Jump to content


Photo
- - - - -

Computer always hang all of a sudden


  • This topic is locked This topic is locked
14 replies to this topic

#1 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 23 February 2012 - 11:49 AM

Hi Mr. Guestolo,

My computer always hang all of a sudden!
In addition, my web browser(IE or google chrome) always become not responding after opening for some time.
What is the recommended web browser to be used due to my comp only hv 512MB RAM?

Can you help me and have a look on the logfile as follows? Thanks!!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:42:24 AM, on 2/24/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PPStream\ppsap.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Thunder Network\Thunder\Program\DctSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.4.2104.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O4 - HKLM\..\Run: [Windows Login access] C:\Documents and Settings\Admin\Application Data\windows.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [Windows Login access] C:\Documents and Settings\Admin\Application Data\windows.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.EXE" -background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [Support to windows system services.] C:\Program Files\Common Files\System\winsver.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files\uusee\geturltodown.htm
O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files\uusee\geturltoplay.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra button: ???ˉUUSee ???μ? - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe
O9 - Extra 'Tools' menuitem: ???ˉUUSee ???μ? - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://202.71.97.47/...r_1_1_1_130.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://dl.pplive.com/PluginSetup.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: XLDoctor Services - ShenZhen Xunlei Networking Technologies,LTD - C:\Program Files\Thunder Network\Thunder\Program\DctSer.exe

--
End of file - 8805 bytes

#2 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 23 February 2012 - 11:58 AM

OTL logfile created on: 2/24/2012 1:49:35 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.46 Mb Total Physical Memory | 130.73 Mb Available Physical Memory | 25.56% Memory free
1.45 Gb Paging File | 1.00 Gb Available in Paging File | 69.34% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 0.78 Gb Free Space | 4.01% Space Free | Partition Type: NTFS
Drive E: | 56.79 Gb Total Space | 0.93 Gb Free Space | 1.65% Space Free | Partition Type: NTFS

Computer Name: GUNNERS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/08/05 17:16:22 | 000,442,232 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/11 21:36:12 | 000,349,608 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsclient.dll
MOD - [2011/11/16 13:51:31 | 000,034,152 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsstatistic.dll
MOD - [2011/11/16 13:51:09 | 000,030,056 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsdone.dll
MOD - [2011/08/05 17:07:30 | 000,395,112 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\MngModule.dll
MOD - [2011/08/02 15:11:10 | 000,143,720 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\kernel\FWUpnp.dll


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://localhost:9000/application.pac

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrlPlugin: C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(25).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/16 21:24:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/05 17:28:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/17 01:41:02 | 000,000,000 | ---D | M]

[2011/11/05 17:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/29 14:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/17 14:00:12 | 000,305,152 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npuuseep.dll
[2011/10/03 17:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011/09/29 08:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2001/08/23 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Ѹ֧) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.4.2104.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Login access] C:\Documents and Settings\Admin\Application Data\windows.exe File not found
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKCU..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.EXE (PPLive Corporation)
O4 - HKCU..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKCU..\Run: [Windows Login access] C:\Documents and Settings\Admin\Application Data\windows.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Support to windows system services. = C:\Program Files\Common Files\System\winsver.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = 9ptv.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = jghdtv.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = ppntv.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files\uusee\geturltodown.htm ()
O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files\uusee\geturltoplay.htm ()
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm ()
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\BHO\getAllurl.htm ()
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra Button: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe ()
O9 - Extra 'Tools' menuitem : 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe ()
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} http://202.71.97.47/...r_1_1_1_130.cab (Innotive Cibrowser Control 1.1)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (PPLive Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA76F39E-8D1B-4D7A-A683-72D9C742BA82}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Admin\bncto.exe) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Admin\cbzvl.exe) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/14 01:27:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0a965501-deb4-11e0-ab20-001cf05aa0f8}\Shell\AutoRun\command - "" = D:\eksplozivna/naprava.exe
O33 - MountPoints2\{0a965501-deb4-11e0-ab20-001cf05aa0f8}\Shell\Explore\command - "" = D:\eksplozivna/naprava.exe
O33 - MountPoints2\{0a965501-deb4-11e0-ab20-001cf05aa0f8}\Shell\Open\command - "" = D:\eksplozivna/naprava.exe
O33 - MountPoints2\{0fdd40b8-f3f9-11df-a902-001cf05aa0f8}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe
O33 - MountPoints2\{3c1dccf2-18fe-11df-9da5-806d6172696f}\Shell\AutoRun\command - "" = temp\winsetup.exe
O33 - MountPoints2\{3c1dccf2-18fe-11df-9da5-806d6172696f}\Shell\OPen\COmMand - "" = temp\winsetup.exe
O33 - MountPoints2\{7f6c7a2c-65bc-11e0-aa0b-001cf05aa0f8}\Shell\AutoRun\command - "" = D:\nova/mackica.exe
O33 - MountPoints2\{7f6c7a2c-65bc-11e0-aa0b-001cf05aa0f8}\Shell\Explore\command - "" = D:\nova/mackica.exe
O33 - MountPoints2\{7f6c7a2c-65bc-11e0-aa0b-001cf05aa0f8}\Shell\Open\command - "" = D:\nova/mackica.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/09 23:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/24 01:29:56 | 000,003,430 | ---- | M] () -- C:\WINDOWS\psnetwork.ini
[2012/02/24 01:29:42 | 000,000,096 | ---- | M] () -- C:\WINDOWS\PCDNSetting.ini
[2012/02/24 01:28:23 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/02/24 01:28:22 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/24 01:28:18 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-861567501-492894223-725345543-1003.job
[2012/02/24 01:27:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/24 01:27:57 | 536,383,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/23 21:10:15 | 000,002,424 | ---- | M] () -- C:\WINDOWS\powerplayer.ini
[2012/02/23 21:10:08 | 000,002,174 | ---- | M] () -- C:\WINDOWS\powerlist.ini
[2012/02/23 21:09:47 | 000,000,060 | ---- | M] () -- C:\WINDOWS\MediaList.ini
[2012/02/23 21:09:43 | 000,000,141 | ---- | M] () -- C:\WINDOWS\ppsarea.ini
[2012/02/23 20:27:33 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-492894223-725345543-1003UA.job
[2012/02/23 20:27:22 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/23 09:35:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\OOIIEProxy.ini
[2012/02/20 22:00:45 | 000,000,028 | ---- | M] () -- C:\WINDOWS\msgtn.ini
[2012/02/17 13:38:53 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/15 01:20:33 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/11 21:31:19 | 000,000,204 | ---- | M] () -- C:\WINDOWS\struct~.ini
[2012/02/10 02:16:57 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-492894223-725345543-1003.job
[2012/02/07 20:56:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/02 05:27:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-492894223-725345543-1003Core.job
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/08 19:38:10 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-861567501-492894223-725345543-1003.job
[2011/11/20 02:44:15 | 000,000,091 | ---- | C] () -- C:\WINDOWS\user.ini
[2011/11/19 00:54:57 | 000,000,141 | ---- | C] () -- C:\WINDOWS\ppsarea.ini
[2011/11/19 00:54:26 | 000,000,025 | ---- | C] () -- C:\WINDOWS\PPStream.ini
[2011/06/09 11:15:02 | 000,709,992 | ---- | C] () -- C:\WINDOWS\System32\kindling.dll
[2011/03/13 12:23:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/23 18:51:45 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/01/03 13:24:04 | 000,000,027 | ---- | C] () -- C:\WINDOWS\OOIIEProxy.ini
[2010/10/04 23:24:40 | 000,075,432 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/06/21 00:17:56 | 000,000,204 | ---- | C] () -- C:\WINDOWS\struct~.ini
[2010/04/20 21:58:00 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sppert.ini
[2010/04/08 01:46:56 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\46034DEA59.sys
[2010/04/08 01:46:06 | 000,000,394 | ---- | C] () -- C:\WINDOWS\capture.ini
[2010/04/08 01:45:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CorelDrw.INI
[2010/04/08 01:25:04 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/03/14 21:45:01 | 000,000,096 | ---- | C] () -- C:\WINDOWS\PCDNSetting.ini
[2010/03/02 01:18:07 | 000,000,060 | ---- | C] () -- C:\WINDOWS\MediaList.ini
[2010/03/01 23:05:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/03/01 10:54:41 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/03/01 10:54:41 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/03/01 10:54:41 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/03/01 10:54:41 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/03/01 10:54:41 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/03/01 10:54:41 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/03/01 10:54:41 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/03/01 10:54:41 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/03/01 10:54:41 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/03/01 10:54:41 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/03/01 10:54:41 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/03/01 10:54:41 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/03/01 10:54:41 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/03/01 10:54:41 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/03/01 10:54:41 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/03/01 10:54:41 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/03/01 10:54:41 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/03/01 10:54:41 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/03/01 10:54:41 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/03/01 10:42:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX5500Asia.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >

#3 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 23 February 2012 - 12:00 PM

OTL Extras logfile created on: 2/24/2012 1:49:35 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.46 Mb Total Physical Memory | 130.73 Mb Available Physical Memory | 25.56% Memory free
1.45 Gb Paging File | 1.00 Gb Available in Paging File | 69.34% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 0.78 Gb Free Space | 4.01% Space Free | Partition Type: NTFS
Drive E: | 56.79 Gb Total Space | 0.93 Gb Free Space | 1.65% Space Free | Partition Type: NTFS

Computer Name: GUNNERS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Playback] -- "C:\Program Files\TTPlayer\TTPlayer.exe" "%1" (Alen Soft)
Directory [PlayList] -- "C:\Program Files\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.43\ThunderService.exe" = C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.43\ThunderService.exe:*:Enabled:ThunderService1.0.2.43
"C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.43\XLBugReport.exe" = C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.43\XLBugReport.exe:*:Enabled:XLBugReport1.0.2.43
"C:\Program Files\Thunder Network\Xmp\kankan\XMPBoot.exe" = C:\Program Files\Thunder Network\Xmp\kankan\XMPBoot.exe:*:Enabled:迅雷看看播放器
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"D:\Program Files\StormII\box\Stline.exe" = D:\Program Files\StormII\box\Stline.exe:*:Enabled:暴风盒子
"D:\Program Files\StormII\Stormtray.exe" = D:\Program Files\StormII\Stormtray.exe:*:Enabled:暴风媒体中心
"C:\Program Files\Thunder Network\Xmp\xmp.exe" = C:\Program Files\Thunder Network\Xmp\xmp.exe:*:Enabled:迅雷看看播放器
"C:\Program Files\Thunder Network\Xmp\ThunderLiveUD.exe" = C:\Program Files\Thunder Network\Xmp\ThunderLiveUD.exe:*:Enabled:ThunderLiveUD -- (Thunder Networking Technologies,LTD)
"C:\Program Files\PPLive\PPVA\PPLiveVA.exe" = C:\Program Files\PPLive\PPVA\PPLiveVA.exe:*:Enabled:PPLiveVA
"C:\Program Files\PPLive\PPVA\PPLiveVA_U.exe" = C:\Program Files\PPLive\PPVA\PPLiveVA_U.exe:*:Enabled:PPLiveVA
"C:\Program Files\PPLive\PPVA\FlvPick.exe" = C:\Program Files\PPLive\PPVA\FlvPick.exe:*:Enabled:FlvPick
"C:\Program Files\PPLive\PPVA\crashreporter.exe" = C:\Program Files\PPLive\PPVA\crashreporter.exe:*:Enabled:CrashUpload
"C:\Program Files\PPLive\PPVA\PPVADownload.exe" = C:\Program Files\PPLive\PPVA\PPVADownload.exe:*:Enabled:Download
"C:\Program Files\PPLive\PPVA\DownloadProgress.exe" = C:\Program Files\PPLive\PPVA\DownloadProgress.exe:*:Enabled:DownloadProgress
"D:\Program Files\StormII\Storm.exe" = D:\Program Files\StormII\Storm.exe:*:Enabled:暴风影音
"D:\Program Files\StormII\StormUpdate.dll" = D:\Program Files\StormII\StormUpdate.dll:*:Enabled:暴风影音媒体控制中心
"E:\Program Files\StormII\Storm.exe" = E:\Program Files\StormII\Storm.exe:*:Enabled:暴风影音
"E:\Program Files\StormII\StormUpdate.dll" = E:\Program Files\StormII\StormUpdate.dll:*:Enabled:暴风影音媒体控制中心
"E:\Program Files\StormII\box\Stline.exe" = E:\Program Files\StormII\box\Stline.exe:*:Enabled:暴风盒子
"E:\Program Files\StormII\Stormtray.exe" = E:\Program Files\StormII\Stormtray.exe:*:Enabled:暴风媒体中心
"C:\WINDOWS\system32\ppshell.exe" = C:\WINDOWS\system32\ppshell.exe:*:Enabled:ppshell
"C:\Program Files\RelevantKnowledge\rlvknlg.exe" = C:\Program Files\RelevantKnowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe
"C:\Program Files\GVOD\GVODS.exe" = C:\Program Files\GVOD\GVODS.exe:*:Enabled:GVOD Service -- (ShenZhen PiaoYi Network Technology Co.,Ltd.)
"C:\Program Files\GVOD\gvod.exe" = C:\Program Files\GVOD\gvod.exe:*:Enabled:GVOD Player -- (ShenZhen PiaoYi Network Technology Co.,Ltd.)
"C:\Program Files\TTPlayer\TTPlayer.exe" = C:\Program Files\TTPlayer\TTPlayer.exe:*:Enabled:千千静听 -- (Alen Soft)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- ()
"C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe" = C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe:*:Enabled:MediaCenter -- (UUSEE)
"D:\Counter Strike\cstrike.exe" = D:\Counter Strike\cstrike.exe:*:Enabled:Half-Life Launcher
"C:\Program Files\QvodPlayer\QvodTerminal.exe" = C:\Program Files\QvodPlayer\QvodTerminal.exe:*:Enabled:QVOD
"C:\Documents and Settings\Admin\Application Data\PPStream\ppsdown.exe" = C:\Documents and Settings\Admin\Application Data\PPStream\ppsdown.exe:*:Enabled:PPSdown
"C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.77\ThunderService.exe" = C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.77\ThunderService.exe:*:Enabled:ThunderService1.0.2.77 -- (深圳市迅雷网络技术有限公司)
"C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.77\ThunderLiveUD.exe" = C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.77\ThunderLiveUD.exe:*:Enabled:ThunderLiveUD1.0.2.77 -- (Thunder Networking Technologies,LTD)
"C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.77\XLBugReport.exe" = C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.77\XLBugReport.exe:*:Enabled:XLBugReport1.0.2.77 -- ()
"C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.57\ThunderService.exe" = C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.57\ThunderService.exe:*:Enabled:ThunderService1.0.2.57
"C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.57\ThunderLiveUD.exe" = C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.57\ThunderLiveUD.exe:*:Enabled:ThunderLiveUD1.0.2.57
"C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.57\XLBugReport.exe" = C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.57\XLBugReport.exe:*:Enabled:XLBugReport1.0.2.57
"C:\Documents and Settings\Admin\Desktop\Tony Chan\Frozen Throne\Warcraft III.exe" = C:\Documents and Settings\Admin\Desktop\Tony Chan\Frozen Throne\Warcraft III.exe:*:Enabled:Warcraft III
"C:\Documents and Settings\Admin\Desktop\Tony Chan\Game\Frozen Throne\Warcraft III.exe" = C:\Documents and Settings\Admin\Desktop\Tony Chan\Game\Frozen Throne\Warcraft III.exe:*:Disabled:Warcraft III
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Disabled:Garena
"C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.0.1962_1\Program\XLDoctorUI.exe" = C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.0.1962_1\Program\XLDoctorUI.exe:*:Enabled:XLDoctorUI7.1.0.1962 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\PPLive\PPTV\PPLive.exe" = C:\Program Files\PPLive\PPTV\PPLive.exe:*:Enabled:PPLive -- (PPLive Corporation)
"C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" = C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe:*:Enabled:PPLive -- (PPLive Corporation)
"C:\Program Files\PPLive\PPTV\PPLiveU.exe" = C:\Program Files\PPLive\PPTV\PPLiveU.exe:*:Enabled:PPLiveU -- (PPLive Corporation)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
"C:\Program Files\Kuaiwan\Kuaiwan.exe" = C:\Program Files\Kuaiwan\Kuaiwan.exe:*:Enabled:QVOD
"C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.4.2104_2\Program\XLDoctorUI.exe" = C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.4.2104_2\Program\XLDoctorUI.exe:*:Enabled:XLDoctorUI7.1.4.2104 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe" = C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe:*:Enabled:Thunder7.1.4.2104 -- (深圳市迅雷网络技术有限公司)
"C:\Program Files\Thunder Network\Thunder\Program\ThunderLiveUD.exe" = C:\Program Files\Thunder Network\Thunder\Program\ThunderLiveUD.exe:*:Enabled:Thunder LiveUpdate7.1.4.2104 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.46_1111\ThunderPlatform.exe" = C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.46_1111\ThunderPlatform.exe:*:Enabled:ThunderPlatform1.1.2.46 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.46_1111\ThunderLiveUD.exe" = C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.46_1111\ThunderLiveUD.exe:*:Enabled:ThunderLiveUD1.1.2.46 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.46_1111\XLBugReport.exe" = C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.46_1111\XLBugReport.exe:*:Enabled:XLBugReport1.1.2.46 -- (ShenZhen Xunlei Networking Technologies,LTD)
"E:\Program Files\StormII\stormpop.exe" = E:\Program Files\StormII\stormpop.exe:*:Enabled:暴风资讯
"C:\Program Files\AquaNox\Aqua.exe" = C:\Program Files\AquaNox\Aqua.exe:*:Disabled:Aqua
"E:\Chan Kai Wei\my game\pokemon\vbalink180b0\VisualBoyAdvance.exe" = E:\Chan Kai Wei\my game\pokemon\vbalink180b0\VisualBoyAdvance.exe:*:Enabled:VisualBoyAdvance emulator
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
"D:\Condition Zero\czero.exe" = D:\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher
"E:\kl\Condition Zero\czero.exe" = E:\kl\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher -- (Valve)
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS网络电视 -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS 网络加速器 -- (PPStream Inc)
"C:\Program Files\HaoETV\haoetv.exe" = C:\Program Files\HaoETV\haoetv.exe:*:Enabled:好易网视 -- (www.haoetv.com)
"E:\Kai wei\game\Condition Zero\czero.exe" = E:\Kai wei\game\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher -- (Valve)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{D893565C-10EA-45AF-AFDA-0514B0DC0AE2}" = EPSON Easy Photo Print
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"Delta Force Task Force Dagger" = Delta Force Task Force Dagger
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"GVOD_is1" = 迅播GVOD播放器
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PPLive" = PPTV V3.0.4.0008
"PPStream" = PPS影音 V2.7.0.1345 正式版
"SopCast" = SopCast 3.0.3
"SpeedFan" = SpeedFan (remove only)
"thunder_is1" = 迅雷7
"TTPlayer" = 千千静听 5.6正式版
"UUSEE" = UUSee 网络电视 [6.10.608.1]
"UUSEE_base" = UUSee Basic components
"vShare" = vShare Plugin
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"好易网视" = 好易网视
"迅雷看看播放器" = 迅雷看看播放器

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CCTVBox" = CCTVBox Uninstall
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >

#4 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,242 posts

Posted 23 February 2012 - 12:49 PM

Can I have you disable your protections with Avast till we have run the next tools
I don't want it interfering
Right click the Avast icon by the clock
Under Avast protection>> Disable permanently
AFTER we have downloaded and run the next tools
You can go back and enable protection

Download Flash_Disinfector.exe and Save it to your Desktop.
  • Close any open browsers.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.
  • Please do so and allow the utility to clean up all those drives.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Back in Windows:
Download ComboFix from the following location

Link 1
Save it ONLY to your Desktop

--------------------------------------------------------------------


  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#5 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 23 February 2012 - 10:35 PM

ComboFix 12-02-23.02 - Admin 4/2012 Fri 12:13:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.511.203 [GMT 8:00]
执行位置: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* 成功创造新还原点
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Application Data\31.tmp
c:\documents and settings\Admin\Application Data\33.tmp
c:\documents and settings\Admin\Application Data\35.tmp
c:\documents and settings\Admin\Application Data\360SE
c:\documents and settings\Admin\Application Data\360SE\360SE.ini
c:\documents and settings\Admin\Application Data\360SE\data\360sefav.db
c:\documents and settings\Admin\Application Data\360SE\data\DailyBackup\360sefav_2010_08_22.favdb
c:\documents and settings\Admin\Application Data\360SE\data\history.dat
c:\documents and settings\Admin\Application Data\360SE\data\ico\avc.360.cn.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\cn.bing.com.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\cz.360.cn.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\ddt.wan.360.cn.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\dgcs.wan.360.cn.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\dh.wan.360.cn.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\farm.wan.360.cn.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\hao.360.cn.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\hao.kuaibo.com.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\hero.wan.360.cn.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\mcsd.wan.360.cn.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\me.360.cn.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\plsm.wan.360.cn.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\poker.wan.360.cn.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\se.360.cn.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\search8.taobao.com.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\wan.360.cn.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\www.9skb.com.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\www.baidu.com.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\www.bing.com.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\www.google.com.hk.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\www.qihoo.com.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\www.sogou.com.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\www.youdao.com.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\wxfy.wan.360.cn.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\yahoo.cn.ico
c:\documents and settings\Admin\Application Data\360SE\data\ico\zqjl.wan.360.cn.ico
c:\documents and settings\Admin\Application Data\360SE\data\user.dat
c:\documents and settings\Admin\Application Data\360SE\extensions\ExtAddons\ExtStats.ini
c:\documents and settings\Admin\Application Data\360SE\extensions\ExtAddons\ExtStats.ini.cfg
c:\documents and settings\Admin\Application Data\360SE\extensions\ExtAddons\ganzhi.ini
c:\documents and settings\Admin\Application Data\360SE\extensions\ExtAdfilter\extadfilter.ini
c:\documents and settings\Admin\Application Data\360SE\extensions\ExtChongzhi\stat.ini
c:\documents and settings\Admin\Application Data\360SE\extensions\ExtDoctor\doctor.dll
c:\documents and settings\Admin\Application Data\360SE\extensions\ExtProxy\proxy.ini
c:\documents and settings\Admin\Application Data\360SE\extensions\Favorites\Favorites.ini
c:\documents and settings\Admin\Application Data\360SE\extensions\Favorites\Log\360log_2010_08_22.log
c:\documents and settings\Admin\Application Data\360SE\extensions\SafeCentral\esimple.ini
c:\documents and settings\Admin\Application Data\360SE\extensions\SafeCentral\SafeCentral.ini
c:\documents and settings\Admin\Application Data\360SE\extensions\SafeCentral\SafeProtect.dat
c:\documents and settings\Admin\Application Data\360SE\extensions\SafeCentral\sc.ini
c:\documents and settings\Admin\Application Data\360SE\extensions\SafeCentral\urllib.dat
c:\documents and settings\Admin\Application Data\360SE\extensions\SafeCentral\urllibauth.dat
c:\documents and settings\Admin\Application Data\360SE\stat.ini
c:\documents and settings\Admin\Application Data\6.tmp
c:\documents and settings\Admin\Application Data\67.tmp
c:\documents and settings\Admin\Application Data\69.tmp
c:\documents and settings\Admin\Application Data\6C.tmp
c:\documents and settings\Admin\Application Data\71.tmp
c:\documents and settings\Admin\Application Data\76.tmp
c:\documents and settings\Admin\Application Data\9BD.tmp
c:\documents and settings\Admin\Application Data\A.tmp
c:\documents and settings\Admin\Application Data\EF.tmp
c:\documents and settings\Admin\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\StormII
.
.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XLDOCTOR_SERVICES
-------\Service_XLDoctor Services
.
.
((((((((((((((((((((((((( 2012-01-24 至 2012-02-24 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-02-09 15:07 . 2012-02-09 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 05:38 . 2011-06-15 18:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-10-04 14:09 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-10-04 14:09 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-10-04 14:10 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-10-04 14:10 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-10-04 14:10 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-10-04 14:10 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-10-04 14:10 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-10-04 14:10 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-10-04 14:10 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-10-04 14:10 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-08 02:37 . 2010-07-08 02:37 101544 -c--a-w- c:\program files\Common Files\LinkInstaller.exe
2011-09-29 06:53 . 2011-11-05 09:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . E8FF7E0C83514E075BA73EC18D6218F3 . 360960 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[-] 2007-05-25 . 591CA9DBE0EE5126840C22E085DB0FC6 . 360704 . . [5.1.2600.3002] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2010-02-24 214408]
"PPAP"="c:\program files\Common Files\PPLiveNetwork\PPAP.EXE" [2011-08-05 442232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2007-05-25 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5500 Series]
2007-01-25 06:00 179200 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-04 17:48 136176 ----atw- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 16:47 31016 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GVOD]
2010-01-26 07:46 217552 ----a-w- c:\program files\GVOD\GVODS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2007-05-25 05:18 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-15 22:03 221184 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-15 22:03 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-03 21:31 59392 -c--a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 04:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 04:22 86016 -c--a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 04:22 1622016 -c--a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-03 21:32 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-03 21:32 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
2011-08-05 09:16 442232 ----a-w- c:\program files\Common Files\PPLiveNetwork\PPAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPS Accelerator]
2010-02-24 03:25 214408 ----a-w- c:\program files\PPStream\PPSAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2002-06-26 09:36 90112 -c--a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 04:59 254696 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UUSeeMediaCenter]
2011-12-26 07:00 533880 ----a-w- c:\progra~1\COMMON~1\uusee\UUSeeMediaCenter.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Thunder Network\\Xmp\\ThunderLiveUD.exe"=
"c:\\Program Files\\GVOD\\GVODS.exe"=
"c:\\Program Files\\GVOD\\gvod.exe"=
"c:\\Program Files\\TTPlayer\\TTPlayer.exe"=
"c:\\Program Files\\uusee\\UUSeePlayer.exe"=
"c:\\Program Files\\Common Files\\uusee\\UUSeeMediaCenter.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.77\\ThunderService.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.77\\ThunderLiveUD.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.77\\XLBugReport.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\XLDoctor\\7.1.0.1962_1\\Program\\XLDoctorUI.exe"=
"c:\\Program Files\\PPLive\\PPTV\\PPLive.exe"=
"c:\\Program Files\\Common Files\\PPLiveNetwork\\PPAP.exe"=
"c:\\Program Files\\PPLive\\PPTV\\PPLiveU.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\XLDoctor\\7.1.4.2104_2\\Program\\XLDoctorUI.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\ThunderLiveUD.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.46_1111\\ThunderPlatform.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.46_1111\\ThunderLiveUD.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.46_1111\\XLBugReport.exe"=
"e:\\kl\\Condition Zero\\czero.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"c:\\Program Files\\HaoETV\\haoetv.exe"=
"e:\\Kai wei\\game\\Condition Zero\\czero.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/4/2011 10:10 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/4/2011 10:10 PM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/4/2011 10:10 PM 20568]
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;c:\windows\system32\drivers\DLKRTL.SYS [8/14/2010 2:39 PM 45568]
S2 coyqnctcq;Installer Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 7:56 AM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/17/2010 11:28 PM 136176]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/17/2010 11:28 PM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
coyqnctcq
.
计划任务 文件夹 里的内容
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 15:26]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 15:26]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-492894223-725345543-1003Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 17:48]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-492894223-725345543-1003UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 17:48]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.google.com.my/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: 使用UUSee下载 - c:\program files\uusee\geturltodown.htm
IE: 使用UUSee加速播放 - c:\program files\uusee\geturltoplay.htm
IE: 使用迅雷下载 - c:\program files\Thunder Network\Thunder\BHO\geturl.htm
IE: 使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\BHO\GetAllUrl.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} - hxxp://202.71.97.47/ibrowser/cibrowser_1_1_1_130.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\qxbvnb17.default\
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Windows Login access - c:\documents and settings\Admin\Application Data\windows.exe
HKLM-Run-Windows Login access - c:\documents and settings\Admin\Application Data\windows.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Kzlclm - c:\documents and settings\Admin\Application Data\Kzlclm.exe
MSConfigStartUp-RDReminder - c:\program files\RegClean Pro\RegCleanPro.exe
MSConfigStartUp-Stormtray - e:\program files\StormII\Stormtray.exe
MSConfigStartUp-TkBellExe - c:\program files\Real\RealPlayer\update\realsched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-24 12:28
Windows 5.1.2600 Service Pack 2 NTFS
.
扫描被隐藏的进程 。。。
.
扫描被隐藏的启动组 。。。
.
扫描被隐藏的文件 。。。
.
.
C:\## aswSnx private storage
.
扫描完成
被隐藏的档案: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\coyqnctcq]
"ServiceDll"="c:\windows\system32\ukohe.dll"
.
--------------------- 运行进程下的动态链接库 ---------------------
.
- - - - - - - > 'explorer.exe'(4084)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\conime.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
完成时间: 2012-02-24 12:32:41 - 电脑已重新启动
ComboFix-quarantined-files.txt 2012-02-24 04:32
.
Pre-Run: 722,206,720 bytes free
Post-Run: 6,848,741,376 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CHS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6A6CD7B16462964CB247F88D5A3141E7

#6 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,242 posts

Posted 23 February 2012 - 11:21 PM

Please download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
double click on the file to run it
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.

Back in Windows:
Copy ALL the below in the Code box and paste to an empty notepad file
Don't use anything else than notepad or the script will not work
To open Notepad you can go to Start>Programs>> Accessories, and then clicking Notepad.


Driver::
coyqnctcq
NetSvcs::
coyqnctcq
File::
c:\windows\system32\ukohe.dll
c:\documents and settings\Admin\Application Data\windows.exe
c:\documents and settings\Admin\Application Data\Kzlclm.exe
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"=-
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\coyqnctcq]
"ServiceDll"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\coyqnctcq]

Save this as txtfile on your desktop, with the exact name of
CFScript


Posted Image
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
When finished, it shall produce a log for you with the same name C:\ComboFix.txt..
I'll need to see that log again
NOTE: again, ensure that Avast does not interfere

After you post that new log from ComboFix
Please carry on and do the following:
Download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, you will be prompted to Decline or use Trial version>>>Select DECLINE
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#7 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 24 February 2012 - 12:38 AM

ComboFix 12-02-23.02 - Admin 4/2012 Fri 14:20:00.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.511.234 [GMT 8:00]
执行位置: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\Admin\Application Data\Kzlclm.exe"
"c:\documents and settings\Admin\Application Data\windows.exe"
"c:\windows\system32\ukohe.dll"
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COYQNCTCQ
-------\Service_coyqnctcq
.
.
((((((((((((((((((((((((( 2012-01-24 至 2012-02-24 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-02-24 05:05 . 2012-02-24 06:04 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2012-02-24 05:04 . 2012-02-24 05:04 -------- d-----w- c:\program files\VideoLAN
2012-02-09 15:07 . 2012-02-09 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 05:38 . 2011-06-15 18:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-10-04 14:09 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-10-04 14:09 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-10-04 14:10 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-10-04 14:10 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-10-04 14:10 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-10-04 14:10 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-10-04 14:10 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-10-04 14:10 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-10-04 14:10 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-10-04 14:10 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-08 02:37 . 2010-07-08 02:37 101544 -c--a-w- c:\program files\Common Files\LinkInstaller.exe
2011-09-29 06:53 . 2011-11-05 09:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . E8FF7E0C83514E075BA73EC18D6218F3 . 360960 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[-] 2007-05-25 . 591CA9DBE0EE5126840C22E085DB0FC6 . 360704 . . [5.1.2600.3002] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-02-24_04.28.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-24 06:32 . 2012-02-24 06:32 16384 c:\windows\Temp\Perflib_Perfdata_ec.dat
- 2012-02-24 04:28 . 2012-02-24 04:28 16384 c:\windows\Temp\Perflib_Perfdata_ec.dat
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2010-02-24 214408]
"PPAP"="c:\program files\Common Files\PPLiveNetwork\PPAP.EXE" [2011-08-05 442232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2007-05-25 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5500 Series]
2007-01-25 06:00 179200 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-04 17:48 136176 ----atw- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 16:47 31016 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2007-05-25 05:18 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-15 22:03 221184 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-15 22:03 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-03 21:31 59392 -c--a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 04:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 04:22 86016 -c--a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 04:22 1622016 -c--a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-03 21:32 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-03 21:32 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
2011-08-05 09:16 442232 ----a-w- c:\program files\Common Files\PPLiveNetwork\PPAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPS Accelerator]
2010-02-24 03:25 214408 ----a-w- c:\program files\PPStream\PPSAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2002-06-26 09:36 90112 -c--a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 04:59 254696 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UUSeeMediaCenter]
2011-12-26 07:00 533880 ----a-w- c:\progra~1\COMMON~1\uusee\UUSeeMediaCenter.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TTPlayer\\TTPlayer.exe"=
"c:\\Program Files\\uusee\\UUSeePlayer.exe"=
"c:\\Program Files\\Common Files\\uusee\\UUSeeMediaCenter.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\XLDoctor\\7.1.0.1962_1\\Program\\XLDoctorUI.exe"=
"c:\\Program Files\\PPLive\\PPTV\\PPLive.exe"=
"c:\\Program Files\\Common Files\\PPLiveNetwork\\PPAP.exe"=
"c:\\Program Files\\PPLive\\PPTV\\PPLiveU.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\XLDoctor\\7.1.4.2104_2\\Program\\XLDoctorUI.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\ThunderLiveUD.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.46_1111\\ThunderPlatform.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.46_1111\\ThunderLiveUD.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.46_1111\\XLBugReport.exe"=
"e:\\kl\\Condition Zero\\czero.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"c:\\Program Files\\HaoETV\\haoetv.exe"=
"e:\\Kai wei\\game\\Condition Zero\\czero.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/4/2011 10:10 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/4/2011 10:10 PM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/4/2011 10:10 PM 20568]
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;c:\windows\system32\drivers\DLKRTL.SYS [8/14/2010 2:39 PM 45568]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/17/2010 11:28 PM 136176]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/17/2010 11:28 PM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
计划任务 文件夹 里的内容
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 15:26]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 15:26]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-492894223-725345543-1003Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 17:48]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-492894223-725345543-1003UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 17:48]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.google.com.my/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: 使用UUSee下载 - c:\program files\uusee\geturltodown.htm
IE: 使用UUSee加速播放 - c:\program files\uusee\geturltoplay.htm
IE: 使用迅雷下载 - c:\program files\Thunder Network\Thunder\BHO\geturl.htm
IE: 使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\BHO\GetAllUrl.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} - hxxp://202.71.97.47/ibrowser/cibrowser_1_1_1_130.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\qxbvnb17.default\
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-GVOD - c:\program files\GVOD\GVODS.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-24 14:32
Windows 5.1.2600 Service Pack 2 NTFS
.
扫描被隐藏的进程 。。。
.
扫描被隐藏的启动组 。。。
.
扫描被隐藏的文件 。。。
.
扫描完成
被隐藏的档案: 0
.
**************************************************************************
.
--------------------- 运行进程下的动态链接库 ---------------------
.
- - - - - - - > 'explorer.exe'(3956)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\conime.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
完成时间: 2012-02-24 14:36:09 - 电脑已重新启动
ComboFix-quarantined-files.txt 2012-02-24 06:36
ComboFix2.txt 2012-02-24 04:32
.
Pre-Run: 7,092,113,408 bytes free
Post-Run: 7,085,019,136 bytes free
.
- - End Of File - - C020B3F9A03CE87E2544744A3A9145C2

#8 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 24 February 2012 - 12:50 AM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.23.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: GUNNERS [administrator]

2/24/2012 2:44:39 PM
mbam-log-2012-02-24 (14-44-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 173774
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (Adware.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker.1 (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\Typelib\{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Interface\{988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\Software\baidu (Adware.Bdsearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion|Start Page (Spyware.Agent) -> Data: http://redirecturls.info/ -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Documents and Settings\Admin\Application Data\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\Baidu\Toolbar (Trojan.Cinmus) -> Quarantined and deleted successfully.

Files Detected: 3
C:\WINDOWS\sppert.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\Baidu\Toolbar\bdsrch.txt (Trojan.Cinmus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\Baidu\Toolbar\iexp.dat (Trojan.Cinmus) -> Quarantined and deleted successfully.

(end)

#9 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,242 posts

Posted 24 February 2012 - 10:07 AM

Your copy of Java is outdated and insecure
Close down all browser windows
Access your Add/Remove programs and uninstall Java 6 Update 26
After you have removed it

Do a "System scan only" with Hijackthis and put a check next to these entries if they still exist

O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Restart the computer

Back in Windows:
Go to the following link to install the latest version of Java
NOTE: UNTICK any option to install a toolbar or Security Scan if offered before/while installation
http://java.com/en/download/index.jsp

Once again, temporarily disable Avast protections.
Download and save to desktop the installer to Eset Online Scanner from here
esetsmartinstaller_enu.exe

Double click on the file to run it, check YES to accept the agreement
Ensure "Remove Found Threats" and "Scan Archives" are both checked
Then click START>> It should now download virus signature database
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

In addition, reopen OTL.exe
Run a Quick Scan, when the scan is complete, only one log will be produced
Post it's contents please

Make sure to now reenable protections with AVAST!

Also, keep me informed how things are now running

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#10 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 24 February 2012 - 04:42 PM

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=27de595f7ba59742a877e32229d52cad
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-24 09:06:22
# local_time=2012-02-25 05:06:22 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 12380861 12380861 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 596 596 0 0
# scanned=1370
# found=0
# cleaned=0
# scan_time=119
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=27de595f7ba59742a877e32229d52cad
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-24 10:40:09
# local_time=2012-02-25 06:40:09 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 12381259 12381259 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 994 994 0 0
# scanned=64439
# found=1
# cleaned=1
# scan_time=5335
C:\Documents and Settings\Admin\My Documents\Downloads\Unconfirmed 16935.crdownload a variant of Win32/MessengerPlus.A application (deleted - quarantined) 00000000000000000000000000000000 C

#11 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 24 February 2012 - 04:55 PM

OTL logfile created on: 2/25/2012 6:44:46 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.46 Mb Total Physical Memory | 141.11 Mb Available Physical Memory | 27.59% Memory free
1.45 Gb Paging File | 1.09 Gb Available in Paging File | 75.18% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 6.24 Gb Free Space | 31.94% Space Free | Partition Type: NTFS
Drive E: | 56.79 Gb Total Space | 0.95 Gb Free Space | 1.68% Space Free | Partition Type: NTFS

Computer Name: GUNNERS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/24 01:36:27 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2011/11/29 02:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/29 02:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/05 17:16:22 | 000,442,232 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2010/02/24 11:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- C:\Program Files\PPStream\PPSAP.exe
PRC - [2007/05/25 13:16:19 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/11 12:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2004/08/04 07:56:50 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe
PRC - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/25 00:32:21 | 001,714,688 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12022401\algo.dll
MOD - [2012/02/23 21:26:31 | 001,714,688 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12022301\algo.dll
MOD - [2012/02/11 21:36:12 | 000,349,608 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsclient.dll
MOD - [2011/11/16 13:51:31 | 000,034,152 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsstatistic.dll
MOD - [2011/11/16 13:51:09 | 000,030,056 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsdone.dll
MOD - [2011/08/05 17:07:30 | 000,395,112 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\MngModule.dll
MOD - [2011/08/02 15:11:10 | 000,143,720 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\kernel\FWUpnp.dll
MOD - [2010/11/09 17:28:34 | 000,247,304 | ---- | M] () -- C:\Program Files\Internet Explorer\PPLite\plugin\pplugin2.dll
MOD - [2006/10/22 12:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/29 02:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/05/18 15:49:30 | 001,689,120 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Program Files\HaoETV\core\najia\vjocx.dll -- (vvdsvc)
SRV - [2007/01/11 12:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/11/29 01:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/29 01:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/29 01:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/29 01:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/29 01:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/29 01:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/29 01:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/03/19 00:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2007/05/25 13:25:37 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2005/12/23 14:14:26 | 000,088,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\W700mgmt.sys -- (W700mgmt) Sony Ericsson W700 USB WMC Device Management Drivers (WDM)
DRV - [2005/12/23 14:12:06 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\W700bus.sys -- (W700bus) Sony Ericsson W700 Driver driver (WDM)
DRV - [2005/12/23 05:25:10 | 000,006,861 | R--- | M] (Conexant Systems, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UIUSYS.SYS -- (UIUSys)
DRV - [2004/08/04 07:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/06/24 12:30:58 | 000,045,568 | R--- | M] (D-Link Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DLKRTL.SYS -- (DFE528TX)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.autoconfig_url: "http://localhost:900...pplication.pac"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrlPlugin: C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(25).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/16 21:24:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/05 17:28:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/25 04:53:29 | 000,000,000 | ---D | M]

[2011/11/05 17:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2012/02/25 04:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/25 04:53:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/12/16 21:24:37 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/02/25 04:53:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/29 14:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/25 04:53:07 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/17 14:00:12 | 000,305,152 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npuuseep.dll
[2011/10/03 17:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011/09/29 08:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: npruntime scriptable example plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npuuseep.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Windows Media Player\np-mswmp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Thunder DapCtrl Plugin (Enabled) = C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(25).dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: vshare plugin = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/24 14:32:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ѹ֧) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.4.2104.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.EXE (PPLive Corporation)
O4 - HKCU..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSAP.exe (PPStream Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files\uusee\geturltodown.htm ()
O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files\uusee\geturltoplay.htm ()
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm ()
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\BHO\getAllurl.htm ()
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} http://202.71.97.47/...r_1_1_1_130.cab (Innotive Cibrowser Control 1.1)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (PPLive Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA76F39E-8D1B-4D7A-A683-72D9C742BA82}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/14 01:27:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/02/24 12:00:55 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/02/24 12:00:55 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/25 04:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/25 04:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/25 04:53:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/02/25 04:53:29 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/02/25 04:53:28 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/02/25 04:53:28 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/02/25 04:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/02/25 04:46:12 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Admin\Desktop\esetsmartinstaller_enu.exe
[2012/02/25 04:44:47 | 000,909,088 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Admin\Desktop\JavaSetup6u31.exe
[2012/02/24 14:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2012/02/24 14:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 14:40:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/24 14:40:37 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/24 14:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/24 14:39:53 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/24 14:08:39 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\TFC.exe
[2012/02/24 13:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\vlc
[2012/02/24 13:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/02/24 13:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/02/24 12:10:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/24 12:08:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/24 12:08:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/24 12:08:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/24 12:08:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/24 12:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/24 12:07:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/24 12:07:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools
[2012/02/24 12:00:55 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2012/02/24 11:56:15 | 004,418,150 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2012/02/24 01:36:17 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012/02/10 02:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\EI
[2012/02/09 23:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\New Folder (3)
[2012/02/09 23:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\New Folder (2)
[2012/02/09 23:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/25 06:27:08 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-492894223-725345543-1003UA.job
[2012/02/25 06:27:07 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/25 05:27:11 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-492894223-725345543-1003Core.job
[2012/02/25 05:27:11 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/25 04:53:07 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/02/25 04:53:07 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/02/25 04:53:07 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/02/25 04:53:07 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/02/25 04:46:43 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Admin\Desktop\esetsmartinstaller_enu.exe
[2012/02/25 04:44:59 | 000,909,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Admin\Desktop\JavaSetup6u31.exe
[2012/02/25 04:43:21 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\HiJackThis.lnk
[2012/02/25 04:35:28 | 000,003,429 | ---- | M] () -- C:\WINDOWS\psnetwork.ini
[2012/02/25 04:35:16 | 000,000,096 | ---- | M] () -- C:\WINDOWS\PCDNSetting.ini
[2012/02/25 04:33:45 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/02/25 04:33:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/25 04:33:24 | 536,383,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/24 21:54:27 | 000,002,174 | ---- | M] () -- C:\WINDOWS\powerlist.ini
[2012/02/24 21:54:25 | 000,002,424 | ---- | M] () -- C:\WINDOWS\powerplayer.ini
[2012/02/24 21:50:27 | 000,000,141 | ---- | M] () -- C:\WINDOWS\ppsarea.ini
[2012/02/24 21:50:25 | 000,000,060 | ---- | M] () -- C:\WINDOWS\MediaList.ini
[2012/02/24 14:57:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/02/24 14:40:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/24 14:40:17 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/24 14:32:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/24 14:08:50 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\TFC.exe
[2012/02/24 13:05:19 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/02/24 13:03:36 | 022,012,750 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\vlc-2.0.0-win32.exe
[2012/02/24 11:57:03 | 004,418,150 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2012/02/24 11:56:43 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Flash_Disinfector.exe
[2012/02/24 01:36:27 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012/02/23 09:35:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\OOIIEProxy.ini
[2012/02/22 16:20:40 | 000,037,417 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\28e19fe82.jpg
[2012/02/21 11:24:54 | 000,768,069 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Ng Win Siau - HT027257M.pdf
[2012/02/20 22:00:45 | 000,000,028 | ---- | M] () -- C:\WINDOWS\msgtn.ini
[2012/02/20 14:55:25 | 011,675,219 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\book.pdf
[2012/02/17 13:38:53 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/15 01:20:33 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/12 23:29:05 | 000,066,911 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\timetable.JPG
[2012/02/12 03:12:21 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\coreavc.ini
[2012/02/11 21:31:19 | 000,000,204 | ---- | M] () -- C:\WINDOWS\struct~.ini
[2012/02/07 20:56:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/24 14:40:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/24 13:05:19 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/02/24 12:58:52 | 022,012,750 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\vlc-2.0.0-win32.exe
[2012/02/24 12:11:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/24 12:11:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/24 12:08:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/24 12:08:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/24 12:08:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/24 12:08:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/24 12:08:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/24 11:56:30 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Flash_Disinfector.exe
[2012/02/22 16:20:45 | 000,037,417 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\28e19fe82.jpg
[2012/02/21 11:25:00 | 000,768,069 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Ng Win Siau - HT027257M.pdf
[2012/02/20 14:55:37 | 011,675,219 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\book.pdf
[2012/02/12 23:29:04 | 000,066,911 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\timetable.JPG
[2011/11/20 02:46:45 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\ppstreampps_cfg_record.db
[2011/11/20 02:44:15 | 000,000,091 | ---- | C] () -- C:\WINDOWS\user.ini
[2011/11/19 00:54:57 | 000,000,141 | ---- | C] () -- C:\WINDOWS\ppsarea.ini
[2011/11/19 00:54:26 | 000,000,025 | ---- | C] () -- C:\WINDOWS\PPStream.ini
[2011/06/09 11:15:02 | 000,709,992 | ---- | C] () -- C:\WINDOWS\System32\kindling.dll
[2011/03/13 12:23:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/23 18:51:45 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/01/03 13:24:04 | 000,000,027 | ---- | C] () -- C:\WINDOWS\OOIIEProxy.ini
[2010/10/04 23:24:40 | 000,075,432 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/06/21 00:17:56 | 000,000,204 | ---- | C] () -- C:\WINDOWS\struct~.ini
[2010/06/14 00:37:21 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\coreavc.ini
[2010/04/17 19:42:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\prvlcl.dat
[2010/04/08 01:46:56 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\46034DEA59.sys
[2010/04/08 01:46:06 | 000,000,394 | ---- | C] () -- C:\WINDOWS\capture.ini
[2010/04/08 01:45:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CorelDrw.INI
[2010/04/08 01:25:04 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/03/14 21:45:01 | 000,000,096 | ---- | C] () -- C:\WINDOWS\PCDNSetting.ini
[2010/03/07 13:01:28 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/02 01:18:07 | 000,000,060 | ---- | C] () -- C:\WINDOWS\MediaList.ini
[2010/03/01 23:05:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/03/01 10:54:41 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/03/01 10:54:41 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/03/01 10:54:41 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/03/01 10:54:41 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/03/01 10:54:41 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/03/01 10:54:41 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/03/01 10:54:41 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/03/01 10:54:41 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/03/01 10:54:41 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/03/01 10:54:41 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/03/01 10:54:41 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/03/01 10:54:41 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/03/01 10:54:41 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/03/01 10:54:41 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/03/01 10:54:41 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/03/01 10:54:41 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/03/01 10:54:41 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/03/01 10:54:41 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/03/01 10:54:41 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/03/01 10:42:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX5500Asia.ini

< End of report >













OTL Extras logfile created on: 2/25/2012 6:44:46 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.46 Mb Total Physical Memory | 141.11 Mb Available Physical Memory | 27.59% Memory free
1.45 Gb Paging File | 1.09 Gb Available in Paging File | 75.18% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 6.24 Gb Free Space | 31.94% Space Free | Partition Type: NTFS
Drive E: | 56.79 Gb Total Space | 0.95 Gb Free Space | 1.68% Space Free | Partition Type: NTFS

Computer Name: GUNNERS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Playback] -- "C:\Program Files\TTPlayer\TTPlayer.exe" "%1" (Alen Soft)
Directory [PlayList] -- "C:\Program Files\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\TTPlayer\TTPlayer.exe" = C:\Program Files\TTPlayer\TTPlayer.exe:*:Enabled:?????2?y -- (Alen Soft)
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- ()
"C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe" = C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe:*:Enabled:MediaCenter -- (UUSEE)
"C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.0.1962_1\Program\XLDoctorUI.exe" = C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.0.1962_1\Program\XLDoctorUI.exe:*:Enabled:XLDoctorUI7.1.0.1962 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\PPLive\PPTV\PPLive.exe" = C:\Program Files\PPLive\PPTV\PPLive.exe:*:Enabled:PPLive -- (PPLive Corporation)
"C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" = C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe:*:Enabled:PPLive -- (PPLive Corporation)
"C:\Program Files\PPLive\PPTV\PPLiveU.exe" = C:\Program Files\PPLive\PPTV\PPLiveU.exe:*:Enabled:PPLiveU -- (PPLive Corporation)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
"C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.4.2104_2\Program\XLDoctorUI.exe" = C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.4.2104_2\Program\XLDoctorUI.exe:*:Enabled:XLDoctorUI7.1.4.2104 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe" = C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe:*:Enabled:Thunder7.1.4.2104 -- (深圳市迅雷网络技术有限公司)
"C:\Program Files\Thunder Network\Thunder\Program\ThunderLiveUD.exe" = C:\Program Files\Thunder Network\Thunder\Program\ThunderLiveUD.exe:*:Enabled:Thunder LiveUpdate7.1.4.2104 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.46_1111\ThunderPlatform.exe" = C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.46_1111\ThunderPlatform.exe:*:Enabled:ThunderPlatform1.1.2.46 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.46_1111\ThunderLiveUD.exe" = C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.46_1111\ThunderLiveUD.exe:*:Enabled:ThunderLiveUD1.1.2.46 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.46_1111\XLBugReport.exe" = C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.46_1111\XLBugReport.exe:*:Enabled:XLBugReport1.1.2.46 -- (ShenZhen Xunlei Networking Technologies,LTD)
"E:\kl\Condition Zero\czero.exe" = E:\kl\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher -- (Valve)
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSa???|?o? -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS a??????′??? -- (PPStream Inc)
"C:\Program Files\HaoETV\haoetv.exe" = C:\Program Files\HaoETV\haoetv.exe:*:Enabled:o??a?o? -- (www.haoetv.com)
"E:\Kai wei\game\Condition Zero\czero.exe" = E:\Kai wei\game\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher -- (Valve)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{D893565C-10EA-45AF-AFDA-0514B0DC0AE2}" = EPSON Easy Photo Print
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"Delta Force Task Force Dagger" = Delta Force Task Force Dagger
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PPLive" = PPTV V3.0.4.0008
"PPStream" = PPS影音 V2.7.0.1345 正式版
"SopCast" = SopCast 3.0.3
"SpeedFan" = SpeedFan (remove only)
"thunder_is1" = 迅雷7
"TTPlayer" = 千千静听 5.6正式版
"UUSEE" = UUSee 网络电视 [6.10.608.1]
"UUSEE_base" = UUSee Basic components
"VLC media player" = VLC media player 2.0.0
"vShare" = vShare Plugin
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"好易网视" = 好易网视

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CCTVBox" = CCTVBox Uninstall
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/29/2012 10:25:15 AM | Computer Name = GUNNERS | Source = Application Error | ID = 1000
Description = Faulting application realupgrade.exe, version 12.0.1.647, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 1/30/2012 9:06:52 AM | Computer Name = GUNNERS | Source = Application Error | ID = 1000
Description = Faulting application realupgrade.exe, version 12.0.1.647, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 1/30/2012 11:43:25 AM | Computer Name = GUNNERS | Source = Application Error | ID = 1000
Description = Faulting application realupgrade.exe, version 12.0.1.647, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 2/1/2012 2:54:26 AM | Computer Name = GUNNERS | Source = Application Error | ID = 1000
Description = Faulting application realupgrade.exe, version 12.0.1.647, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 2/1/2012 6:21:45 AM | Computer Name = GUNNERS | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/3/2012 5:10:31 AM | Computer Name = GUNNERS | Source = Application Error | ID = 1000
Description = Faulting application realupgrade.exe, version 12.0.1.647, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 2/8/2012 9:25:33 AM | Computer Name = GUNNERS | Source = Application Error | ID = 1000
Description = Faulting application realupgrade.exe, version 12.0.1.647, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 2/9/2012 11:32:48 AM | Computer Name = GUNNERS | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 16.0.912.77, faulting module
wininet.dll, version 8.0.6001.18702, fault address 0x00029263.

Error - 2/9/2012 12:17:25 PM | Computer Name = GUNNERS | Source = Application Error | ID = 1000
Description = Faulting application realupgrade.exe, version 12.0.1.647, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 2/9/2012 2:06:27 PM | Computer Name = GUNNERS | Source = Application Error | ID = 1000
Description = Faulting application realupgrade.exe, version 12.0.1.647, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

[ System Events ]
Error - 2/24/2012 12:03:21 AM | Computer Name = GUNNERS | Source = Service Control Manager | ID = 7023
Description = The Installer Driver service terminated with the following error:
%%126

Error - 2/24/2012 12:07:40 AM | Computer Name = GUNNERS | Source = Service Control Manager | ID = 7034
Description = The EPSON V3 Service4(01) service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/24/2012 12:28:14 AM | Computer Name = GUNNERS | Source = Service Control Manager | ID = 7023
Description = The Installer Driver service terminated with the following error:
%%126

Error - 2/24/2012 2:07:03 AM | Computer Name = GUNNERS | Source = Service Control Manager | ID = 7023
Description = The Installer Driver service terminated with the following error:
%%126

Error - 2/24/2012 2:10:51 AM | Computer Name = GUNNERS | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/24/2012 2:10:51 AM | Computer Name = GUNNERS | Source = Service Control Manager | ID = 7034
Description = The EPSON V3 Service4(01) service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/24/2012 2:10:51 AM | Computer Name = GUNNERS | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/24/2012 2:10:51 AM | Computer Name = GUNNERS | Source = Service Control Manager | ID = 7034
Description = The SoundMAX Agent Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/24/2012 2:14:06 AM | Computer Name = GUNNERS | Source = Service Control Manager | ID = 7023
Description = The Installer Driver service terminated with the following error:
%%126

Error - 2/24/2012 2:17:28 AM | Computer Name = GUNNERS | Source = Service Control Manager | ID = 7034
Description = The EPSON V3 Service4(01) service terminated unexpectedly. It has
done this 1 time(s).


< End of report >

#12 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 24 February 2012 - 05:06 PM

thx so much!
I will keep on updates how things are running!
So far so good, there are no more hang of my comp. Thx!
btw, according to ur knowledge,
which web browser will be more suitable for me, in case to reduce the memory usage used by the computer?

#13 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,242 posts

Posted 26 February 2012 - 06:04 PM

Sorry for the delay, ensure that you still have a copy of ComboFix on your desktop

Then do the following:
Go to START>>RUN>>Copy and paste the next command then hit OK

ComboFix /uninstall

This will uninstall ComboFix and it's components

Open OTL.exe and click on the CLEANUP button
Follow the prompts and reboot when prompted
This will properly remove OTL

You can uninstall Eset Online Scanner from Add and Remove Programs
You might want to hold onto Malwarebytes Anti-Malware
Update and run a Quick Scan every couple of weeks

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#14 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 06 March 2012 - 09:03 AM

ok, done!

#15 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,242 posts

Posted 06 March 2012 - 01:46 PM

I'll lock this topic as your problems appear resolved :)

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users