# Solved: Could a Trojan virus that was in my computer affect a pc game I'm playing?



## jumbo1990 (Feb 17, 2006)

So, I play the game Battlefield 2, well I guess I had the trial version of a anti virus, so basically it ran out and I didnt get a chance to download and install AVG Anti virus until a week later. So I guess during that week without any antivirus, I received a trojan. So thats when I downloaded the AVG anti virus and had it scan my computer. It found it and cleared it off my computer. During this whole time I been playing Battlefield 2 on and off and now when I play Battlefield 2 I get frequent random lags where like if I am flying a airplane, it would lag and the next thing I know I crashed in the water...or if I'm infantry it will lag and I would be like a different place the next second. So basically before I got this trojan the game was perfectly fine and I cant figure out if it is affecting my internet connection or my game disc. I am able to use the internet and browse any website fine so I'm not sure. Do you guys think the trojan could have infected my game where uninstalling the game and reinstalling the game still doesnt fix any of those frequent lags, so should I go out and buy a new Battlefield 2 game disc or...??


----------



## eddie5659 (Mar 19, 2001)

Hiya

It may be malware related, but it could just be BF2. I play most nights on it, and the biggest thing people have problems with, is lag.

Are you going to servers with high ping or are these ones that you've always used? Buying a new disk won't help much, as its the servers that may need updating.

I know on ours, we sometimes get lag, and I restart it and it works fine after that.

Flying a plane with lag is hell, and even on the ground is bad when you're defending a flag, you get lag, and before you know it you're dead, the flag has been taken, and you're back at the uncap 

Anyway, back to you, as I tend to wander off in tangents 

Lets take a look and see if yu're clear 

Please download Malwarebytes' Anti-Malware from *Here* or

*Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-

click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*".

(_If you encounter any problems while downloading the updates, manually download and unzip them from

here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before 
scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen.
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*.
On the left, make sure you check *C:\Fixed Drive*.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click "*Next*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the 
main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *
Statistics/Logs* tab._
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor.

_
_Please copy and paste the Scan Log results in your next reply._

Click *Close* to exit the program.










*Click here* to download *HJTInstall.exe*

Save *HJTInstall.exe* to your desktop.
Doubleclick on the *HJTInstall.exe* icon on your desktop.
By default it will install to *C:\Program Files\Trend Micro\HijackThis* . 
Click on *Install*.
It will create a HijackThis icon on the desktop.
Once installed, it will launch *Hijackthis*.
Click on the *Do a system scan and save a logfile* button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. 

So, in your next reply, post the contents of the MBAM log, SAS log and a fresh HijackThis log 

Regards

eddie


----------



## jumbo1990 (Feb 17, 2006)

*Malwarebytes' Anti-Malware 1.39*
Database version: 2535
Windows 6.0.6001 Service Pack 1

7/31/2009 10:20:03 AM
mbam-log-2009-07-31 (10-20-03).txt

Scan type: Quick Scan
Objects scanned: 73314
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\y537.y537mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\y537.y537mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e7f15ac4-e0a9-43f0-921b-70dfea621220} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e7f15ac4-e0a9-43f0-921b-70dfea621220} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Windows\System32\796525 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\libtidy.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files (x86)\libxml2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files (x86)\libxslt.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files (x86)\objc.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\Windows\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.

*SUPERAntiSpyware Scan Log*
http://www.superantispyware.com

Generated 07/31/2009 at 11:08 AM

Application Version : 4.27.1000

Core Rules Database Version : 4030
Trace Rules Database Version: 1970

Scan type : Complete Scan
Total Scan Time : 00:37:43

Memory items scanned : 366
Memory threats detected : 0
Registry items scanned : 4676
Registry threats detected : 0
File items scanned : 25253
File threats detected : 72

Adware.Tracking Cookie
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected]www.gametracker[1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\NicYip\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

*Logfile of Trend Micro HijackThis v2.0.2*
Scan saved at 11:13:40 AM, on 7/31/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\IEUser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10a.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PHOTOfunSTUDIO HD Edition.lnk = C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O13 - Gopher Prefix: 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files (x86)\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7364 bytes


----------



## jumbo1990 (Feb 17, 2006)

ALso, regards to the beginning of ur post, its not Bf2 related, cause it never happened until my computer had that trojan, I had my internet connection directly connected to the optimum online modem, but now I had to take it off because the trojan caused my network to not even function. So I had to go out and buy a wireless adapter so when I said my internet browsing and stuff works, thats what I'm using. The servers in Bf2 is the same servers I goto, and its not just one server, and Idk what else to do, I posted above


----------



## eddie5659 (Mar 19, 2001)

Ah, I see. Well, we'll remove all the malware and see if that helps 

----------

Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

----------------

Download ComboFix from one of these locations:

*Link 1*
*Link 2*
*Link 3*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## jumbo1990 (Feb 17, 2006)

The first program you gave me worked, the second didnt, I have Vista 64-Bit and I guess that is a problem for the ComboFix, because it tells me its not compatible only for XP and 2000.


----------



## eddie5659 (Mar 19, 2001)

Ah, my mistake. Try this instead:

Download avz4.zip from *here*
Unzip it to your desktop to a folder named *avz4*
Double click on *AVZ.exe* to run it.
Run an update by clicking the Auto Update button on the Right of the Log window:








Click *Start* to begin the update
_Note: If you recieve an error message, chose a different source, then click Start again_
After the update, from the *"File"* menu, choose *"Standard Scripts"*
Put a check next to item *2: Advanced System Investigation*
Click *Execute selected scripts*
At the next prompt, click the *OK* button
Let the scan run and click "OK" when the completion prompt pops up
Now *Close* out of the Standard Scripts window, and exit AVZ
Navigate to the *avz4* folder and locate the folder *LOG*
Inside the LOG folder you will find *virusinfo_syscheck.htm* and virusinfo_syscheck.zip
*Attach* the Compressed file, virusinfo_syscheck.zip, to your next reply, along with a fresh HijackThis log


----------



## jumbo1990 (Feb 17, 2006)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:40 AM, on 7/31/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\IEUser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10a.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PHOTOfunSTUDIO HD Edition.lnk = C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O13 - Gopher Prefix: 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files (x86)\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7364 bytes


----------



## eddie5659 (Mar 19, 2001)

Not much showing there, apart from the hosts file. I assume you put those entries in there.

Just do the following:


Download *random's system information tool (RSIT)* by *random/random* from *here*.
*It is important that is saved to your desktop.*
Double click on *RSIT.exe* to run *RSIT*.
Click *Continue* at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both *log.txt* (<<will be maximized) and *info.txt* (<<will be minimized)

-----------

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under *Upgrading your Java Runtime Environment*, to download and install the latest vesion.


Read through the requirements and privacy statement and click on *Accept* button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure the following is checked. 
*Spyware, Adware, Dialers, and other potentially dangerous programs 
Archives
Mail databases*

Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Please post this log in your next reply.
*Upgrading Java*:

Download the latest version of *Java Runtime Environment (JRE) 6 Update 14*.
Scroll down to where it says "*The J2SE Runtime Environment (JRE) allows end-users to run Java applications*".
Click the "*Download*" button to the right.
Select your Platform and check the box that says: "*I agree to the Java SE Runtime Environment 6 License Agreement.*".
Click on *Continue*.
Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right cklick on the *jre-6u7-windows-i586-p.exe* and select "Run as an Administrator.")

eddie


----------



## jumbo1990 (Feb 17, 2006)

It states no malware has been detected


----------



## jumbo1990 (Feb 17, 2006)

I uninstalled my battlefield 2 game and ran the AVG Anti-Virus Free again. It didnt find any threats just cookies. But it puts it in a virus vault, and I dont know if this would help you but in the virus vault the Trojan was put in the virus vault when this problem first occured couple months ago and I did my first scan on my computer and it found the Trojan...but I'm not sure if AVG putting the trojan in virus vault means it resolved the issue or not?...I attached an image


----------



## eddie5659 (Mar 19, 2001)

Yep, those files will be quarantined, as in they're not on your actual system anymore 

Apart from the cookies, are you getting any more problems with BF2 or any online activity?

eddie


----------



## jumbo1990 (Feb 17, 2006)

same thing, unfortunately, do you think it could of messed up my network so I will have to buy a new modem? I use Optimum Online which is cable. I also just uninstalled the game and ran a virus scan, and nothing showed up besides cookies...sooo yea idk what to do.


----------



## eddie5659 (Mar 19, 2001)

If you can run RSIT, that would be good as it may show some things that are causing this:


Download *random's system information tool (RSIT)* by *random/random* from *here*.
*It is important that is saved to your desktop.*
Double click on *RSIT.exe* to run *RSIT*.
Click *Continue* at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both *log.txt* (<<will be maximized) and *info.txt* (<<will be minimized)


----------



## jumbo1990 (Feb 17, 2006)

Only log.txt opened up, there was no info.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by NicYip at 2009-08-05 10:23:43
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 368 GB (77%) free of 477 GB
Total RAM: 4094 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:53 AM, on 8/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\NicYip\Downloads\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\NicYip.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PHOTOfunSTUDIO HD Edition.lnk = C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O13 - Gopher Prefix: 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files (x86)\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7435 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{219303CB-5A3B-422B-B3B8-ED1F8B278BD3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG8\avgssie.dll [2009-07-19 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-08-03 41368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AVG8_TRAY"=C:\PROGRA~2\AVG\AVG8\avgtray.exe [2009-06-25 1948440]
"F5D7050v3"=C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe []
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2009-07-13 292128]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-08-03 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1555968]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"Aim6"=C:\Program Files (x86)\AIM6\aim6.exe [2009-05-19 49968]
"SUPERAntiSpyware"=C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-07-28 1830128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
PHOTOfunSTUDIO HD Edition.lnk - C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbbae017-6a3f-11dd-8f5f-806e6f6e6963}]
shell\AutoRun\command - D:\Autorun.exe

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-08-04 18:24:28 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-08-04 18:24:06 ----A---- C:\Windows\system32\PnkBstrA.exe
2009-08-04 16:15:02 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-08-04 16:15:02 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-08-04 16:15:02 ----A---- C:\Windows\system32\infocardapi.dll
2009-08-04 16:15:02 ----A---- C:\Windows\system32\icardres.dll
2009-08-04 16:15:02 ----A---- C:\Windows\system32\icardagt.exe
2009-08-04 16:14:59 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-04 16:14:58 ----A---- C:\Windows\system32\PresentationHost.exe
2009-08-04 16:01:30 ----A---- C:\Windows\system32\netfxperf.dll
2009-08-04 16:01:19 ----A---- C:\Windows\system32\dfshim.dll
2009-08-04 16:01:03 ----A---- C:\Windows\system32\mscoree.dll
2009-08-04 16:00:41 ----A---- C:\Windows\system32\mscorier.dll
2009-08-04 16:00:34 ----A---- C:\Windows\system32\mscories.dll
2009-08-04 15:57:38 ----A---- C:\Windows\system32\occache.dll
2009-08-04 15:57:37 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-08-04 15:57:37 ----A---- C:\Windows\system32\msfeeds.dll
2009-08-04 15:57:37 ----A---- C:\Windows\system32\jsproxy.dll
2009-08-04 15:57:37 ----A---- C:\Windows\system32\ieui.dll
2009-08-04 15:57:37 ----A---- C:\Windows\system32\iepeers.dll
2009-08-04 15:57:36 ----A---- C:\Windows\system32\wininet.dll
2009-08-04 15:57:36 ----A---- C:\Windows\system32\urlmon.dll
2009-08-04 15:57:36 ----A---- C:\Windows\system32\iesetup.dll
2009-08-04 15:57:36 ----A---- C:\Windows\system32\iernonce.dll
2009-08-04 15:57:36 ----A---- C:\Windows\system32\iedkcs32.dll
2009-08-04 15:57:35 ----A---- C:\Windows\system32\msfeedssync.exe
2009-08-04 15:57:35 ----A---- C:\Windows\system32\iertutil.dll
2009-08-04 15:57:35 ----A---- C:\Windows\system32\ie4uinit.exe
2009-08-04 15:57:34 ----A---- C:\Windows\system32\ieframe.dll
2009-08-04 15:57:33 ----A---- C:\Windows\system32\mshtml.dll
2009-08-04 15:57:32 ----A---- C:\Windows\system32\ieUnatt.exe
2009-08-04 15:57:32 ----A---- C:\Windows\system32\iesysprep.dll
2009-08-04 15:54:35 ----A---- C:\Windows\system32\ieakeng.dll
2009-08-04 15:54:35 ----A---- C:\Windows\system32\icardie.dll
2009-08-04 15:54:35 ----A---- C:\Windows\system32\corpol.dll
2009-08-04 15:54:35 ----A---- C:\Windows\system32\advpack.dll
2009-08-04 15:54:35 ----A---- C:\Windows\system32\admparse.dll
2009-08-04 15:54:33 ----A---- C:\Windows\system32\wextract.exe
2009-08-04 15:54:33 ----A---- C:\Windows\system32\pngfilt.dll
2009-08-04 15:54:33 ----A---- C:\Windows\system32\msls31.dll
2009-08-04 15:54:33 ----A---- C:\Windows\system32\imgutil.dll
2009-08-04 15:54:33 ----A---- C:\Windows\system32\ieapfltr.dll
2009-08-04 15:54:33 ----A---- C:\Windows\system32\dxtrans.dll
2009-08-04 15:54:33 ----A---- C:\Windows\system32\dxtmsft.dll
2009-08-04 15:54:32 ----A---- C:\Windows\system32\webcheck.dll
2009-08-04 15:54:32 ----A---- C:\Windows\system32\mstime.dll
2009-08-04 15:54:32 ----A---- C:\Windows\system32\msrating.dll
2009-08-04 15:54:32 ----A---- C:\Windows\system32\mshtmled.dll
2009-08-04 15:54:32 ----A---- C:\Windows\system32\licmgr10.dll
2009-08-04 15:54:32 ----A---- C:\Windows\system32\inseng.dll
2009-08-04 15:54:32 ----A---- C:\Windows\system32\ieakui.dll
2009-08-04 15:54:32 ----A---- C:\Windows\system32\ieaksie.dll
2009-08-04 15:54:31 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-08-04 15:54:31 ----A---- C:\Windows\system32\vbscript.dll
2009-08-04 15:54:31 ----A---- C:\Windows\system32\url.dll
2009-08-04 15:54:31 ----A---- C:\Windows\system32\mshtmler.dll
2009-08-04 15:54:31 ----A---- C:\Windows\system32\jscript.dll
2009-08-04 15:54:30 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-08-04 15:54:30 ----A---- C:\Windows\system32\SetDepNx.exe
2009-08-04 15:54:30 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-08-04 15:54:30 ----A---- C:\Windows\system32\PDMSetup.exe
2009-08-04 15:54:30 ----A---- C:\Windows\system32\mshta.exe
2009-08-04 15:54:30 ----A---- C:\Windows\system32\iexpress.exe
2009-08-03 21:05:17 ----A---- C:\Windows\system32\javaws.exe
2009-08-03 21:05:17 ----A---- C:\Windows\system32\javaw.exe
2009-08-03 21:05:17 ----A---- C:\Windows\system32\java.exe
2009-08-03 21:05:17 ----A---- C:\Windows\system32\deploytk.dll
2009-08-03 21:05:09 ----D---- C:\Program Files (x86)\Java
2009-08-03 20:53:10 ----D---- C:\rsit
2009-08-03 10:48:17 ----D---- C:\AvZ4
2009-08-02 19:25:54 ----D---- C:\ComboFix
2009-08-02 19:25:54 ----A---- C:\Windows\system32\CF25125.exe
2009-08-02 19:21:51 ----A---- C:\Windows\system32\swsc.exe
2009-08-02 19:21:51 ----A---- C:\Windows\system32\CF24237.exe
2009-08-02 19:20:23 ----D---- C:\Qoobox
2009-08-02 19:20:21 ----A---- C:\Bug.txt
2009-08-02 19:20:18 ----A---- C:\Windows\system32\cmd.execf
2009-07-31 11:13:13 ----D---- C:\Program Files (x86)\Trend Micro
2009-07-31 10:28:01 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-07-31 10:27:13 ----D---- C:\Users\NicYip\AppData\Roaming\SUPERAntiSpyware.com
2009-07-31 10:27:13 ----D---- C:\Program Files (x86)\SUPERAntiSpyware
2009-07-31 10:14:03 ----D---- C:\Users\NicYip\AppData\Roaming\Malwarebytes
2009-07-31 10:13:56 ----D---- C:\ProgramData\Malwarebytes
2009-07-31 10:13:56 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-07-30 15:56:27 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-07-30 15:56:27 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2009-07-23 21:57:06 ----A---- C:\Windows\system32\xfcodec.dll
2009-07-23 12:24:49 ----D---- C:\Program Files (x86)\softnyx
2009-07-23 02:03:36 ----D---- C:\Users\NicYip\AppData\Roaming\AVS4YOU
2009-07-23 02:03:36 ----D---- C:\ProgramData\AVS4YOU
2009-07-23 02:01:42 ----D---- C:\Program Files (x86)\Common Files\AVSMedia
2009-07-23 02:01:41 ----D---- C:\Program Files (x86)\AVS4YOU
2009-07-23 02:01:41 ----A---- C:\Windows\system32\msxml3a.dll
2009-07-23 02:01:41 ----A---- C:\Windows\system32\msvcr70.dll
2009-07-23 02:01:41 ----A---- C:\Windows\system32\msvcp70.dll
2009-07-23 02:01:41 ----A---- C:\Windows\system32\mfc70.dll
2009-07-23 02:01:41 ----A---- C:\Windows\system32\GdiPlus.dll
2009-07-23 01:38:01 ----D---- C:\Users\NicYip\AppData\Roaming\Panasonic
2009-07-23 01:36:41 ----A---- C:\Windows\system32\PICSDK2.dll
2009-07-23 01:36:41 ----A---- C:\Windows\system32\PICSDK.ini
2009-07-23 01:36:41 ----A---- C:\Windows\system32\PICSDK.dll
2009-07-23 01:36:41 ----A---- C:\Windows\system32\PICEntry.dll
2009-07-23 01:36:41 ----A---- C:\Windows\system32\EpPicPrt.dll
2009-07-23 01:36:41 ----A---- C:\Windows\system32\EPPicMgr.dll
2009-07-23 01:35:21 ----A---- C:\Windows\system32\GenSvcInst.exe
2009-07-23 01:35:21 ----A---- C:\Windows\system32\bgsvcgen.exe
2009-07-23 01:34:44 ----D---- C:\Program Files (x86)\Panasonic
2009-07-18 00:33:08 ----A---- C:\Windows\system32\GEARAspi.dll
2009-07-18 00:33:03 ----D---- C:\Program Files (x86)\iPod
2009-07-18 00:33:02 ----D---- C:\ProgramData\{35733029-9859-49C7-8475-1E78E2AAE413}
2009-07-18 00:33:02 ----D---- C:\Program Files (x86)\iTunes
2009-07-18 00:31:52 ----D---- C:\Program Files (x86)\QuickTime
2009-07-17 12:29:28 ----A---- C:\Windows\system32\t2embed.dll
2009-07-17 12:29:28 ----A---- C:\Windows\system32\fontsub.dll
2009-07-17 12:29:28 ----A---- C:\Windows\system32\dciman32.dll
2009-07-17 12:29:28 ----A---- C:\Windows\system32\atmfd.dll
2009-07-07 14:19:22 ----D---- C:\Users\NicYip\AppData\Roaming\WinRAR

======List of files/folders modified in the last 1 months======

2009-08-05 10:23:53 ----D---- C:\Windows\Prefetch
2009-08-05 10:23:47 ----D---- C:\Windows\Temp
2009-08-05 10:11:56 ----D---- C:\Windows\System32
2009-08-05 10:11:56 ----D---- C:\Windows\inf
2009-08-04 18:51:12 ----D---- C:\Windows\system32\drivers
2009-08-04 18:24:28 ----D---- C:\Windows\SysWOW64
2009-08-04 17:19:41 ----D---- C:\Windows\rescache
2009-08-04 17:04:24 ----SHD---- C:\System Volume Information
2009-08-04 16:56:47 ----RSD---- C:\Windows\assembly
2009-08-04 16:56:31 ----D---- C:\Windows\Microsoft.NET
2009-08-04 16:48:25 ----D---- C:\Program Files (x86)\EA GAMES
2009-08-04 16:48:24 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-08-04 16:41:13 ----D---- C:\Windows\system32\XPSViewer
2009-08-04 16:41:05 ----D---- C:\Windows\system32\wbem
2009-08-04 16:41:05 ----D---- C:\Windows\system32\en-US
2009-08-04 16:40:42 ----D---- C:\Windows\system32\migration
2009-08-04 16:40:42 ----D---- C:\Program Files (x86)\Internet Explorer
2009-08-04 16:40:35 ----D---- C:\Windows\PolicyDefinitions
2009-08-04 16:22:48 ----D---- C:\Windows\winsxs
2009-08-04 16:08:59 ----HD---- C:\$AVG8.VAULT$
2009-08-04 16:00:25 ----SHD---- C:\Windows\Installer
2009-08-04 15:58:33 ----D---- C:\Windows\Debug
2009-08-04 15:44:57 ----D---- C:\Program Files (x86)\Winamp
2009-08-04 15:44:18 ----RD---- C:\Program Files (x86)
2009-08-04 15:44:18 ----RD---- C:\Program Files
2009-08-04 11:57:24 ----D---- C:\Users\NicYip\AppData\Roaming\Xfire
2009-07-31 10:28:01 ----HD---- C:\ProgramData
2009-07-31 10:26:42 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-07-31 10:23:48 ----SD---- C:\Windows\Downloaded Program Files
2009-07-31 10:22:55 ----HD---- C:\Users\NicYip\AppData\Roaming\ijjigame
2009-07-31 10:22:45 ----A---- C:\Windows\ROSE Online Evolution Uninstall Log.txt
2009-07-31 10:20:03 ----D---- C:\Windows
2009-07-30 15:16:03 ----D---- C:\ProgramData\Xfire
2009-07-29 15:58:53 ----D---- C:\Program Files (x86)\Xfire
2009-07-28 01:14:38 ----A---- C:\Windows\ROSE Online Evolution Setup Log.txt
2009-07-23 12:44:50 ----D---- C:\Windows\Tasks
2009-07-23 02:54:07 ----A---- C:\cmdline.txt
2009-07-23 02:01:42 ----D---- C:\Program Files (x86)\Common Files
2009-07-23 01:36:31 ----RSD---- C:\Windows\Fonts
2009-07-18 10:14:06 ----D---- C:\Program Files (x86)\Windows Mail
2009-07-18 00:34:28 ----D---- C:\Program Files (x86)\CoreFoundation.resources
2009-07-18 00:34:27 ----D---- C:\Program Files (x86)\Safari.resources
2009-07-18 00:34:19 ----D---- C:\Program Files (x86)\WebKit.resources
2009-07-18 00:34:13 ----D---- C:\Program Files (x86)\PubSub.resources
2009-07-18 00:34:12 ----D---- C:\Program Files (x86)\Plugins
2009-07-18 00:34:11 ----D---- C:\Program Files (x86)\CFNetwork.resources
2009-07-18 00:33:03 ----D---- C:\Program Files (x86)\Common Files\Apple
2009-07-18 00:33:02 ----D---- C:\ProgramData\Apple Computer
2009-07-17 15:01:46 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx64;AVG Free AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys []
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys []
R1 AvgTdiA;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdia.sys []
R1 cdrbsdrv;cdrbsdrv; C:\Windows\system32\drivers\cdrbsdrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista; C:\Windows\system32\DRIVERS\netr7364.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-07-28 9968]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2009-07-28 72944]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files (x86)\softnyx\GunboundWC\GameGuard\dump_wmimmc.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-04 4682]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx64.sys []
S3 rt61x64;Linksys Wireless-G PCI Adapter Driver; C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-07-28 7408]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\Program Files (x86)\AVG\AVG8\avgemc.exe [2009-07-19 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe [2009-06-25 298776]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\SysWOW64\bgsvcgen.exe [2007-06-15 145504]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2007-10-12 918528]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2007-10-12 178176]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-08-04 75064]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 WMP54Gv4SVC;WMP54Gv4SVC; C:\Program Files (x86)\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [2004-02-06 41025]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-03-16 2849757]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

-----------------EOF-----------------


----------



## eddie5659 (Mar 19, 2001)

Can you do a scan of these:


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*C:\Windows\system32\CF25125.exe*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.

Also, do the same with these:

*C:\Windows\system32\CF24237.exe
C:\Windows\system32\cmd.execf
C:\Windows\system32\xfcodec.dll*

eddie


----------



## jumbo1990 (Feb 17, 2006)

*C:\Windows\system32\CF25125.exe *

VirSCAN.org Scanned Report :
Scanned time : 2009/06/05 00:31:50 (EDT)
Scanner results: 79% Scanner(30/38) found malware!
File Name : 1.html
File Size : 4037 byte
File Type : Sendmail frozen configuration - version body bgcolor=
MD5 : 4a2514195555a43458b4e087d29124be
SHA1 : e96f20c01c95b12a6cf9992b1e16deaac5ca025c
Online report : http://virscan.org/report/e8541b64f8b1bb1cbd8e955aa9dfd4d2.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090604013225 2009-06-04 2.05 Virus.Win32.Killmbr.D!IK
AhnLab V3 2009.06.05.00 2009.06.05 2009-06-05 0.74 Win-Trojan/Dialer.712704.B
AntiVir 8.2.0.180 7.1.4.59 2009-06-04 0.55 KIT/GhostDial.1
Antiy 2.0.18 20090604.2498051 2009-06-04 0.15 Trojan/Win32.Dialer.gvg
Arcavir 2009 200906041608 2009-06-04 0.39 Dialer.Bib
Authentium 5.1.1 200906041652 2009-06-04 1.18 W32/Trojan2.DOJN (Exact)
AVAST! 4.7.4 090604-0 2009-06-04 0.05 Win32ialer-1314 [Trj]
AVG 8.5.286 270.12.53/2155 2009-06-05 0.37 Dialer.KNV
BitDefender 7.81008.3335505 7.25811 2009-06-05 0.75 Trojan.Generic.1004008
CA (VET) 9.0.0.143 31.6.6539 2009-06-05 9.17 -
ClamAV 0.95.1 9421 2009-06-05 0.18 Dialer-3765
Comodo 3.9 1259 2009-06-04 0.74 ApplicUnwnt.Win32.PornTool.Agent.fi
CP Secure 1.1.0.715 2009.06.03 2009-06-03 9.97 -
Dr.Web 4.44.0.9170 2009.06.05 2009-06-05 4.85 BackDoor.Pigeon.12989
F-Prot 4.4.4.56 20090604 2009-06-04 1.15 W32/Trojan2.DOJN (exact)
F-Secure 5.51.6100 2009.06.05.03 2009-06-05 5.79 -
Fortinet 2.81-3.117 10.466 2009-06-04 0.35 Suspicious
GData 19.5615/19.353 20090605 2009-06-05 4.39 Win32ialer-1313 [Trj] [Engine:B]
ViRobot 20090604 2009.06.04 2009-06-04 0.42 -
Ikarus T3.1.01.57 2009.06.03.72814 2009-06-03 3.11 Virus.Win32.Killmbr.D
JiangMin 11.0.706 2009.06.03 2009-06-03 2.07 Trojan/Dialer.gnc
Kaspersky 5.5.10 2009.06.05 2009-06-05 0.08 not-a-virusorn-Dialer.Win32.Agent.fi
KingSoft 2009.2.5.15 2009.6.4.21 2009-06-04 0.51 Win32.Hack.ReSSDT.c.716800
McAfee 5.3.00 5636 2009-06-04 2.97 BackDoor-DSQ
Microsoft 1.4701 2009.06.04 2009-06-04 4.29 Backdoor:Win32/Farfli.J
mks_vir 2.01 2009.06.05 2009-06-05 3.35 -
Norman 6.01.05 6.01.00 2009-06-02 4.01 W32/Dialer.DHRP
Panda 9.05.01 2009.06.04 2009-06-04 1.86 -
Trend Micro 8.700-1004 6.170.08 2009-06-04 0.06 TROJ_DIAL.RHB
Quick Heal 10.00 2009.06.05 2009-06-05 1.37 -
Rising 20.0 21.32.34.00 2009-06-04 0.99 Backdoor.Win32.Drwolf.axh
Sophos 2.87.1 4.42 2009-06-05 2.44 Mal/Whybo-A
Sunbelt 5170 5170 2009-06-04 0.94 Porn-Dialer.Win32.Agent.fi
Symantec 1.3.0.24 20090604.002 2009-06-04 0.06 -
nProtect 20090604.01 4070376 2009-06-04 5.23 Trojan/W32.Dialer.712704
The Hacker 6.3.4.3 v00340 2009-06-04 0.63 Trojan/Dialer.Agent.fi
VBA32 3.12.10.6 20090604.1412 2009-06-04 1.96 Porn-Dialer.Win32.Agent.fi
VirusBuster 4.5.11.10 10.107.2/1575686 2009-06-04 1.90 Dialer.Agent.IFEU

*C:\Windows\system32\CF24237.exe*

VirSCAN.org Scanned Report :
Scanned time : 2009/06/05 00:31:50 (EDT)
Scanner results: 79% Scanner(30/38) found malware!
File Name : 1.html
File Size : 4037 byte
File Type : Sendmail frozen configuration - version body bgcolor=
MD5 : 4a2514195555a43458b4e087d29124be
SHA1 : e96f20c01c95b12a6cf9992b1e16deaac5ca025c
Online report : http://virscan.org/report/e8541b64f8b1bb1cbd8e955aa9dfd4d2.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090604013225 2009-06-04 2.05 Virus.Win32.Killmbr.D!IK
AhnLab V3 2009.06.05.00 2009.06.05 2009-06-05 0.74 Win-Trojan/Dialer.712704.B
AntiVir 8.2.0.180 7.1.4.59 2009-06-04 0.55 KIT/GhostDial.1
Antiy 2.0.18 20090604.2498051 2009-06-04 0.15 Trojan/Win32.Dialer.gvg
Arcavir 2009 200906041608 2009-06-04 0.39 Dialer.Bib
Authentium 5.1.1 200906041652 2009-06-04 1.18 W32/Trojan2.DOJN (Exact)
AVAST! 4.7.4 090604-0 2009-06-04 0.05 Win32ialer-1314 [Trj]
AVG 8.5.286 270.12.53/2155 2009-06-05 0.37 Dialer.KNV
BitDefender 7.81008.3335505 7.25811 2009-06-05 0.75 Trojan.Generic.1004008
CA (VET) 9.0.0.143 31.6.6539 2009-06-05 9.17 -
ClamAV 0.95.1 9421 2009-06-05 0.18 Dialer-3765
Comodo 3.9 1259 2009-06-04 0.74 ApplicUnwnt.Win32.PornTool.Agent.fi
CP Secure 1.1.0.715 2009.06.03 2009-06-03 9.97 -
Dr.Web 4.44.0.9170 2009.06.05 2009-06-05 4.85 BackDoor.Pigeon.12989
F-Prot 4.4.4.56 20090604 2009-06-04 1.15 W32/Trojan2.DOJN (exact)
F-Secure 5.51.6100 2009.06.05.03 2009-06-05 5.79 -
Fortinet 2.81-3.117 10.466 2009-06-04 0.35 Suspicious
GData 19.5615/19.353 20090605 2009-06-05 4.39 Win32ialer-1313 [Trj] [Engine:B]
ViRobot 20090604 2009.06.04 2009-06-04 0.42 -
Ikarus T3.1.01.57 2009.06.03.72814 2009-06-03 3.11 Virus.Win32.Killmbr.D
JiangMin 11.0.706 2009.06.03 2009-06-03 2.07 Trojan/Dialer.gnc
Kaspersky 5.5.10 2009.06.05 2009-06-05 0.08 not-a-virusorn-Dialer.Win32.Agent.fi
KingSoft 2009.2.5.15 2009.6.4.21 2009-06-04 0.51 Win32.Hack.ReSSDT.c.716800
McAfee 5.3.00 5636 2009-06-04 2.97 BackDoor-DSQ
Microsoft 1.4701 2009.06.04 2009-06-04 4.29 Backdoor:Win32/Farfli.J
mks_vir 2.01 2009.06.05 2009-06-05 3.35 -
Norman 6.01.05 6.01.00 2009-06-02 4.01 W32/Dialer.DHRP
Panda 9.05.01 2009.06.04 2009-06-04 1.86 -
Trend Micro 8.700-1004 6.170.08 2009-06-04 0.06 TROJ_DIAL.RHB
Quick Heal 10.00 2009.06.05 2009-06-05 1.37 -
Rising 20.0 21.32.34.00 2009-06-04 0.99 Backdoor.Win32.Drwolf.axh
Sophos 2.87.1 4.42 2009-06-05 2.44 Mal/Whybo-A
Sunbelt 5170 5170 2009-06-04 0.94 Porn-Dialer.Win32.Agent.fi
Symantec 1.3.0.24 20090604.002 2009-06-04 0.06 -
nProtect 20090604.01 4070376 2009-06-04 5.23 Trojan/W32.Dialer.712704
The Hacker 6.3.4.3 v00340 2009-06-04 0.63 Trojan/Dialer.Agent.fi
VBA32 3.12.10.6 20090604.1412 2009-06-04 1.96 Porn-Dialer.Win32.Agent.fi
VirusBuster 4.5.11.10 10.107.2/1575686 2009-06-04 1.90 Dialer.Agent.IFEU

*C:\Windows\system32\cmd.execf*

VirSCAN.org Scanned Report :
Scanned time : 2009/06/05 00:31:50 (EDT)
Scanner results: 79% Scanner(30/38) found malware!
File Name : 1.html
File Size : 4037 byte
File Type : Sendmail frozen configuration - version body bgcolor=
MD5 : 4a2514195555a43458b4e087d29124be
SHA1 : e96f20c01c95b12a6cf9992b1e16deaac5ca025c
Online report : http://virscan.org/report/e8541b64f8b1bb1cbd8e955aa9dfd4d2.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090604013225 2009-06-04 2.05 Virus.Win32.Killmbr.D!IK
AhnLab V3 2009.06.05.00 2009.06.05 2009-06-05 0.74 Win-Trojan/Dialer.712704.B
AntiVir 8.2.0.180 7.1.4.59 2009-06-04 0.55 KIT/GhostDial.1
Antiy 2.0.18 20090604.2498051 2009-06-04 0.15 Trojan/Win32.Dialer.gvg
Arcavir 2009 200906041608 2009-06-04 0.39 Dialer.Bib
Authentium 5.1.1 200906041652 2009-06-04 1.18 W32/Trojan2.DOJN (Exact)
AVAST! 4.7.4 090604-0 2009-06-04 0.05 Win32ialer-1314 [Trj]
AVG 8.5.286 270.12.53/2155 2009-06-05 0.37 Dialer.KNV
BitDefender 7.81008.3335505 7.25811 2009-06-05 0.75 Trojan.Generic.1004008
CA (VET) 9.0.0.143 31.6.6539 2009-06-05 9.17 -
ClamAV 0.95.1 9421 2009-06-05 0.18 Dialer-3765
Comodo 3.9 1259 2009-06-04 0.74 ApplicUnwnt.Win32.PornTool.Agent.fi
CP Secure 1.1.0.715 2009.06.03 2009-06-03 9.97 -
Dr.Web 4.44.0.9170 2009.06.05 2009-06-05 4.85 BackDoor.Pigeon.12989
F-Prot 4.4.4.56 20090604 2009-06-04 1.15 W32/Trojan2.DOJN (exact)
F-Secure 5.51.6100 2009.06.05.03 2009-06-05 5.79 -
Fortinet 2.81-3.117 10.466 2009-06-04 0.35 Suspicious
GData 19.5615/19.353 20090605 2009-06-05 4.39 Win32ialer-1313 [Trj] [Engine:B]
ViRobot 20090604 2009.06.04 2009-06-04 0.42 -
Ikarus T3.1.01.57 2009.06.03.72814 2009-06-03 3.11 Virus.Win32.Killmbr.D
JiangMin 11.0.706 2009.06.03 2009-06-03 2.07 Trojan/Dialer.gnc
Kaspersky 5.5.10 2009.06.05 2009-06-05 0.08 not-a-virusorn-Dialer.Win32.Agent.fi
KingSoft 2009.2.5.15 2009.6.4.21 2009-06-04 0.51 Win32.Hack.ReSSDT.c.716800
McAfee 5.3.00 5636 2009-06-04 2.97 BackDoor-DSQ
Microsoft 1.4701 2009.06.04 2009-06-04 4.29 Backdoor:Win32/Farfli.J
mks_vir 2.01 2009.06.05 2009-06-05 3.35 -
Norman 6.01.05 6.01.00 2009-06-02 4.01 W32/Dialer.DHRP
Panda 9.05.01 2009.06.04 2009-06-04 1.86 -
Trend Micro 8.700-1004 6.170.08 2009-06-04 0.06 TROJ_DIAL.RHB
Quick Heal 10.00 2009.06.05 2009-06-05 1.37 -
Rising 20.0 21.32.34.00 2009-06-04 0.99 Backdoor.Win32.Drwolf.axh
Sophos 2.87.1 4.42 2009-06-05 2.44 Mal/Whybo-A
Sunbelt 5170 5170 2009-06-04 0.94 Porn-Dialer.Win32.Agent.fi
Symantec 1.3.0.24 20090604.002 2009-06-04 0.06 -
nProtect 20090604.01 4070376 2009-06-04 5.23 Trojan/W32.Dialer.712704
The Hacker 6.3.4.3 v00340 2009-06-04 0.63 Trojan/Dialer.Agent.fi
VBA32 3.12.10.6 20090604.1412 2009-06-04 1.96 Porn-Dialer.Win32.Agent.fi
VirusBuster 4.5.11.10 10.107.2/1575686 2009-06-04 1.90 Dialer.Agent.IFEU

*C:\Windows\system32\xfcodec.dll*

VirSCAN.org Scanned Report :
Scanned time : 1969/12/31 19:00:00 (EST)
Scanner results: All Scanners reported not find malware!
File Name : 
File Size : byte
File Type : 
MD5 : 
SHA1 : 
Online report : http://virscan.org/report/.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result


----------



## eddie5659 (Mar 19, 2001)

Okay, lets remove those:

Please *download* *OTM* 

 *Save* it to your *desktop*.
 Please double-click *OTM* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Processes
explorer.exe
:Files
C:\Windows\system32\CF25125.exe
C:\Windows\system32\CF24237.exe
C:\Windows\system32\cmd.execf
:Commands
[purity]
[emptytemp]
[Reboot]
```

Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.

Click the red *Moveit!* button.
*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM* and reboot your PC.
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.* In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

-------------

Then, do the following:

Download *OTS* to your Desktop

Double-click on *OTS.exe* to start the program. Make sure you close all other programs and *don't* use the PC while the scan runs.
Now click the *Run Scan* button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
When the scan is complete Notepad will open with the report file loaded in it.
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it.
Use the Go Advanced button and post the information back here in an *attachment*. I will review it when it comes in. The last line is *< End of Report >*, so make sure that is the last line in the attached report.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*

eddie


----------



## jumbo1990 (Feb 17, 2006)

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Windows\system32\CF25125.exe moved successfully.
C:\Windows\system32\CF24237.exe moved successfully.
C:\Windows\system32\cmd.execf moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NicYip
->Temp folder emptied: 133759169 bytes
File delete failed. C:\Users\NicYip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 55961804 bytes
->Java cache emptied: 14158186 bytes
->Apple Safari cache emptied: 33262 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 28512 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 194.49 mb

OTM by OldTimer - Version 3.0.0.6 log created on 08142009_164615

Files moved on Reboot...

Registry entries deleted on Reboot...


----------



## jumbo1990 (Feb 17, 2006)

I attached the OTS.Txt to this reply.


----------



## eddie5659 (Mar 19, 2001)

Can you scan this one for me:


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*C:\Windows\SysWow64\perfhost.exe*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.

----------

Have you added any entries to the Hosts file?

Also, do you know what this folder is:

*C:\Users\NicYip\AppData\Roaming\ijjigame*

--------

Please download *Runscanner* to your desktop and run it.

When the first page comes up select *Beginner Mode*
On the next page select *Save a binary .Run file (Recommended)* then click *Start full scan* at the top.
At this time Runscanner.exe may request *access to the Internet* through your firewall please allow it to do so, it will then run for two or three minutes.
On completion it will ask for a location to save the file and a name. It will do this for both the *.run file* and the *log file*
Call the .run file *"RSReport"* and save it to your desktop. You will see the *RSReport.run* file on your desktop. Rightclick on it and select *Send To* then select *Compressed (zipped) Folder * and upload that zip here. Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  )











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *RSReport.zip* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










eddie


----------



## jumbo1990 (Feb 17, 2006)

VirSCAN.org Scanned Report :
Scanned time : 2009/08/16 01:43:38 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : perfhost.exe
File Size : 19968 byte
File Type : PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5 : 0ed8727ea0172860f47258456c06caea
SHA1 : 6c05fb8b4f7643d07c674cd27b42b777fcb0bffa
Online report : http://virscan.org/report/1da1a9dc85ba7402a29d0359511e5346.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.3 20090815010138 2009-08-15 0.52 -
AhnLab V3 2009.08.15.01 2009.08.15 2009-08-15 1.06 -
AntiVir 8.2.1.1 7.1.5.117 2009-08-14 0.26 -
Antiy 2.0.18 20090816.2711867 2009-08-16 0.12 -
Arcavir 2009 200908151354 2009-08-15 0.01 -
Authentium 5.1.1 200908151759 2009-08-15 1.20 -
AVAST! 4.7.4 090815-0 2009-08-15 0.01 -
AVG 8.5.288 270.13.58/2305 2009-08-16 0.32 -
BitDefender 7.81008.3880410 7.27182 2009-08-16 3.33 -
CA (VET) 9.0.0.143 31.6.6677 2009-08-15 6.91 -
ClamAV 0.95.2 9702 2009-08-16 0.02 -
Comodo 3.10 1985 2009-08-16 1.08 -
CP Secure 1.1.0.715 2009.08.14 2009-08-14 12.07 -
Dr.Web 4.44.0.9170 2009.08.16 2009-08-16 5.12 -
F-Prot 4.4.4.56 20090815 2009-08-15 1.17 -
F-Secure 7.02.73807 2009.08.15.02 2009-08-15 0.08 -
Fortinet 2.81-3.120 10.721 2009-08-15 0.33 -
GData 19.7162/19.440 20090816 2009-08-16 4.77 -
ViRobot 20090814 2009.08.14 2009-08-14 0.41 -
Ikarus T3.1.01.64 2009.08.16.73246 2009-08-16 4.14 -
JiangMin 11.0.800 2009.08.15 2009-08-15 4.28 -
Kaspersky 5.5.10 2009.08.16 2009-08-16 0.06 -
KingSoft 2009.2.5.15 2009.8.15.22 2009-08-15 0.68 -
McAfee 5.3.00 5710 2009-08-15 3.06 -
Microsoft 1.4903 2009.08.15 2009-08-15 5.44 -
Norman 6.01.09 6.01.00 2009-08-14 4.01 -
Panda 9.05.01 2009.08.15 2009-08-15 1.68 -
Trend Micro 8.700-1004 6.366.19 2009-08-15 0.03 -
Quick Heal 10.00 2009.08.13 2009-08-13 1.08 -
Rising 20.0 21.42.60.00 2009-08-16 0.82 -
Sophos 2.89.1 4.44 2009-08-16 3.08 -
Sunbelt 5336 5336 2009-08-15 1.38 -
Symantec 1.3.0.24 20090815.003 2009-08-15 0.05 -
nProtect 20090816.01 5054570 2009-08-16 6.28 -
The Hacker 6.3.4.3 v00383 2009-08-12 0.68 -
VBA32 3.12.10.9 20090815.1958 2009-08-15 1.83 -
VirusBuster 4.5.11.10 10.112.6/1792870 2009-08-15 2.20 -


----------



## jumbo1990 (Feb 17, 2006)

the runscanner won't work, considering it doesnt support 64-bit systems.

The folder: 
C:\Users\NicYip\AppData\Roaming\ijjigame

use to be for a game I use to play, its on this website www.ijji.com.


----------



## eddie5659 (Mar 19, 2001)

Lets just check for Rootkits, and if all clear, you should be clear of malware:

*We Need to check for Rootkits with RootRepeal*

Download RootRepeal from the following location and save it to your desktop.
*Zip Mirrors (Recommended)*
Primary Mirror
Secondary Mirror
Secondary Mirror

*Rar Mirrors* - Only if you know what a RAR is and can extract it.
Primary Mirror
Secondary Mirror
Secondary Mirror


Extract RootRepeal.exe from the archive.
Open







on your desktop.
Click the







tab.
Click the







button.
Check all seven boxes:








Push Ok
Check the box for your main system drive (Usually C, and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the







button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *RSReport.zip* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*


----------



## jumbo1990 (Feb 17, 2006)

Unable to use this program, it doesn't support 64-bit.


----------



## eddie5659 (Mar 19, 2001)

Blast 

Lets see about this one:

Download GMER from *here*:


Unzip it to the desktop.
Open the program and click on the *Rootkit* tab.
Make sure all the boxes on the right of the screen are checked, *EXCEPT* for 'Show All'.
Click on *Scan*.
When the scan has run click *Copy* and paste the results (if any) into this thread.


----------



## jumbo1990 (Feb 17, 2006)

It found nothing


----------



## Guest (Aug 20, 2009)

Sorry to hear about your troubles but I found out recently that AVG isn't a good free anti software virus protector because I had a trogan virus and I used AVG anti virus free version and it doesn't get rid of the virus, it says it does but it really doesn't. I wouls suggest to buy norton a paid anti virus that is one of the best anti virus softwares that you can buy. It takes a few more minutes to load your computer but it is awesome. I've had it and no viruses have ever came up on my computer. If you want to buy it, it probably avaliable at Future shop, best buy, London Drugs. 

Or if you want a free anti virus software I would suggets Malwarebytes anti virus and spybot search and destory. You can download them both for a better protection for you computer becasue they each do thiongs a bit different but there both good to have.

And a trogan virus can affect your computer and can aslo affected game that you play on your computer. So if you still have the trogan virus I would suggest to not insert a disk and aslo get one of the anti virus softwares I suggets.

Good luck with you virus.


----------



## eddie5659 (Mar 19, 2001)

Okay, it looks like its all clear now, but lets just use OTL. Basically, its like HijackThis, but a bit deeper in looking.

As you have the 64-bit Windows, it may see the things HJT can't. If its all clear, we'll use a quick program to clean up some other stuff, remove the tools we've used (apart from MBAM and SAS), and you should be okay:


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTListIt.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


----------



## jumbo1990 (Feb 17, 2006)

OTL logfile created on: 8/21/2009 8:21:46 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\NicYip\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 64.42% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 360.97 Gb Free Space | 77.50% Space Free | Partition Type: NTFS
Drive D: | 1.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICK
Current User Name: NicYip
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Users\NicYip\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - (ForceWare Intelligent Application Manager (IAM) [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV:*64bit:* - (nSvcIp [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV:*64bit:* - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (bgsvcgen [Auto | Running]) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (KeyIso [On_Demand | Running]) -- C:\Windows\SysWow64\keyiso.dll (Microsoft Corporation)
SRV - (MSDTC [Unknown | Stopped]) -- C:\Windows\SysWow64\Msdtc [2006/11/02 09:34:14 | 00,000,000 | ---D | M]
SRV - (Netlogon [On_Demand | Stopped]) -- C:\Windows\SysWow64\netlogon.dll (Microsoft Corporation)
SRV - (npggsvc [On_Demand | Stopped]) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\SysWow64\PnkBstrA.exe ()
SRV - (vds [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vds.mof ()
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (VSS [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\vss.mof ()

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (AvgLdx64 [System | Running]) -- C:\Windows\SysNative\Drivers\avgldx64.sys ()
DRV:*64bit:* - (AvgMfx64 [System | Running]) -- C:\Windows\SysNative\Drivers\avgmfx64.sys ()
DRV:*64bit:* - (AvgTdiA [System | Running]) -- C:\Windows\SysNative\Drivers\avgtdia.sys ()
DRV:*64bit:* - (cdrbsdrv [System | Running]) -- C:\Windows\SysNative\drivers\cdrbsdrv.sys ()
DRV:*64bit:* - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:*64bit:* - (netr7364 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\netr7364.sys ()
DRV:*64bit:* - (rt61x64 [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\WMP54Gv41x64.sys ()
DRV:*64bit:* - (RTL8169 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:*64bit:* - (usbaudio [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\usbaudio.sys ()
DRV - (mpsdrv [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\mpsdrv.mof ()
DRV - (NPPTNT2 [On_Demand | Stopped]) -- C:\Windows\SysWow64\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (SASDIFSV [System | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (speedfan [Boot | Running]) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (Tcpip [Boot | Running]) -- C:\Windows\SysWow64\Wbem\tcpip.mof ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/04 16:00:20 | 00,000,000 | ---D | M]

O1 HOSTS File: (318435 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 10922 more lines...
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:*64bit:* - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:*64bit:* - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:*64bit:* - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL ()
O4:*64bit:* - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4:*64bit:* - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files (x86)\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:*64bit:* - ..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2 167.206.254.1 167.206.254.2
O18:*64bit:* - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:*64bit:* - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:*64bit:* - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:*64bit:* - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:*64bit:* - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:*64bit:* - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/22 19:22:41 | 01,187,840 | R--- | M] () - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005/05/22 19:22:41 | 01,187,840 | R--- | M] () - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005/05/22 19:22:40 | 00,000,043 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{dbbae017-6a3f-11dd-8f5f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dbbae017-6a3f-11dd-8f5f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2005/05/22 19:22:41 | 01,187,840 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found


----------



## jumbo1990 (Feb 17, 2006)

========== Files/Folders - Created Within 30 Days ==========

[2009/08/21 08:20:37 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\NicYip\Desktop\OTL.exe
[2009/08/19 18:25:27 | 00,288,768 | ---- | C] () -- C:\Users\NicYip\Desktop\z5ige528.exe
[2009/08/18 23:51:35 | 00,464,491 | ---- | C] () -- C:\Users\NicYip\Desktop\RootRepeal.zip
[2009/08/16 01:50:34 | 00,000,000 | ---D | C] -- C:\Users\NicYip\AppData\Local\Runscanner.net
[2009/08/16 01:50:13 | 01,295,015 | ---- | C] () -- C:\Users\NicYip\Desktop\runscanner.zip
[2009/08/14 16:50:17 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\NicYip\Desktop\OTS.exe
[2009/08/14 16:46:15 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/08/14 16:45:14 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Users\NicYip\Desktop\OTM.exe
[2009/08/13 12:10:21 | 01,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2009/08/13 12:10:21 | 00,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
[2009/08/13 12:10:21 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2009/08/13 12:10:20 | 00,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2009/08/13 12:10:20 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kerberos.dll
[2009/08/13 12:10:20 | 00,338,944 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2009/08/13 12:10:20 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schannel.dll
[2009/08/13 12:10:20 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/08/13 12:10:20 | 00,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2009/08/13 12:10:20 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdigest.dll
[2009/08/13 12:10:20 | 00,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2009/08/13 12:10:20 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secur32.dll
[2009/08/13 12:10:20 | 00,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2009/08/12 20:42:16 | 02,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2009/08/12 20:42:16 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2009/08/12 20:42:13 | 00,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2009/08/12 20:42:13 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl.dll
[2009/08/12 20:42:11 | 00,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2009/08/12 20:42:10 | 00,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2009/08/12 20:42:10 | 00,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2009/08/12 20:42:09 | 00,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2009/08/12 20:42:09 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2009/08/12 20:42:04 | 13,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2009/08/12 20:42:02 | 10,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/08/12 20:42:01 | 00,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2009/08/12 20:42:01 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2009/08/12 20:42:01 | 00,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2009/08/12 20:42:00 | 08,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2009/08/12 20:42:00 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/08/12 20:42:00 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2009/08/12 20:42:00 | 00,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2009/08/12 20:42:00 | 00,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2009/08/12 20:42:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2009/08/12 20:42:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2009/08/12 20:41:59 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.tlb
[2009/08/12 20:41:59 | 00,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2009/08/12 20:41:59 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amcompat.tlb
[2009/08/12 20:41:59 | 00,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2009/08/11 19:09:31 | 00,166,912 | ---- | C] () -- C:\Windows\SysNative\drivers\Rtlh64.sys
[2009/08/04 18:24:28 | 00,189,672 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/08/04 18:24:06 | 00,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/08/04 16:56:58 | 00,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2009/08/04 16:56:31 | 00,000,000 | ---D | C] -- C:\Users\NicYip\Documents\Battlefield 2
[2009/08/04 16:15:04 | 00,049,160 | ---- | C] () -- C:\Windows\SysNative\infocardcpl.cpl
[2009/08/04 16:15:04 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardcpl.cpl
[2009/08/04 16:15:02 | 01,383,936 | ---- | C] () -- C:\Windows\SysNative\icardagt.exe
[2009/08/04 16:15:02 | 01,168,928 | ---- | C] () -- C:\Windows\SysNative\PresentationNative_v0300.dll
[2009/08/04 16:15:02 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationNative_v0300.dll
[2009/08/04 16:15:02 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2009/08/04 16:15:02 | 00,167,432 | ---- | C] () -- C:\Windows\SysNative\infocardapi.dll
[2009/08/04 16:15:02 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2009/08/04 16:15:02 | 00,052,760 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2009/08/04 16:15:02 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2009/08/04 16:15:02 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2009/08/04 16:15:02 | 00,011,264 | ---- | C] () -- C:\Windows\SysNative\icardres.dll
[2009/08/04 16:14:59 | 00,126,520 | ---- | C] () -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2009/08/04 16:14:59 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2009/08/04 16:14:58 | 00,357,904 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2009/08/04 16:14:58 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2009/08/04 16:01:30 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2009/08/04 16:01:30 | 00,013,824 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2009/08/04 16:01:19 | 00,112,120 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2009/08/04 16:01:19 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2009/08/04 16:01:03 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscoree.dll
[2009/08/04 16:01:02 | 00,406,528 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2009/08/04 16:00:41 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2009/08/04 16:00:41 | 00,158,208 | ---- | C] () -- C:\Windows\SysNative\mscorier.dll
[2009/08/04 16:00:35 | 00,076,288 | ---- | C] () -- C:\Windows\SysNative\mscories.dll
[2009/08/04 16:00:34 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2009/08/04 15:57:38 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/08/04 15:57:38 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/08/04 15:57:38 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009/08/04 15:57:38 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/08/04 15:57:38 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/08/04 15:57:37 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009/08/04 15:57:37 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/08/04 15:57:37 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2009/08/04 15:57:37 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009/08/04 15:57:37 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/08/04 15:57:37 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/08/04 15:57:37 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009/08/04 15:57:37 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2009/08/04 15:57:37 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/08/04 15:57:37 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/08/04 15:57:36 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/08/04 15:57:36 | 01,146,880 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/08/04 15:57:36 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/08/04 15:57:36 | 00,458,240 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/08/04 15:57:36 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/08/04 15:57:36 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009/08/04 15:57:36 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/08/04 15:57:36 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009/08/04 15:57:36 | 00,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2009/08/04 15:57:36 | 00,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2009/08/04 15:57:36 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/08/04 15:57:36 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2009/08/04 15:57:35 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/08/04 15:57:35 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/08/04 15:57:35 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009/08/04 15:57:35 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/08/04 15:57:35 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/08/04 15:57:35 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/08/04 15:57:35 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/08/04 15:57:34 | 12,458,496 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/08/04 15:57:34 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/08/04 15:57:33 | 09,233,408 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/08/04 15:57:33 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/08/04 15:57:32 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009/08/04 15:57:32 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/08/04 15:57:32 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2009/08/04 15:57:32 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/08/04 15:54:35 | 00,161,792 | ---- | C] () -- C:\Windows\SysNative\advpack.dll
[2009/08/04 15:54:35 | 00,157,696 | ---- | C] () -- C:\Windows\SysNative\ieakeng.dll
[2009/08/04 15:54:35 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2009/08/04 15:54:35 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2009/08/04 15:54:35 | 00,088,064 | ---- | C] () -- C:\Windows\SysNative\admparse.dll
[2009/08/04 15:54:35 | 00,085,504 | ---- | C] () -- C:\Windows\SysNative\icardie.dll
[2009/08/04 15:54:35 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2009/08/04 15:54:35 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2009/08/04 15:54:35 | 00,022,528 | ---- | C] () -- C:\Windows\SysNative\corpol.dll
[2009/08/04 15:54:35 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\corpol.dll
[2009/08/04 15:54:34 | 00,223,232 | ---- | C] () -- C:\Windows\SysNative\msls31.dll
[2009/08/04 15:54:34 | 00,077,824 | ---- | C] () -- C:\Windows\SysNative\tdc.ocx
[2009/08/04 15:54:34 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2009/08/04 15:54:34 | 00,055,808 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2009/08/04 15:54:34 | 00,052,736 | ---- | C] () -- C:\Windows\SysNative\imgutil.dll
[2009/08/04 15:54:33 | 00,508,416 | ---- | C] () -- C:\Windows\SysNative\dxtmsft.dll
[2009/08/04 15:54:33 | 00,481,280 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2009/08/04 15:54:33 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2009/08/04 15:54:33 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2009/08/04 15:54:33 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2009/08/04 15:54:33 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2009/08/04 15:54:33 | 00,125,952 | ---- | C] () -- C:\Windows\SysNative\inseng.dll
[2009/08/04 15:54:33 | 00,076,288 | ---- | C] () -- C:\Windows\SysNative\wextract.exe
[2009/08/04 15:54:33 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2009/08/04 15:54:33 | 00,063,488 | ---- | C] () -- C:\Windows\SysNative\pngfilt.dll
[2009/08/04 15:54:33 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2009/08/04 15:54:33 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2009/08/04 15:54:32 | 01,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2009/08/04 15:54:32 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2009/08/04 15:54:32 | 00,318,464 | ---- | C] () -- C:\Windows\SysNative\dxtrans.dll
[2009/08/04 15:54:32 | 00,304,640 | ---- | C] () -- C:\Windows\SysNative\webcheck.dll
[2009/08/04 15:54:32 | 00,271,872 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2009/08/04 15:54:32 | 00,241,664 | ---- | C] () -- C:\Windows\SysNative\msrating.dll
[2009/08/04 15:54:32 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webcheck.dll
[2009/08/04 15:54:32 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2009/08/04 15:54:32 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2009/08/04 15:54:32 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2009/08/04 15:54:32 | 00,163,840 | ---- | C] () -- C:\Windows\SysNative\ieakui.dll
[2009/08/04 15:54:32 | 00,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2009/08/04 15:54:32 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2009/08/04 15:54:32 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2009/08/04 15:54:32 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2009/08/04 15:54:32 | 00,041,984 | ---- | C] () -- C:\Windows\SysNative\mshta.exe
[2009/08/04 15:54:31 | 00,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2009/08/04 15:54:31 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2009/08/04 15:54:31 | 00,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2009/08/04 15:54:31 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2009/08/04 15:54:31 | 00,278,528 | ---- | C] () -- C:\Windows\SysNative\WinFXDocObj.exe
[2009/08/04 15:54:31 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinFXDocObj.exe
[2009/08/04 15:54:31 | 00,131,584 | ---- | C] () -- C:\Windows\SysNative\PDMSetup.exe
[2009/08/04 15:54:31 | 00,129,024 | ---- | C] () -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2009/08/04 15:54:31 | 00,128,512 | ---- | C] () -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2009/08/04 15:54:31 | 00,125,440 | ---- | C] () -- C:\Windows\SysNative\SetDepNx.exe
[2009/08/04 15:54:31 | 00,108,032 | ---- | C] () -- C:\Windows\SysNative\url.dll
[2009/08/04 15:54:31 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2009/08/04 15:54:31 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2009/08/04 15:54:31 | 00,048,128 | ---- | C] () -- C:\Windows\SysNative\mshtmler.dll
[2009/08/04 15:54:30 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2009/08/04 15:54:30 | 03,698,584 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat
[2009/08/04 15:54:30 | 00,479,744 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2009/08/04 15:54:30 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2009/08/04 15:54:30 | 00,193,536 | ---- | C] () -- C:\Windows\SysNative\iexpress.exe
[2009/08/04 15:54:30 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2009/08/04 15:54:30 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PDMSetup.exe
[2009/08/04 15:54:30 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2009/08/04 15:54:30 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2009/08/04 15:54:30 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetDepNx.exe
[2009/08/04 15:54:30 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshta.exe
[2009/08/03 21:05:17 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2009/08/03 21:05:17 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009/08/03 21:05:17 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009/08/03 21:05:17 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/08/03 21:05:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2009/08/03 21:01:09 | 00,455,680 | ---- | C] () -- C:\Windows\SysNative\deploytk.dll
[2009/08/03 21:01:09 | 00,181,760 | ---- | C] () -- C:\Windows\SysNative\javaws.exe
[2009/08/03 21:01:09 | 00,165,888 | ---- | C] () -- C:\Windows\SysNative\javaw.exe
[2009/08/03 21:01:09 | 00,165,888 | ---- | C] () -- C:\Windows\SysNative\java.exe
[2009/08/03 21:00:53 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/08/03 20:53:10 | 00,000,000 | ---D | C] -- C:\rsit
[2009/08/03 10:48:17 | 00,000,000 | ---D | C] -- C:\AvZ4
[2009/08/02 19:25:54 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/08/02 19:21:51 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\swsc.exe
[2009/08/02 19:21:51 | 00,008,704 | ---- | C] () -- C:\Windows\SysNative\drivers\PROCEXP90.SYS
[2009/08/02 19:20:23 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/31 11:13:14 | 00,001,928 | ---- | C] () -- C:\Users\NicYip\Desktop\HijackThis.lnk
[2009/07/31 11:13:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/07/31 10:28:01 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/07/31 10:27:15 | 00,000,944 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/31 10:27:13 | 00,000,000 | ---D | C] -- C:\Users\NicYip\AppData\Roaming\SUPERAntiSpyware.com
[2009/07/31 10:27:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/07/31 10:14:03 | 00,000,000 | ---D | C] -- C:\Users\NicYip\AppData\Roaming\Malwarebytes
[2009/07/31 10:14:00 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/31 10:13:57 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/07/31 10:13:56 | 00,022,040 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/07/31 10:13:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/31 10:13:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/07/30 15:56:27 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/07/30 15:56:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/07/23 21:57:06 | 00,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2009/07/23 21:57:06 | 00,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2009/07/23 12:25:27 | 00,000,909 | ---- | C] () -- C:\Users\NicYip\Desktop\GunboundWC.lnk
[2009/07/23 12:24:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\softnyx
[2009/07/23 02:24:05 | 00,003,584 | ---- | C] () -- C:\Users\NicYip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/23 02:22:47 | 00,001,079 | ---- | C] () -- C:\Users\NicYip\Desktop\AVS Video Converter 6.lnk
[2009/07/23 02:03:36 | 00,000,000 | ---D | C] -- C:\Users\NicYip\AppData\Roaming\AVS4YOU
[2009/07/23 02:03:36 | 00,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2009/07/23 02:01:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2009/07/23 02:01:41 | 01,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2009/07/23 02:01:41 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll
[2009/07/23 02:01:41 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2009/07/23 02:01:41 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2009/07/23 02:01:41 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2009/07/23 02:01:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2009/07/23 01:38:01 | 00,000,000 | ---D | C] -- C:\Users\NicYip\AppData\Roaming\Panasonic
[2009/07/23 01:37:06 | 00,001,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
[2009/07/23 01:36:41 | 00,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK2.dll
[2009/07/23 01:36:41 | 00,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicPrt.dll
[2009/07/23 01:36:41 | 00,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2009/07/23 01:36:41 | 00,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICEntry.dll
[2009/07/23 01:36:41 | 00,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK.dll
[2009/07/23 01:36:41 | 00,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EPPicMgr.dll
[2009/07/23 01:36:41 | 00,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2009/07/23 01:36:41 | 00,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2009/07/23 01:36:41 | 00,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2009/07/23 01:36:41 | 00,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2009/07/23 01:36:41 | 00,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2009/07/23 01:36:41 | 00,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2009/07/23 01:36:41 | 00,013,732 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2009/07/23 01:36:41 | 00,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2009/07/23 01:36:41 | 00,006,442 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_IT.cfg
[2009/07/23 01:36:41 | 00,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2009/07/23 01:36:41 | 00,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2009/07/23 01:36:41 | 00,006,335 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_GE.cfg
[2009/07/23 01:36:41 | 00,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2009/07/23 01:36:41 | 00,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2009/07/23 01:36:41 | 00,006,122 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_DU.cfg
[2009/07/23 01:36:41 | 00,006,103 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2009/07/23 01:36:41 | 00,005,817 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_KO.cfg
[2009/07/23 01:36:41 | 00,005,436 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_SC.cfg
[2009/07/23 01:36:41 | 00,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2009/07/23 01:36:41 | 00,002,889 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_RU.cfg
[2009/07/23 01:36:41 | 00,002,426 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_TC.cfg
[2009/07/23 01:36:41 | 00,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2009/07/23 01:36:41 | 00,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2009/07/23 01:36:41 | 00,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2009/07/23 01:36:41 | 00,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2009/07/23 01:36:41 | 00,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2009/07/23 01:36:41 | 00,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2009/07/23 01:36:41 | 00,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2009/07/23 01:36:41 | 00,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2009/07/23 01:36:41 | 00,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2009/07/23 01:36:41 | 00,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/07/23 01:35:26 | 00,001,827 | ---- | C] () -- C:\Users\Public\Desktop\PHOTOfunSTUDIO HD Edition.lnk
[2009/07/23 01:35:22 | 00,039,208 | ---- | C] () -- C:\Windows\SysNative\drivers\cdrbsdrv.sys
[2009/07/23 01:35:21 | 00,145,504 | ---- | C] (B.H.A Corporation) -- C:\Windows\SysWow64\bgsvcgen.exe
[2009/07/23 01:35:21 | 00,059,488 | ---- | C] (B.H.A Corporation) -- C:\Windows\SysWow64\GenSvcInst.exe
[2009/07/23 01:34:46 | 00,045,056 | ---- | C] (Matsu****a Electric Industrial Co., Ltd.) -- C:\Windows\SysWow64\PhDi2.sys
[2009/07/23 01:34:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic
[2009/05/08 16:06:39 | 00,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini
[2009/05/08 13:05:52 | 00,094,208 | ---- | C] () -- C:\Windows\SysWow64\GTW32N50.dll
[2009/05/01 00:27:48 | 00,040,960 | ---- | C] () -- C:\Windows\SysWow64\B11gUSB.dll
[2008/11/30 19:51:26 | 00,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/06/11 10:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/06/11 10:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/06/11 10:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/06/05 09:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/01/20 22:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/06/12 11:25:54 | 00,000,920 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini


----------



## jumbo1990 (Feb 17, 2006)

========== Files - Modified Within 30 Days ==========

[2009/08/21 08:25:00 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/08/21 08:25:00 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/08/21 08:25:00 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/08/21 08:22:53 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{219303CB-5A3B-422B-B3B8-ED1F8B278BD3}.job
[2009/08/21 08:20:52 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\NicYip\Desktop\OTL.exe
[2009/08/21 08:20:18 | 00,067,907 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2009/08/21 08:20:16 | 40,046,181 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2009/08/21 08:17:59 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/21 08:17:59 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/21 08:17:59 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/21 08:17:55 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/21 08:17:52 | 42,934,35392 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/19 18:35:05 | 03,542,371 | -H-- | M] () -- C:\Users\NicYip\AppData\Local\IconCache.db
[2009/08/19 18:25:37 | 00,288,768 | ---- | M] () -- C:\Users\NicYip\Desktop\z5ige528.exe
[2009/08/18 23:51:40 | 00,464,491 | ---- | M] () -- C:\Users\NicYip\Desktop\RootRepeal.zip
[2009/08/18 23:33:57 | 00,033,416 | ---- | M] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2009/08/18 23:33:57 | 00,012,464 | ---- | M] () -- C:\Windows\SysNative\avgrssta.dll
[2009/08/18 23:33:54 | 00,427,016 | ---- | M] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2009/08/16 19:20:35 | 00,189,672 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2009/08/16 19:20:35 | 00,189,672 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/08/16 01:50:20 | 01,295,015 | ---- | M] () -- C:\Users\NicYip\Desktop\runscanner.zip
[2009/08/14 16:50:24 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\NicYip\Desktop\OTS.exe
[2009/08/14 16:45:19 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Users\NicYip\Desktop\OTM.exe
[2009/08/09 16:50:53 | 00,003,584 | ---- | M] () -- C:\Users\NicYip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/04 18:24:06 | 00,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/08/04 16:56:58 | 00,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2009/08/04 16:43:45 | 00,000,973 | ---- | M] () -- C:\Users\NicYip\Desktop\Launch Internet Explorer Browser.lnk
[2009/08/03 21:05:11 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2009/08/03 21:05:11 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009/08/03 21:05:11 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009/08/03 21:05:11 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/08/03 21:00:56 | 00,455,680 | ---- | M] () -- C:\Windows\SysNative\deploytk.dll
[2009/08/03 21:00:56 | 00,181,760 | ---- | M] () -- C:\Windows\SysNative\javaws.exe
[2009/08/03 21:00:56 | 00,165,888 | ---- | M] () -- C:\Windows\SysNative\javaw.exe
[2009/08/03 21:00:56 | 00,165,888 | ---- | M] () -- C:\Windows\SysNative\java.exe
[2009/08/02 19:25:54 | 00,008,704 | ---- | M] () -- C:\Windows\SysNative\drivers\PROCEXP90.SYS
[2009/07/31 11:13:14 | 00,001,928 | ---- | M] () -- C:\Users\NicYip\Desktop\HijackThis.lnk
[2009/07/31 10:27:15 | 00,000,944 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/31 10:14:00 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/30 17:08:10 | 00,318,435 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2009/07/29 21:20:46 | 26,162,632 | ---- | M] () -- C:\Windows\SysNative\mrt.exe
[2009/07/23 21:57:06 | 00,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2009/07/23 21:57:06 | 00,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2009/07/23 17:30:00 | 00,000,909 | ---- | M] () -- C:\Users\NicYip\Desktop\GunboundWC.lnk
[2009/07/23 11:38:47 | 00,230,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/07/23 02:22:47 | 00,001,079 | ---- | M] () -- C:\Users\NicYip\Desktop\AVS Video Converter 6.lnk
[2009/07/23 01:38:02 | 00,049,392 | ---- | M] () -- C:\Users\NicYip\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/23 01:37:06 | 00,001,861 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
[2009/07/23 01:35:26 | 00,001,827 | ---- | M] () -- C:\Users\Public\Desktop\PHOTOfunSTUDIO HD Edition.lnk
< End of report >


----------



## jumbo1990 (Feb 17, 2006)

OTL Extras logfile created on: 8/21/2009 8:21:46 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\NicYip\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 64.42% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 360.97 Gb Free Space | 77.50% Space Free | Partition Type: NTFS
Drive D: | 1.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICK
Current User Name: NicYip
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BEAD62-4F78-48C2-918F-3830BBA13071}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{0ABA6671-C0C6-4874-904D-80032E58DAA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{24406AC6-70FC-4247-9D08-76A3E376FA53}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2AB36C1A-9F69-4A82-A85A-D5F4F67EBE3A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{42A75E74-29FF-4C4A-94AB-E98DD41E709A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{742B959D-5A67-48D4-9312-DFD3307D9269}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8B7D66EE-8237-4046-BB96-8B217F5F6E5F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D2404132-3DE7-47E8-BA46-4B5CF9162D7C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A9CDA0-D889-4D79-9F17-750E39D21F42}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{1A7FD425-207D-4DE9-8607-F20C699CA3B5}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe | 
"{1B1C8657-1E0D-475C-8E08-5E5AE0E5E734}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | 
"{20DE11A5-8F9F-403D-BAC8-C3305B413BE8}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe | 
"{41EF84E5-F6B7-4165-AA7C-ED6C5D463450}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe | 
"{5EADA29A-69A2-42EA-B5B2-F764E1A2E7BE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{89856589-4884-4108-9626-9D95ED96E7D7}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{919068B1-C04C-4F73-88F2-38535B7DE9F6}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe | 
"{A2598E64-A5F4-413F-A650-1ECDF65A525F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{A4C7BB07-6448-4194-B0AE-98DF053099AB}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | 
"{A6E2DAD7-393F-42F7-939D-E4ADFC21A355}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{AF2CE991-31AB-4FF8-B218-803D64377935}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B7446166-C6DF-4086-856F-D306D481B98D}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{BFFB0A2E-4667-42E1-BEFD-4374E866895A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{CFD47D19-E07D-4C31-8CD6-E4128CB2EAEE}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{D25B53A8-6DA2-4C17-B22A-8240AD4DA1B3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E4C7AA83-2B21-4AED-BDF9-1F03CE4C77EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"TCP Query User{1CE25DBC-AF6F-4D72-A5D3-D8911DBAA08A}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{74699BCF-14E5-42ED-AD63-FD007BE31120}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{84164886-E46B-4412-9AD5-9327EAF8956A}C:\program files (x86)\softnyx\gunboundwc\gunbound.gme" = protocol=6 | dir=in | app=c:\program files (x86)\softnyx\gunboundwc\gunbound.gme | 
"TCP Query User{9CAEBB9F-A9A2-4D91-9460-A8089BAFC1E8}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"TCP Query User{EC9E5284-FB6C-4A99-BC6B-01316DC0343C}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe | 
"UDP Query User{144C64BC-5598-4F8D-AAEF-8897E8CD9EFA}C:\program files (x86)\softnyx\gunboundwc\gunbound.gme" = protocol=17 | dir=in | app=c:\program files (x86)\softnyx\gunboundwc\gunbound.gme | 
"UDP Query User{23EAE777-D1CA-454F-BE28-8ACA8F9AEB33}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe | 
"UDP Query User{380DA081-F813-40CD-869C-02E135EC23E4}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{6206D03B-B7CB-495E-BAD4-91D73E3B083C}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"UDP Query User{B7D5948B-388A-4EAC-BE7B-960D713AED63}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{3A25872A-0F1C-4989-9435-96C13230F818}" = Apple Mobile Device Support
"{6F4B9839-F409-4D38-89D6-145321400FED}" = iTunes
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{38DFF723-C0B1-44AB-A927-62EDB033908F}" = Belkin 54g USB Network Adapter
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO HD Edition
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AIM_6" = AIM 6
"AVG8Uninstall" = AVG Free 8.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"GunboundWC_is1" = GunboundWC
"HijackThis" = HijackThis 2.0.2
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"SpeedFan" = SpeedFan (remove only)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"ViewpointMediaPlayer" = Viewpoint Media Player
"Xfire" = Xfire (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/16/2009 11:13:17 PM | Computer Name = Nick | Source = WinMgmt | ID = 10
Description =

Error - 8/18/2009 11:31:56 PM | Computer Name = Nick | Source = WinMgmt | ID = 10
Description =

Error - 8/18/2009 11:32:00 PM | Computer Name = Nick | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\AVG\AVG8\avglvea.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/18/2009 11:34:40 PM | Computer Name = Nick | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\AVG\AVG8\avglvea.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/19/2009 6:23:03 PM | Computer Name = Nick | Source = WinMgmt | ID = 10
Description =

Error - 8/19/2009 6:23:08 PM | Computer Name = Nick | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\AVG\AVG8\avglvea.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/19/2009 6:24:43 PM | Computer Name = Nick | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\AVG\AVG8\avglvea.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/21/2009 8:18:16 AM | Computer Name = Nick | Source = WinMgmt | ID = 10
Description =

Error - 8/21/2009 8:19:35 AM | Computer Name = Nick | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\AVG\AVG8\avglvea.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/21/2009 8:20:34 AM | Computer Name = Nick | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\AVG\AVG8\avglvea.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 8/21/2009 8:18:09 AM | Computer Name = Nick | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been 
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 8/21/2009 8:18:09 AM | Computer Name = Nick | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been 
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 8/21/2009 8:18:12 AM | Computer Name = Nick | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 8/21/2009 8:18:16 AM | Computer Name = Nick | Source = Service Control Manager | ID = 7023
Description =

Error - 8/21/2009 8:18:16 AM | Computer Name = Nick | Source = Service Control Manager | ID = 7026
Description =

Error - 8/21/2009 8:18:16 AM | Computer Name = Nick | Source = Service Control Manager | ID = 7000
Description =

Error - 8/21/2009 8:18:16 AM | Computer Name = Nick | Source = Service Control Manager | ID = 7000
Description =

Error - 8/21/2009 8:18:16 AM | Computer Name = Nick | Source = Service Control Manager | ID = 7000
Description =

Error - 8/21/2009 8:18:27 AM | Computer Name = Nick | Source = Service Control Manager | ID = 7000
Description =

Error - 8/21/2009 8:18:27 AM | Computer Name = Nick | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been 
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Okay, can you scan this one:


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*C:\Users\NicYip\Desktop\z5ige528.exe*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.

eddie


----------



## jumbo1990 (Feb 17, 2006)

VirSCAN.org Scanned Report :
Scanned time : 2009/08/21 09:59:41 (EDT)
Scanner results: 5% Scanner(2/37) found malware!
File Name : 4y1zmzpb.exe
File Size : 288768 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 899861ff689a94a8628d5f48d848fa7a
SHA1 : 560835cf769fe91f060bdb71beb3315ab2239c6d
Online report : http://virscan.org/report/c0ec17542bd851938f5503663e7a79a1.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20090820220213 2009-08-20 0.70 -
AhnLab V3 2009.08.21.00 2009.08.21 2009-08-21 1.86 -
AntiVir 8.2.1.3 7.1.5.147 2009-08-21 0.10 -
Antiy 2.0.18 20090821.2723528 2009-08-21 0.16 -
Arcavir 2009 200908211236 2009-08-21 0.52 -
Authentium 5.1.1 200908201735 2009-08-20 3.22 -
AVAST! 4.7.4 090820-0 2009-08-20 0.08 -
AVG 8.5.288 270.13.63/2317 2009-08-21 2.15 -
BitDefender 7.81008.3911535 7.27266 2009-08-21 3.64 -
CA (VET) 9.0.0.143 31.6.6693 2009-08-21 25.50 -
ClamAV 0.95.2 9723 2009-08-20 0.19 -
Comodo 3.10 2046 2009-08-21 1.56 -
CP Secure 1.1.0.715 2009.08.21 2009-08-21 22.68 -
Dr.Web 4.44.0.9170 2009.08.21 2009-08-21 9.18 -
F-Prot 4.4.4.56 20090820 2009-08-20 4.38 -
F-Secure 7.02.73807 2009.08.21.07 2009-08-21 0.44 -
Fortinet 2.81-3.120 10.741 2009-08-21 0.60 Suspicious
GData 19.7283/19.446 20090821 2009-08-21 5.39 -
ViRobot 20090821 2009.08.21 2009-08-21 0.44 -
Ikarus T3.1.01.68 2009.08.21.73327 2009-08-21 3.89 -
JiangMin 11.0.800 2009.08.21 2009-08-21 11.40 -
Kaspersky 5.5.10 2009.08.21 2009-08-21 0.31 -
KingSoft 2009.2.5.15 2009.8.21.17 2009-08-21 0.76 -
McAfee 5.3.00 5715 2009-08-20 3.91 -
Microsoft 1.4903 2009.08.21 2009-08-21 8.80 -
Norman 6.01.09 6.01.00 2009-07-20 2.00 -
Panda 9.05.01 2009.08.21 2009-08-21 5.29 -
Trend Micro 8.700-1004 6.384.04 2009-08-21 0.09 -
Quick Heal 10.00 2009.08.21 2009-08-21 1.33 -
Rising 20.0 21.43.44.00 2009-08-21 1.48 -
Sophos 2.89.1 4.44 2009-08-21 3.94 -
Sunbelt 5347 5347 2009-08-20 2.23 -
Symantec 1.3.0.24 20090820.003 2009-08-20 0.14 -
nProtect 20090818.01 5093763 2009-08-18 7.45 -
The Hacker 6.3.4.3 v00384 2009-08-20 0.84 -
VBA32 3.12.10.9 20090820.1248 2009-08-20 2.58 Win32 Shadow Driver Install (suspicious)
VirusBuster 4.5.11.10 10.112.11/1801294 2009-08-21 2.73 -


----------



## eddie5659 (Mar 19, 2001)

Sorry about the lateness, my computer at home died so had to wait for a part. Also, at work, the internet is limited, so will have a look now.

Okay, apart from that file, there isn't much showing. I assume you edited the hosts file. If not, let me know and we'll sort that out as well.

How's the computer running now?

eddie


----------



## jakey8 (Aug 18, 2009)

you'll also need zonealarm for BF 2 n you'll be protected forever like ''me''


----------



## eddie5659 (Mar 19, 2001)

I tend to turn my firewall and antivirus off when playing BF2, as they just slow it down sometimes. The chance of getting a virus when playing via the servers is near to nil, as I've been playing for years and its never caused me any problems.

After the gaming session, I put them back on though


----------



## jumbo1990 (Feb 17, 2006)

my dad just bought a new router, and the game runs better now... Idk why but he said that the router was a Netgear- N and the old one was a Lynksis- G so Idk maybe difference in the "N" and "G"...

but also all the programs you told me to download can you help me clear them up?


----------



## eddie5659 (Mar 19, 2001)

Glad to hear its all okay now, and that you can play online again. Have you got the new 1.50 patch for BF2 yet? I do, but still waiting for EA to sort our server out, so we can play the new map. Still, there are others for the moment 

As for the programs, lets sort them out now:

----------------------

*Follow these steps to uninstall Combofix and tools used in the removal of malware*


Click *START* then *RUN*
Now type *Combofix /u* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there










-----------------

You can delete the *AVZ* folder off your Desktop. This, along with the *avz.zip*

------------------

You can delete the *RSIT* program off your Desktop.

--------------------


Download *OTC* to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

--------------

Also, you will see the *Runscanner* program on your Desktop. This, along with the *RSReport.run* file can be deleted.

-------------

You can delete the *RootRepeal* program off your Desktop.

-------------


*Copy the entire contents of the Quote Box * below to *Notepad*. 
Name the file as *gmer_uninstall.bat * 
Change the *Save as Type* to *All Files * 
and *Save* it in the folder*GMER* was saved 
 Once saved, double click on the *gmer_uninstall.bat* file. the MSDOS window will be displayed. That is normal.



> @echo off
> sc stop gmer
> sc delete gmer
> if exist %SystemRoot%\System32\drivers\gmer.sys del /f /q %SystemRoot%\System32\drivers\gmer.sys
> ...


==================

We have a couple of last steps to perform and then you're all set.

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the follwing:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply
Then, click on the *Security tab* and do the following:

 Make sure the Internet icon is selected.
 Select *Custom Settings*.
 From the drop down menu, select *Medium*, and press *Reset* and select Yes. If its already on *Medium*, still click on the Reset button.
 Apply and OK.

Secondly, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click *Start*.
* Open *My Computer*.
* Select the *Tools menu* and click *Folder Options*.
* Select the *View* tab.
* Under the *Hidden files and folders* heading *UNSELECT Show hidden files and folders*.
* *CHECK* the *Hide protected operating system files (recommended)* option.
* Click *Yes* to confirm.
* Click *OK*.
Next, let's clean your restore points and set a new one:

*Reset and Re-enable your System Restore* to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
*1. Turn off System Restore.*
On the Desktop, right-click *My Computer*.
Click *Properties*.
Click the *System Restore* tab.
Check *Turn off System Restore*.
Click *Apply*, and then click *OK*.
*2. Restart your computer.*

*3. Turn ON System Restore.*
On the Desktop, right-click *My Computer*.
Click *Properties*.
Click the *System Restore* tab.
UN-Check *Turn off System Restore*.
Click *Apply*, and then click *OK*.

*System Restore will now be active again.*

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: 
*SpywareBlaster* to help prevent spyware from installing in the first place.
*SpywareGuard* to catch and block spyware before it can execute.
*ZonedOut* to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 2 free ones available for personal use:
*Sunbelt Personal Firewall*
*ZoneAlarm*
and a good antivirus (these are also free for personal use):
*AVG Anti-Virus*
*Avast Home Edition*
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit 
*Microsoft Windows Update*
monthly. And to keep your system clean run these free malware scanners 

*Malwarebytes' Anti-Malware*

*Spybot Search & Destroy*
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!

eddie


----------

