25 10:34:04 | 000,166,408 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2012/10/13 11:15:01 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/01/03 04:18:04 | 000,040,200 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2013/01/03 04:18:00 | 000,044,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2013/01/03 04:18:00 | 000,012,808 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2012/12/19 01:41:55 | 000,128,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2012/10/14 17:03:07 | 000,092,800 | ---- | M] (Microsoft Corp.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SysTrace.sys -- (SysTrace)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/06 04:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/04/27 19:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 19:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 19:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/06/18 04:01:28 | 000,514,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/12/19 09:36:54 | 001,160,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/12/19 09:36:46 | 000,090,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/12/19 09:36:42 | 000,156,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/12/19 09:36:36 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/12/19 09:36:32 | 000,128,312 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/12/19 09:35:40 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/10 05:06:04 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.4.20130221100632
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/10 22:33:26 | 000,000,000 | ---D | M]

[2013/03/10 21:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lyhong\Application Data\Mozilla\Extensions
[2013/03/10 22:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lyhong\Application Data\Mozilla\Firefox\Profiles\rw342h46.default\extensions
[2013/03/10 21:55:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\lyhong\Application Data\Mozilla\Firefox\Profiles\rw342h46.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/03/10 22:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/07 10:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggesti on}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:insta ntExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chro me&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.160\PepperFlash\pepflashplayer.dl l
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.160\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.160\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\lyhong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\lyhong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\lyhong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\lyhong\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Documents and Settings\lyhong\Start Menu\Programs\Startup\Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe (Microsoft Corp.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/w...?1350115032062 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1350117906906 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.4.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29A4F8CA-FD1B-4723-8C16-EFD7A0BE97D7}: DhcpNameServer = 192.168.1.1 184.16.4.22
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\lyhong\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\lyhong\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/10/12 15:49:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/04/18 11:23:00 | 000,000,041 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/03/11 22:11:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lyhong\Desktop\OTL.exe
[2013/03/11 20:13:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\lyhong\Desktop\dds.scr
[2013/03/11 14:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Application Data\Windows Desktop Search
[2013/03/11 14:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2013/03/11 14:01:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/03/11 14:01:16 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2013/03/11 14:01:16 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2013/03/11 14:01:15 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2013/03/11 13:47:22 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\lyhong\Desktop\rkill.exe
[2013/03/11 12:31:40 | 000,187,072 | ---- | C] (Microsoft, Corp.) -- C:\powertoys_wpchanger.exe
[2013/03/11 12:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2013/03/11 12:30:58 | 000,187,072 | ---- | C] (Microsoft, Corp.) -- C:\WINDOWS\walltoyUninst.exe
[2013/03/11 12:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\WallpaperToy
[2013/03/11 09:48:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\lyhong\Recent
[2013/03/11 06:50:46 | 018,456,096 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\lyhong\Desktop\Windows-KB890830-V4.17.exe
[2013/03/11 01:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/03/11 00:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Application Data\SUPERAntiSpyware.com
[2013/03/11 00:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/03/11 00:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/03/11 00:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/03/10 22:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2013/03/10 22:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/10 22:13:33 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/03/10 21:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/10 21:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/03/10 20:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/03/10 20:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Local Settings\Application Data\Deployment
[2013/03/10 20:31:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\lyhong\IECompatCache
[2013/03/10 20:26:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/03/10 20:17:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/03/10 19:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Application Data\Malwarebytes
[2013/03/10 19:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/03/10 18:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Local Settings\Application Data\AWC
[2013/03/10 18:48:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2013/03/10 18:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup
[2013/03/10 18:48:07 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/03/10 18:47:39 | 002,805,760 | ---- | C] (FreeImage) -- C:\WINDOWS\System32\FreeImage.dll
[2013/03/10 18:47:39 | 000,167,936 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\WINDOWS\System32\ccrpftv6.ocx
[2013/03/10 18:47:39 | 000,098,304 | ---- | C] (Jeremy Adams, CCRP) -- C:\WINDOWS\System32\ccrpUCW6.dll
[2013/03/10 18:47:39 | 000,098,304 | ---- | C] (CCRP) -- C:\WINDOWS\System32\ccrpDtp6.ocx
[2013/03/10 18:47:39 | 000,090,112 | ---- | C] (http://www.mvps.org/vb) -- C:\WINDOWS\System32\ccrpTmr6.dll
[2013/03/10 18:47:39 | 000,086,016 | ---- | C] (CCRP / ECX Programming) -- C:\WINDOWS\System32\ccrpudn6.ocx
[2013/03/10 18:47:39 | 000,077,824 | ---- | C] (ECX Programming / CCRP) -- C:\WINDOWS\System32\ccrphky6.ocx
[2013/03/10 18:47:39 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll
[2013/03/10 18:47:39 | 000,040,960 | ---- | C] (The Lillypad) -- C:\WINDOWS\System32\DLLDesktop.dll
[2013/03/10 18:47:39 | 000,036,864 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\AlphaImageCreator.dll
[2013/03/10 18:47:38 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTL32.OCX
[2013/03/10 18:47:38 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RICHTX32.OCX
[2013/03/10 18:44:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lyhong\My Documents\My Videos
[2013/03/10 18:44:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lyhong\Start Menu\Programs\Administrative Tools
[2013/03/10 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Local Settings\Application Data\Help
[2013/03/10 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Application Data\Help
[2013/03/10 10:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013/03/10 10:08:51 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220294.dll
[2013/03/10 10:08:51 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco3220162.dll
[2013/03/10 09:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bing Desktop
[2013/03/10 09:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/03/10 09:47:44 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2013/03/10 09:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2013/03/10 09:46:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2013/03/10 09:46:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2013/03/10 09:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/03/10 09:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2013/03/10 08:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Local Settings\Application Data\Logishrd
[2013/03/10 08:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/11 22:12:55 | 000,001,198 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/03/11 22:11:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lyhong\Desktop\OTL.exe
[2013/03/11 21:48:31 | 008,294,454 | -H-- | M] () -- C:\WINDOWS\System32\toyhide.bmp
[2013/03/11 21:44:57 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/11 21:44:46 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/03/11 21:44:43 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/03/11 21:38:58 | 000,503,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/11 21:38:58 | 000,087,406 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/11 21:34:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/11 21:33:58 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000007-00001102-00000005-00311102}.rfx
[2013/03/11 21:33:58 | 000,054,160 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000007-00001102-00000005-00311102}.rfx
[2013/03/11 21:33:58 | 000,054,160 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000007-00001102-00000005-00311102}.rfx
[2013/03/11 21:33:58 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2013/03/11 21:33:58 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2013/03/11 21:27:07 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/11 20:16:12 | 000,597,667 | ---- | M] () -- C:\Documents and Settings\lyhong\Desktop\AdwCleaner.exe
[2013/03/11 20:13:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\lyhong\Desktop\dds.scr
[2013/03/11 17:50:28 | 000,002,408 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2013/03/11 14:01:44 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/03/11 14:01:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/11 13:47:24 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\lyhong\Desktop\rkill.exe
[2013/03/11 12:30:59 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\lyhong\Start Menu\Programs\Startup\Wallpaper Changer.lnk
[2013/03/11 12:29:50 | 000,187,072 | ---- | M] (Microsoft, Corp.) -- C:\WINDOWS\walltoyUninst.exe
[2013/03/11 12:29:50 | 000,187,072 | ---- | M] (Microsoft, Corp.) -- C:\powertoys_wpchanger.exe
[2013/03/11 06:51:39 | 018,456,096 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\lyhong\Desktop\Windows-KB890830-V4.17.exe
[2013/03/11 00:44:44 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/03/10 22:29:43 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\lyhong\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/03/10 22:29:43 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/03/10 22:26:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/03/10 22:13:33 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/03/10 10:20:58 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2013/03/10 10:09:13 | 001,079,188 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/03/10 10:09:13 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/03/10 10:09:12 | 001,079,188 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/03/10 09:47:39 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/03/10 09:47:39 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/03/10 09:46:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2013/03/10 09:12:46 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/03/10 08:42:29 | 000,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/10 08:37:44 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/03/10 08:28:14 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/10 08:28:14 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/10 08:22:57 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\lyhong\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2013/03/10 08:22:44 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2013/03/06 06:38:36 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013/03/06 06:38:36 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013/02/09 23:20:28 | 019,685,376 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2013/02/09 23:20:28 | 017,551,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2013/02/09 23:20:28 | 010,707,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2013/02/09 23:20:28 | 007,749,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2013/02/09 23:20:28 | 006,070,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
[2013/02/09 23:20:28 | 004,078,976 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2013/02/09 23:20:28 | 002,731,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2013/02/09 23:20:28 | 002,481,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2013/02/09 23:20:28 | 002,287,232 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
[2013/02/09 23:20:28 | 001,990,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2013/02/09 23:20:28 | 001,012,512 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220294.dll
[2013/02/09 23:20:28 | 000,892,704 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco3220162.dll
[2013/02/09 23:20:28 | 000,016,514 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/11 20:16:08 | 000,597,667 | ---- | C] () -- C:\Documents and Settings\lyhong\Desktop\AdwCleaner.exe
[2013/03/11 14:01:44 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2013/03/11 14:01:44 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/03/11 14:01:32 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/03/11 12:30:59 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\lyhong\Start Menu\Programs\Startup\Wallpaper Changer.lnk
[2013/03/11 00:44:44 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/03/10 22:26:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/03/10 21:20:58 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\lyhong\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/03/10 21:20:58 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/03/10 21:20:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/10 18:47:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\ndspoem.rst
[2013/03/10 10:16:08 | 008,294,454 | -H-- | C] () -- C:\WINDOWS\System32\toyhide.bmp
[2013/03/10 10:11:59 | 000,001,198 | ---- | C] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/03/10 09:46:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2013/03/10 09:44:05 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2013/03/10 08:52:40 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/03/10 08:52:33 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/03/10 08:22:57 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\lyhong\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2012/11/17 19:15:31 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2012/11/09 09:46:17 | 000,000,349 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2012/11/08 17:08:33 | 000,000,784 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2012/10/14 15:33:11 | 024,910,711 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\d2e31342-7d2c-4bd4-b61f-4a01d2bcee41_dir_temp.bin
[2012/10/13 19:02:58 | 000,003,260 | ---- | C] () -- C:\Documents and Settings\lyhong\Application Data\glide_wrapper.zbag.ini
[2012/10/13 19:00:27 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/10/13 06:08:03 | 000,002,408 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2012/10/13 05:49:59 | 001,079,188 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/10/13 05:49:59 | 001,079,188 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/10/13 05:49:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/10/13 05:49:49 | 002,287,232 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/10/13 05:26:37 | 000,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2012/10/13 05:26:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2012/10/13 05:26:37 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2012/10/13 04:12:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/10/13 02:03:06 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012/10/12 15:50:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/10/12 15:47:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/10/12 11:38:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/10/12 11:37:52 | 000,096,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/10/13 02:28:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 16:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE

< End of report >
neofan3's Avatar
neofan3 neofan3 is offline
Computer Specs
Member with 415 posts.
THREAD STARTER
 
Join Date: Jan 2007
Experience: Intermediate
11-Mar-2013, 10:23 PM #10
Extra.txt:

OTL Extras logfile created on: 3/11/2013 10:15:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\lyhong\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 82.99% Memory free
5.09 Gb Paging File | 4.55 Gb Available in Paging File | 89.38% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 107.91 Gb Free Space | 77.23% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1799.53 Gb Free Space | 96.59% Space Free | Partition Type: NTFS
Drive E: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LYHONG-XP | User Name: lyhong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.txt [@ = txtfile] -- C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe (Just Great Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- "C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe" "%1" (Just Great Software)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*isabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*isabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabledaemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CFC6D41-EC71-449D-9E12-2F4EAB3D4B83}" = TQVault
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EBCCE08A-B3EE-40E7-96D7-31741D481015}" = No One Lives Forever 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4CB0C1E-A88F-46D7-AC9A-03B349A8D64F}" = TQ Defiler.NET
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Deus Ex" = Deus Ex
"EditPad Lite" = EditPad Lite 7.1.2
"Freedom Fighters" = Freedom Fighters
"GlidewrapZbag" = zeckensack's Glide wrapper (remove only)
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mount&Blade" = Mount&Blade
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mplayer.com" = Mplayer.com
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"No One Lives Forever" = No One Lives Forever
"sp6" = Logitech SetPoint 6.52
"SysInfo" = Creative System Information
"Tomb Raider: Legend" = Tomb Raider: Legend 1.1
"Totalcmd" = Total Commander (Remove or Repair)
"WallpaperToy" = Wallpaper Changer for Windows XP
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.65
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/5/2012 2:20:34 PM | Computer Name = LYHONG-XP | Source = Application Error | ID = 1000
Description = Faulting application setpoint.exe, version 6.50.152.0, faulting module
macrocore.dll, version 0.0.0.0, fault address 0x00003c78.

Error - 12/15/2012 6:45:43 PM | Computer Name = LYHONG-XP | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 tqvault.exe, P2 2.3.1.4, P3 4f54130e, P4 system,
P5 2.0.0.0, P6 504057aa, P7 22ef, P8 c6, P9 system.net.webexception, P10 NIL.

Error - 12/15/2012 6:46:21 PM | Computer Name = LYHONG-XP | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 tqvault.exe, P2 2.3.1.4, P3 4f54130e, P4 system,
P5 2.0.0.0, P6 504057aa, P7 22ef, P8 c6, P9 system.net.webexception, P10 NIL.

Error - 12/15/2012 6:46:29 PM | Computer Name = LYHONG-XP | Source = Application Error | ID = 1000
Description = Faulting application setpoint.exe, version 6.50.152.0, faulting module
macrocore.dll, version 0.0.0.0, fault address 0x00003c75.

Error - 3/10/2013 6:49:46 PM | Computer Name = LYHONG-XP | Source = CltMngSvc | ID = 1000
Description =

Error - 3/10/2013 8:22:49 PM | Computer Name = LYHONG-XP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/10/2013 8:22:49 PM | Computer Name = LYHONG-XP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/10/2013 8:22:49 PM | Computer Name = LYHONG-XP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/10/2013 8:22:49 PM | Computer Name = LYHONG-XP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/10/2013 10:33:25 PM | Computer Name = LYHONG-XP | Source = CltMngSvc | ID = 1000
Description =

[ System Events ]
Error - 3/11/2013 1:47:44 PM | Computer Name = LYHONG-XP | Source = Service Control Manager | ID = 7034
Description = The Creative Service for CDROM Access service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 95,169 posts.
 
Join Date: Aug 2003
12-Mar-2013, 09:19 AM #11
Did you install Automatic Wallpaper Changer and Strongvault online backup intentionally?
neofan3's Avatar
neofan3 neofan3 is offline
Computer Specs
Member with 415 posts.
THREAD STARTER
 
Join Date: Jan 2007
Experience: Intermediate
12-Mar-2013, 10:23 AM #12
What do you mean "intentionally"? I want to install Automatic Wallpaper Changer but not the Strongvault ( what is it ?). The first time it was from CNET and comes with extra softwares and the MIX.dj and a lot of trouble. So I get rid of them except the MIX.dj which can't be rid of. Then, I install MS wallpaper changer which is the same thing except the extras. I don't know how CNET can offer it without validation and the downloads is over 400,000. The MS requires validation and works well so far.

Is there any action I should take after I run the OTL ?
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 95,169 posts.
 
Join Date: Aug 2003
12-Mar-2013, 10:42 AM #13
Intentionally means knowingly. Some software gets installed without your knowledge, like the Strongvault.

Automatic Wallpaper Changer is not the MS one. That is by someone named Steve Murphy, I believe. Is that what your downloaded from Cnet? I don't believe they offer the MS one.

I will post further instructions for OTL but wanted these questions answered first before proceeding.

Last edited by Cookiegal; 12-Mar-2013 at 11:06 AM..
neofan3's Avatar
neofan3 neofan3 is offline
Computer Specs
Member with 415 posts.
THREAD STARTER
 
Join Date: Jan 2007
Experience: Intermediate
12-Mar-2013, 11:16 AM #14
Here is the link of CNET wallpaper changer and it is clearly the same as the MS' :

http://download.cnet.com/PowerToys-F...-10279480.html


Just look at the image and also download requires no validation and the downloads is over 70,000.

Last edited by neofan3; 12-Mar-2013 at 11:37 AM..
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 95,169 posts.
 
Join Date: Aug 2003
12-Mar-2013, 01:11 PM #15
I don't think it's the same or maybe a stripped down version. I don't know if they are authorized to ofer it. In any event, that wasn't the one I was asking you about, it was "Automatic Wallpaper Changer" by Steve Murphy because there is evidence that this was also downloaded at the same time as some bad items. I'll go ahead and remove those now.

Please run OTL again. Under the Custom Scans/Fixes box at the bottom paste in the following:

Code:
:OTL
[2013/03/10 18:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Local Settings\Application Data\AWC
[2013/03/10 18:48:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2013/03/10 18:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup
[2013/03/10 18:48:07 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑