Jump to content

scan files and receive application error message


castle

Recommended Posts

The problem is when i scan the selected files,

first file scan error says [ The instruction at "0x1001fffe"referenced memory at "0x1005bae0".The memory could not be "read". ]

second file scan error says [ The instruction at "0x1001fffe"referenced memory at "0x1005bad8".The memory could not be "read". ]

The attachments file is second file .

I have another post of this problem in General Malwarebytes' Anti-Malware Forum , a member told me to uncheck [Enable advanced heuristics engine (Heuristics Shuriken)] in Malwarebytes' Anti-Malware's scanner settings to scan the problem file , after i uncheck the setting , scanning the file results succesfully . If the [Enable advanced heuristics engine] check , the problem came back .

I run Defogger , DDS and GMER Rootkit Scanner . The GMER file scan take 5 hours to scan , i click the save and the computer became no active , i have to hold press the power button to reset the computer .

Second GMER scan i uncheck the option of [scan file on drive C] , and the scan only take 10 minutes to finish .

The only difference in scan results of option [scan file on drive C] checked is it detect my computer software MYLOCKBOX and the file store in it .

DDS (Ver_10-03-17.01) - NTFSx86

Run by Lenovo User at 17:16:56.73 on 09/30/2010 Thu

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1913.1370 [GMT 8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}

============== Running Processes ===============

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\Program Files\Tencent\QQDoctor\QQDrRtpSvc.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Lenovo\Energy Management\utilty.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Program Files\Tencent\QQDoctor\QQPCLeakScan.exe

C:\Program Files\Lenovo\Energy Management\Energy Management.exe

C:\WINDOWS\system32\fsproflt.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Program Files\Notebook Hardware Control\nhc.exe

C:\Program Files\My Lockbox\mylbx.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\fast.exe

C:\Program Files\Tencent\QQDoctor\QQDoctorRTP.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\WizMouse\WizMouse.exe

C:\WINDOWS\system32\Fast.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Tencent\QQDoctor\QQDrNetMon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\conime.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Documents and Settings\Lenovo User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearch Page = hxxp://www.baidu.com/index.php?tn=avantcn_dg

uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: ThunderAtOnce Class: {01443aec-0fd1-40fd-9c87-e93d1494c233} - c:\program files\thunder network\thunder\comdlls\TDAtOnce_Now.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PIPI Link Helper: {1a3440c6-f123-4cab-84ee-c814e1ae0d8f} - c:\program files\pipi\JfCheck.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: CTSWebSiteMon Class: {7c260b4b-f7a0-40b5-b403-befcdc6a4c3b} - c:\program files\tencent\qqdoctor\TSWebMon.dat

BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\lenovo user\application data\flashgetbho\FlashGetBHO3.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: WebBHO Class: {e073558a-933c-410f-a986-08fe277b3f38} - c:\program files\flashget network\flashget 3\ATLBHO.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WizMouse] "c:\program files\wizmouse\WizMouse.exe"

mRun: [EnergyUtility] c:\program files\lenovo\energy management\utilty.exe

mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [NotebookHardwareControl] "c:\program files\notebook hardware control\nhc.exe" -quiet

mRun: [mylbx] c:\program files\my lockbox\mylbx.exe /a

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [FastUser] c:\windows\system32\fast.exe

mRun: [_QQDoctorRTP] "c:\program files\tencent\qqdoctor\QQDoctorRTP.exe" /regrun

uPolicies-explorer: NoSMBalloonTip = 0 (0x0)

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: ????3?? - c:\documents and settings\lenovo user\application data\flashgetbho\GetUrl.htm

IE: ????3?????? - c:\documents and settings\lenovo user\application data\flashgetbho\GetAllFlvUrl.htm

IE: ????3?????? - c:\documents and settings\lenovo user\application data\flashgetbho\GetAllUrl.htm

IE: ????3?????? - c:\documents and settings\lenovo user\application data\flashgetbho\GetFlvUrl.htm

IE: ?????? - c:\program files\thunder network\thunder\program\GetUrl.htm

IE: ?????????? - c:\program files\thunder network\thunder\program\GetAllUrl.htm

IE: ???????? - c:\program files\thunder network\thunder\program\OfflineDownload.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\program files\tencent\qqdoctor\TSFilter.dll

LSP: c:\program files\avira\antivir desktop\avsda.dll

Trusted Zone: kuaiche.com\software

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253767187031

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lenovo~1\applic~1\mozilla\firefox\profiles\26uq3olg.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - component: c:\documents and settings\lenovo user\application data\mozilla\firefox\profiles\26uq3olg.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashGetXPI.dll

FF - plugin: c:\documents and settings\lenovo user\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrlFirefox.2.0.5901.12.(541).dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\opera\program\plugins\np_gp.dll

FF - plugin: c:\program files\opera\program\plugins\nporbit.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\program files\windows media player\np-mswmp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2009-9-26 43792]

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-3-17 15328]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-24 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-24 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-24 267432]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-9-24 405672]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-23 60936]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-9-26 142648]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-23 54752]

R2 QQDrRtpSvc;QQDoctor RTP Service;c:\program files\tencent\qqdoctor\QQDrRtpSvc.exe [2010-9-30 395640]

R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-3-17 220128]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-6-23 9472]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-6-23 97536]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2010-3-17 44512]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2009-9-25 160640]

S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2009-9-25 5248]

S4 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-9-24 337064]

============== File Associations ===============

chm.file="hh.exe" %1

txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2010-09-30 09:11:58 54 ----a-w- c:\documents and settings\lenovo user\defogger_reenable

2010-09-29 22:31:59 0 d-----w- c:\docume~1\lenovo~1\applic~1\Tencent

2010-09-29 22:31:55 0 d-----w- c:\program files\Tencent

2010-09-29 20:25:00 0 d-----w- c:\program files\360

2010-09-29 06:55:21 0 d-----w- C:\QMDownload

2010-09-29 06:52:32 0 d-----w- c:\windows\system32\%APPDATA%

2010-09-29 06:52:26 0 d-----w- c:\program files\common files\Tencent

2010-09-24 07:05:04 0 d-----w- c:\program files\115

2010-09-20 11:46:40 69632 ----a-w- c:\windows\system32\CrcCtrl.ocx

2010-09-20 11:46:01 0 d-----w- c:\program files\Duplicate Cleaner

2010-09-19 19:12:17 0 d-----w- c:\program files\ReNamer

2010-09-18 11:12:27 0 d-----w- c:\program files\The KMPlayer

2010-09-13 17:34:05 0 d-----w- c:\docume~1\lenovo~1\applic~1\Thunder Network

2010-09-13 13:22:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-13 13:22:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-13 13:22:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-12 15:44:54 0 d-----w- c:\program files\Auslogics

2010-09-12 15:38:41 0 d-----w- c:\program files\SpywareBlaster

2010-09-12 15:34:41 0 d-----w- c:\program files\CCleaner

2010-09-01 19:30:44 0 d-----w- c:\windows\system32\URTTEMP

2010-08-31 12:53:47 0 d-----w- c:\docume~1\lenovo~1\applic~1\Actual Tools

2010-08-31 12:07:04 0 d-----w- c:\windows\Downloaded Installations

2010-08-31 12:06:43 0 d-----w- c:\program files\WizMouse

2010-08-31 11:58:50 0 d-----w- c:\program files\Actual Window Minimizer

2010-08-31 11:39:27 0 d-----w- c:\program files\OpenTarget

==================== Find3M ====================

2010-09-30 09:14:25 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys

2010-09-23 22:44:57 2940 ----a-w- c:\windows\system32\cid_store.dat

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-16 21:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

2009-09-24 03:29:54 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009092420090925\index.dat

2010-05-15 08:51:44 32768 --sha-w- c:\windows\temp\cookies\index.dat

2010-05-15 08:51:44 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat

2010-05-15 08:51:44 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 17:17:47.90 ===============

Is the problem a bug , or do my computer is infected ?

ark.rar

Attach.rar

Link to post
Share on other sites

Hello castle

Welcome to Malwarebytes.

The file you attached was malware please delete it.

Is this the only file it had problems scanning?

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90

    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

I uploaded another file, it is a FlashGet download manager software. The previous file i upload is use to remove the ad in the FlashGet.

Scanning other older version of those files also receive application error message if i have check [Enable advanced heuristics engine (Heuristics Shuriken)] in Malwarebytes' Anti-Malware's scanner settings.

I don't know if the files are malware or not... the files software are install in my computer now.

-------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 10/2/2010 2:36:38 AM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Lenovo User\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.50 Gb Total Space | 46.89 Gb Free Space | 62.93% Space Free | Partition Type: NTFS

Drive D: | 74.54 Gb Total Space | 3.41 Gb Free Space | 4.57% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: LENOVO-85800169

Current User Name: Lenovo User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Lenovo User\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Tencent\QQDoctor\QQDrNetMon.exe (Tencent)

PRC - C:\Program Files\Tencent\QQDoctor\QQDoctorRtp.exe (Tencent)

PRC - C:\Program Files\Tencent\QQDoctor\QQDrRtpSvc.exe (Tencent)

PRC - C:\Program Files\WizMouse\WizMouse.exe (Antibody Software)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Macrium\Reflect\ReflectService.exe ()

PRC - C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)

PRC - C:\WINDOWS\system32\fsproflt.exe (FSPro Labs)

PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\conime.exe (Microsoft Corporation)

PRC - C:\Program Files\Lenovo\Energy Management\utilty.exe (Lenovo(Beijing)Limited)

PRC - C:\Program Files\Notebook Hardware Control\nhc.exe (http://www.pbus-167.com)

PRC - C:\WINDOWS\system32\Fast.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Lenovo User\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (QQDrRtpSvc) -- C:\Program Files\Tencent\QQDoctor\QQDrRtpSvc.exe (Tencent)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)

SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)

SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (ReflectService) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()

SRV - (fsproflt) -- C:\WINDOWS\system32\fsproflt.exe (FSPro Labs)

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (InteractiveLogon) -- C:\WINDOWS\System32\Fast.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (nhcDriverDevice) -- C:\WINDOWS\system32\drivers\nhcDriver.sys (pBUS-167 Software - http://www.pbus-167.com)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (pssnap) -- C:\WINDOWS\system32\DRIVERS\pssnap.sys (Macrium Software)

DRV - (PSMounter) -- C:\WINDOWS\system32\drivers\psmounter.sys (Macrium Software)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)

DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)

DRV - (FSProFilter) -- C:\WINDOWS\System32\Drivers\FSPFltd.sys (FSPro Labs)

DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (ACPIVPC) -- C:\WINDOWS\system32\drivers\AcpiVpc.sys (Lenovo Corporation)

DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corporation)

DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)

DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)

DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)

DRV - (ZSMC303) VIMICRO USB PC Camera (ZC0301PLH) -- C:\WINDOWS\system32\drivers\usbVM303.sys (Vimicro Corporation)

DRV - (a347bus) -- C:\WINDOWS\system32\DRIVERS\a347bus.sys ( )

DRV - (a347scsi) -- C:\WINDOWS\System32\Drivers\a347scsi.sys ( )

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.baidu.com/index.php?tn=avantcn_dg

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.31

FF - prefs.js..extensions.enabledItems: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:0.19.7

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.2

FF - prefs.js..extensions.enabledItems: {2e61e246-e640-4c56-b1ed-f146dbed48cd}:1.0

FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7

FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.5

FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10

FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.5

FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/24 11:43:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/10 11:37:57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/18 22:59:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/18 22:59:44 | 000,000,000 | ---D | M]

[2009/10/30 02:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Extensions

[2009/10/30 02:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/10/02 02:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\extensions

[2010/05/31 02:01:14 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}

[2010/09/15 21:41:24 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2010/04/30 07:11:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/09/22 19:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}

[2010/09/22 19:58:15 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/09/09 22:41:23 | 000,000,000 | ---D | M] (Mozilla Archive Format) -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}

[2010/04/16 21:53:09 | 000,000,000 | ---D | M] (Charamel) -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}

[2010/08/19 06:49:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/07/22 08:08:49 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}

[2010/03/05 17:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\extensions\chromifox@altmusictv.com

[2010/04/19 18:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\extensions\firegestures@xuldev.org

[2010/04/06 13:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\extensions\nasanightlaunch@example.com

[2010/04/16 21:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\extensions\silvermel@pardal.de

[2010/04/16 21:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\extensions\silvermelxt@pardal.de

[2010/04/06 11:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\extensions\Strata40@SpewBoy.au

[2010/05/31 02:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions

[2010/04/06 11:35:34 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Lenovo User\Application Data\Mozilla\Firefox\Profiles\26uq3olg.default\searchplugins\mozilla-add-ons.xml

[2010/10/02 02:20:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/09/18 04:11:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/08/11 22:52:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/09/18 04:11:30 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/09/18 04:11:30 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/01/18 16:04:02 | 000,079,664 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) -- C:\Program Files\Mozilla Firefox\components\ThunderComponent.dll

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/09/18 04:11:32 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2010/08/13 07:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/04/17 02:00:00 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2010/04/17 02:00:00 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2010/01/23 01:59:49 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/01/23 01:59:49 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/01/23 01:59:49 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/01/23 01:59:49 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/01/23 01:59:49 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/01/23 01:59:49 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/01/23 01:59:49 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/04 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (?????????????)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Program Files\pipi\JfCheck.dll (PIPI Tech.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (CTSWebSiteMon Class) - {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - C:\Program Files\Tencent\QQDoctor\TSWebMon.dat (Tencent)

O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Lenovo User\Application Data\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (WebBHO Class) - {E073558A-933C-410F-A986-08FE277B3F38} - C:\Program Files\FlashGet Network\FlashGet 3\ATLBHO.dll File not found

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()

O4 - HKLM..\Run: [_QQDoctorRTP] C:\Program Files\Tencent\QQDoctor\QQDoctorRTP.exe (Tencent)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utilty.exe (Lenovo(Beijing)Limited)

O4 - HKLM..\Run: [FastUser] C:\WINDOWS\system32\Fast.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)

O4 - HKLM..\Run: [NotebookHardwareControl] C:\Program Files\Notebook Hardware Control\nhc.exe (http://www.pbus-167.com)

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [WizMouse] C:\Program Files\WizMouse\WizMouse.exe (Antibody Software)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 01 00 00 00 [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF 03 [binary data]

O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: ????3?? - C:\Documents and Settings\Lenovo User\Application Data\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: ????3?????? - C:\Documents and Settings\Lenovo User\Application Data\FlashGetBHO\GetAllFlvUrl.htm ()

O8 - Extra context menu item: ????3?????? - C:\Documents and Settings\Lenovo User\Application Data\FlashGetBHO\GetAllUrl.htm ()

O8 - Extra context menu item: ????3?????? - C:\Documents and Settings\Lenovo User\Application Data\FlashGetBHO\GetFlvUrl.htm ()

O8 - Extra context menu item: ?????? - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm ()

O8 - Extra context menu item: ?????????? - C:\Program Files\Thunder Network\Thunder\Program\getAllurl.htm ()

O8 - Extra context menu item: ???????? - C:\Program Files\Thunder Network\Thunder\Program\OfflineDownload.htm ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Tencent\QQDoctor\TSFilter.dll (Tencent)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Tencent\QQDoctor\TSFilter.dll (Tencent)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Tencent\QQDoctor\TSFilter.dll (Tencent)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Tencent\QQDoctor\TSFilter.dll (Tencent)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1253767187031 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Lenovo User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lenovo User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/23 14:11:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/02 02:23:35 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lenovo User\Desktop\OTL.exe

[2010/09/30 17:11:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lenovo User\Recent

[2010/09/30 14:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenovo User\Desktop\bug

[2010/09/30 06:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenovo User\Application Data\Tencent

[2010/09/30 06:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Tencent

[2010/09/30 04:36:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\tasks\360Disabled

[2010/09/30 04:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\360

[2010/09/29 14:55:21 | 000,000,000 | ---D | C] -- C:\QMDownload

[2010/09/29 14:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Tencent

[2010/09/29 14:52:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%APPDATA%

[2010/09/29 14:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tencent

[2010/09/24 15:05:04 | 000,000,000 | ---D | C] -- C:\Program Files\115

[2010/09/20 19:46:40 | 000,069,632 | ---- | C] (Chris Amos) -- C:\WINDOWS\System32\CrcCtrl.ocx

[2010/09/20 19:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Duplicate Cleaner

[2010/09/20 03:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\ReNamer

[2010/09/18 22:59:42 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll

[2010/09/18 22:59:42 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll

[2010/09/18 22:59:42 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

[2010/09/18 22:59:38 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm

[2010/09/18 22:59:38 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll

[2010/09/18 22:59:38 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm

[2010/09/18 22:59:37 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll

[2010/09/18 22:59:36 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll

[2010/09/18 19:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenovo User\Application Data\vlc

[2010/09/18 19:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer

[2010/09/14 04:10:05 | 000,000,000 | ---D | C] -- D:\My Documents\The KMPlayer

[2010/09/14 03:45:54 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

[2010/09/14 01:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenovo User\Application Data\Thunder Network

[2010/09/13 21:22:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/09/13 21:22:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/09/13 21:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/09/12 23:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics

[2010/09/12 23:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster

[2010/09/12 23:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/09/02 03:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenovo User\Local Settings\Application Data\ApplicationHistory

[2010/09/02 03:30:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP

[2009/09/25 07:35:34 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys

[2009/09/25 07:35:34 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/02 02:24:00 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Lenovo User\Desktop\RKUnhookerLE.EXE

[2010/10/02 02:23:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lenovo User\Desktop\OTL.exe

[2010/10/02 02:21:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1715567821-839522115-1003UA.job

[2010/10/01 17:09:08 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Lenovo User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/01 13:46:15 | 000,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) -- C:\WINDOWS\System32\drivers\nhcDriver.sys

[2010/10/01 13:45:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/10/01 13:45:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/01 10:26:34 | 009,809,920 | ---- | M] () -- C:\Documents and Settings\Lenovo User\ntuser.dat

[2010/10/01 10:26:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lenovo User\ntuser.ini

[2010/10/01 08:47:25 | 000,003,052 | ---- | M] () -- C:\WINDOWS\System32\cid_store.dat

[2010/10/01 01:21:01 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1715567821-839522115-1003Core.job

[2010/09/30 17:12:02 | 000,000,054 | ---- | M] () -- C:\Documents and Settings\Lenovo User\defogger_reenable

[2010/09/30 08:11:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/09/30 06:44:31 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Lenovo User\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk

[2010/09/29 19:22:24 | 000,000,424 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat

[2010/09/29 04:44:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/09/24 15:06:03 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\Lenovo User\Application Data\Microsoft\Internet Explorer\Quick Launch\115??.lnk

[2010/09/24 09:37:06 | 001,576,322 | -H-- | M] () -- C:\Documents and Settings\Lenovo User\Local Settings\Application Data\IconCache.db

[2010/09/22 03:59:10 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/09/20 19:52:08 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\Lenovo User\Application Data\Microsoft\Internet Explorer\Quick Launch\Duplicate Cleaner.lnk

[2010/09/20 03:12:19 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\Lenovo User\Application Data\Microsoft\Internet Explorer\Quick Launch\ReNamer.lnk

[2010/09/18 19:13:25 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\Lenovo User\Application Data\Microsoft\Internet Explorer\Quick Launch\KMPlayer.lnk

[2010/09/18 01:24:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\multbp.cfg

[2010/09/16 09:57:04 | 000,003,774 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\114la.ico

[2010/09/14 08:02:13 | 000,001,229 | ---- | M] () -- C:\WINDOWS\PIPIPlayer.INI

[2010/09/14 01:33:16 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\Lenovo User\Application Data\Microsoft\Internet Explorer\Quick Launch\??????.lnk

[2010/09/14 00:06:40 | 000,000,682 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/09/13 21:22:34 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\Lenovo User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010/09/12 23:44:56 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Lenovo User\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics Disk Defrag.lnk

[2010/09/12 23:38:44 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Lenovo User\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareBlaster.lnk

[2010/09/07 23:25:06 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WordPad.INI

[2010/09/02 03:56:59 | 000,624,136 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/09/02 03:56:59 | 000,525,978 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/09/02 03:56:59 | 000,095,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/02 02:24:00 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Lenovo User\Desktop\RKUnhookerLE.EXE

[2010/09/30 17:11:58 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\Lenovo User\defogger_reenable

[2010/09/30 06:44:31 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Lenovo User\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk

[2010/09/24 15:06:03 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\Lenovo User\Application Data\Microsoft\Internet Explorer\Quick Launch\115??.lnk

[2010/09/20 19:52:08 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Lenovo User\Application Data\Microsoft\Internet Explorer\Quick Launch\Duplicate Cleaner.lnk

[2010/09/20 03:12:19 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\Lenovo User\Application Data\Microsoft\Internet Explorer\Quick Launch\ReNamer.lnk

[2010/09/18 22:59:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2010/09/18 22:59:39 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml

[2010/09/18 22:59:37 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2010/09/18 22:59:37 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/09/18 22:59:37 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/09/18 22:59:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2010/09/18 22:59:34 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010/09/18 19:13:25 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\Lenovo User\Application Data\Microsoft\Internet Explorer\Quick Launch\KMPlayer.lnk

[2010/09/16 09:57:04 | 000,003,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\114la.ico

[2010/09/14 01:33:16 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\Lenovo User\Application Data\Microsoft\Internet Explorer\Quick Launch\??????.lnk

[2010/08/28 03:20:26 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini

[2010/08/16 22:19:31 | 000,000,085 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2010/06/27 23:21:24 | 000,000,060 | ---- | C] () -- C:\WINDOWS\MediaList.ini

[2010/05/12 19:38:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2010/03/13 23:56:40 | 000,000,083 | ---- | C] () -- C:\WINDOWS\WINTOYS.INI

[2010/03/04 06:26:32 | 000,001,229 | ---- | C] () -- C:\WINDOWS\PIPIPlayer.INI

[2010/03/02 04:16:20 | 000,000,094 | ---- | C] () -- C:\WINDOWS\PCDNSetting.ini

[2010/03/02 04:12:28 | 000,001,994 | ---- | C] () -- C:\WINDOWS\psnetwork.ini

[2010/03/02 04:12:28 | 000,001,700 | ---- | C] () -- C:\WINDOWS\powerplayer.ini

[2010/03/02 04:12:28 | 000,000,106 | ---- | C] () -- C:\WINDOWS\powerlist.ini

[2010/02/11 13:55:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WordPad.INI

[2009/11/11 03:45:37 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/10/08 19:40:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AdvConfig.ini

[2009/09/26 06:04:13 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI

[2009/09/25 06:27:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/09/25 05:20:15 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv208325p1now.sys

[2009/09/25 02:55:04 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2009/09/25 02:47:46 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll

[2009/09/25 02:47:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll

[2009/09/24 14:08:17 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Lenovo User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/06/23 14:10:29 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Setuplog.ini

[2009/06/23 13:23:51 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4977.dll

[2008/01/18 14:16:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2005/02/17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005/02/17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2003/08/07 14:01:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/06/16 03:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy

[2010/05/12 19:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2010/08/16 22:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP

[2010/01/21 13:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grid

[2009/09/25 16:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium

[2009/09/23 09:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Storm

[2009/09/25 04:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith

[2010/09/30 04:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp

[2010/09/29 15:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tencent

[2010/03/02 11:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network

[2010/04/20 08:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TSLOG

[2010/05/12 19:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL

[2009/09/25 04:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2009/06/23 14:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\ACD Systems

[2010/08/31 20:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Actual Tools

[2010/06/12 02:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\AlderGames

[2009/09/25 03:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Auslogics

[2010/09/29 19:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\BITS

[2010/06/16 04:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Braid

[2010/02/14 00:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Broken Rules

[2009/12/20 05:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\CaraQ

[2010/06/16 05:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Crayon Physics Deluxe

[2010/05/15 17:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\EPSON

[2009/11/21 07:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\FlashGet

[2010/07/22 08:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\FlashGetBHO

[2010/01/23 05:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\FlashgetSetup

[2010/10/02 01:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\foobar2000

[2009/10/30 07:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\GrabPro

[2009/09/23 09:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Kingsoft

[2010/05/20 03:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\mkvtoolnix

[2010/08/16 20:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\MSNInstaller

[2010/04/10 20:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\NJStar

[2009/10/30 02:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Opera

[2010/08/17 02:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Orbit

[2010/10/01 06:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\PIPI

[2010/06/28 23:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\PPStream

[2009/09/27 08:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Switchball

[2009/11/29 07:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\SystemRequirementsLab

[2010/09/30 06:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Tencent

[2010/09/14 01:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Thunder Network

[2010/08/11 21:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Windows Desktop Search

[2010/08/11 22:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Windows Search

[2010/03/13 13:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\XLUI

[2010/09/29 21:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenovo User\Application Data\Xunlei

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009/06/23 14:11:31 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/01/23 05:37:31 | 000,000,000 | ---- | M] () -- C:\bholog

[2010/05/17 00:28:01 | 000,000,210 | -HS- | M] () -- C:\boot.ini

[2009/06/23 14:11:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2009/06/23 14:11:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/06/16 00:10:05 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt

[2009/06/23 14:11:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/04 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009/09/24 11:11:21 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/10/01 13:44:54 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2009/06/23 21:53:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2009/06/23 21:53:45 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2009/06/23 21:53:44 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

[2010/10/01 13:46:15 | 000,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) -- C:\WINDOWS\system32\drivers\nhcDriver.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 20:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:5C321E34

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:5D458568

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DE406C3E

< End of report >

FlashGet_3.6.0.1140.rar

Link to post
Share on other sites

OTL Extras logfile created on: 10/2/2010 2:36:38 AM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Lenovo User\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.50 Gb Total Space | 46.89 Gb Free Space | 62.93% Space Free | Partition Type: NTFS

Drive D: | 74.54 Gb Total Space | 3.41 Gb Free Space | 4.57% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: LENOVO-85800169

Current User Name: Lenovo User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- File not found

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found

"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found

"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:*:Enabled:CyberLink PowerDVD 9.0 -- File not found

"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- File not found

"C:\Program Files\Kingsoft\Powerword 2007\xdict.exe" = C:\Program Files\Kingsoft\Powerword 2007\xdict.exe:*:Enabled:Kingsoft PowerWord -- (Kingsoft Co, Ltd.)

"C:\Program Files\Kingsoft\Powerword 2007\update.exe" = C:\Program Files\Kingsoft\Powerword 2007\update.exe:*:Enabled:Kingsoft PowerWord Online Update -- (Kingsoft Co, Ltd.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)

"D:\My Documents\bee bee\software\green software\PPS????\PPStream.exe" = D:\My Documents\bee bee\software\green software\PPS????\PPStream.exe:*:Enabled:PPS???? -- File not found

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"$INSTDIR\FlvDetector.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector -- File not found

"C:\Program Files\GridService\peer.exe" = C:\Program Files\GridService\peer.exe:*:Enabled:muse peer -- (FS2YOU)

"C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.56\ThunderService.exe" = C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.56\ThunderService.exe:*:Enabled:ThunderService1.0.2.56 -- File not found

"C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.56\ThunderLiveUD.exe" = C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.56\ThunderLiveUD.exe:*:Enabled:ThunderLiveUD1.0.2.56 -- File not found

"C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.56\XLBugReport.exe" = C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.56\XLBugReport.exe:*:Enabled:XLBugReport1.0.2.56 -- File not found

"C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe" = C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe:*:Enabled:Thunder5.9.15.1274 -- (?????????????)

"C:\Program Files\Thunder Network\Thunder\Program\XMPBoot.exe" = C:\Program Files\Thunder Network\Thunder\Program\XMPBoot.exe:*:Enabled:XMP5.9.15.1274 -- (ShenZhen Xunlei Networking Technologies,LTD)

"C:\Program Files\Thunder Network\Thunder\Program\FileLink\XLFileLink.exe" = C:\Program Files\Thunder Network\Thunder\Program\FileLink\XLFileLink.exe:*:Enabled:FileLink5.9.15.1274 -- (Thunder Networking Technologies,LTD)

"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.69\ThunderService.exe" = C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.69\ThunderService.exe:*:Enabled:ThunderService1.0.2.69 -- (?????????????)

"C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.69\ThunderLiveUD.exe" = C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.69\ThunderLiveUD.exe:*:Enabled:ThunderLiveUD1.0.2.69 -- (Thunder Networking Technologies,LTD)

"C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.69\XLBugReport.exe" = C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.69\XLBugReport.exe:*:Enabled:XLBugReport1.0.2.69 -- ()

"C:\Program Files\pipi\jfCacheMgr.exe" = C:\Program Files\pipi\jfCacheMgr.exe:*:Enabled:PIPI CacheMgr -- (????)

"C:\Program Files\pipi\PIPIPlayer.exe" = C:\Program Files\pipi\PIPIPlayer.exe:*:Enabled:PIPIPlayer -- (????)

"C:\Program Files\pipi\KmLiveUpdate.exe" = C:\Program Files\pipi\KmLiveUpdate.exe:*:Enabled:PIPI LiveUpdate -- (????)

"C:\Program Files\pipi\HttpDownLoad.exe" = C:\Program Files\pipi\HttpDownLoad.exe:*:Enabled:HttpDownLoad -- ()

"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found

"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS???? -- (PPStream Inc.)

"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ????? -- (PPStream Inc)

"C:\Documents and Settings\Lenovo User\Application Data\PPStream\ppsdown.exe" = C:\Documents and Settings\Lenovo User\Application Data\PPStream\ppsdown.exe:*:Enabled:PPSdown -- File not found

"C:\Documents and Settings\Lenovo User\Desktop\ppstreamsetup.exe" = C:\Documents and Settings\Lenovo User\Desktop\ppstreamsetup.exe:*:Enabled:PPStream Installer -- File not found

"C:\Program Files\Tencent\QQDoctor\QQDoctor.exe" = C:\Program Files\Tencent\QQDoctor\QQDoctor.exe:*:Enabled:QQ?? -- (Tencent)

"C:\WINDOWS\system32\igfxsrvc.exe" = C:\WINDOWS\system32\igfxsrvc.exe:*:Disabled:igfxsrvc Module -- (Intel Corporation)

"C:\Program Files\Thunder Network\XLGame\XLGame.exe" = C:\Program Files\Thunder Network\XLGame\XLGame.exe:*:Enabled:?????? -- (Thunder Networking Technologies,LTD)

"C:\Program Files\Thunder Network\XLGame\Games\XLMiniGame.exe" = C:\Program Files\Thunder Network\XLGame\Games\XLMiniGame.exe:*:Enabled:???? -- (Thunder Networking Technologies,LTD)

"C:\Program Files\115\UDown\UDown.exe" = C:\Program Files\115\UDown\UDown.exe:*:Enabled:115?? -- (???????????????)

"C:\Program Files\Common Files\Tencent\QQDownload\103\Tencentdl.exe" = C:\Program Files\Common Files\Tencent\QQDownload\103\Tencentdl.exe:*:Enabled:

Link to post
Share on other sites

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xB97D1000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6045696 bytes (Intel Corporation, Intel Graphics Miniport Driver)

0xBF280000 C:\WINDOWS\System32\igxpdx32.DLL 3330048 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)

0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 2297856 bytes (Intel Corporation, Component GHAL Driver)

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2150400 bytes

0x804D7000 RAW 2150400 bytes

0x804D7000 WMIxWDM 2150400 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xB960C000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1265664 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)

0xA868B000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 987136 bytes (Conexant Systems, Inc., HSF_DP driver)

0xB94B9000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 856064 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)

0xA87D4000 C:\WINDOWS\system32\drivers\CHDAU32.sys 778240 bytes (Conexant Systems Inc., High Definition Audio Function Driver)

0xA85D8000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0xB9E35000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xA83F1000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB9403000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xA8524000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xA70C2000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xA6506000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xB95D5000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 225280 bytes (Synaptics, Inc., Synaptics Touchpad Driver)

0xA877C000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)

0xB9461000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xA77DB000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xB9E08000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)

0xA61B0000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xA8461000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xB9771000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xA84D4000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xA84AE000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xA87B0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xB9799000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB95B2000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xA848C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0xA83CF000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 139264 bytes (Avira GmbH, Avira Driver for Security Enhancement)

0x806E4000 ACPI_HAL 134400 bytes

0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xA83B1000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)

0xB9DEE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xA8371000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xB9759000 C:\WINDOWS\system32\DRIVERS\jmcr.sys 98304 bytes (JMicron Technology Corporation, JMicron JMB38X Flash Media Controller Driver)

0xB9741000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xB9EC2000 C:\WINDOWS\System32\Drivers\ksecdd.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB94A2000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xA7E65000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)

0xA77C6000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xB97BD000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xA857D000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)

0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xB9491000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xBA2B8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xBA148000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xBA208000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xBA158000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xA82CC000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xBA1E8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xBA128000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xBA178000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xA7CFD000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))

0xBA198000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xBA288000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xBA138000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xBA188000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xBA1D8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xA6647000 C:\WINDOWS\system32\drivers\nhcDriver.sys 40960 bytes (pBUS-167 Software - http://www.pbus-167.com, Notebook Hardware Control Device Driver)

0xBA1B8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xBA0F8000 FSPFltd.sys 36864 bytes (FSPro Labs, FSPro File System Filter)

0xBA268000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xBA168000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xBA1A8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xBA278000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xA7506000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xBA258000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xBA440000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)

0xBA348000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xBA3C8000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xBA380000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xBA420000 C:\WINDOWS\system32\DRIVERS\btport.sys 28672 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)

0xBA390000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xBA338000 pssnap.sys 28672 bytes (Macrium Software, Backup image protection)

0xBA3A8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xBA3B8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xBA3A0000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)

0xBA378000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xBA498000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xBA4A8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xBA3F8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xBA408000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xBA3E8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xBA418000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)

0xBA56C000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0xA7264000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)

0xB9DCA000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xA7CED000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)

0xBA558000 C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys 12288 bytes (Lenovo Corporation, ACPI Virtual Power Controller Driver)

0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0xA85B4000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xBA57C000 C:\WINDOWS\system32\DRIVERS\fsvga.sys 12288 bytes (Microsoft Corporation, Full Screen Video Driver)

0xA897E000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 12288 bytes (Microsoft Corporation, File System Recognizer Driver)

0xA88B6000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xA8892000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xBA584000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xA8976000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xBA574000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)

0xA895E000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)

0xBA5D0000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)

0xBA5C2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xBA5D6000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xBA5C6000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xBA5CA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xBA5B6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xBA5B0000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xBA77C000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xBA6D3000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xBA7F3000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)

0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

==============================================

>Files

==============================================

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x0002D840, Type: Inline - RelativeJump 0x80504840-->80504851 [ntkrnlpa.exe]

ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]

[2232]QQDrNetMon.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [safeGF.dll]

[2232]QQDrNetMon.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [safeGF.dll]

[2232]QQDrNetMon.exe-->user32.dll-->EnableScrollBar, Type: Inline - RelativeJump 0x7E468005-->00000000 [safeGF.dll]

[2232]QQDrNetMon.exe-->user32.dll-->EnableScrollBar, Type: Inline - SEH 0x7E46800A [unknown_code_page]

[2232]QQDrNetMon.exe-->user32.dll-->EnableScrollBar, Type: Inline - SEH 0x7E46800B [unknown_code_page]

[2232]QQDrNetMon.exe-->user32.dll-->GetScrollInfo, Type: Inline - RelativeJump 0x7E42DFE2-->00000000 [safeGF.dll]

[2232]QQDrNetMon.exe-->user32.dll-->GetScrollInfo, Type: Inline - SEH 0x7E42DFE7 [unknown_code_page]

[2232]QQDrNetMon.exe-->user32.dll-->GetScrollInfo, Type: Inline - SEH 0x7E42DFE8 [unknown_code_page]

[2232]QQDrNetMon.exe-->user32.dll-->GetScrollPos, Type: Inline - RelativeJump 0x7E42F704-->00000000 [safeGF.dll]

[2232]QQDrNetMon.exe-->user32.dll-->GetScrollRange, Type: Inline - RelativeJump 0x7E42F787-->00000000 [safeGF.dll]

[2232]QQDrNetMon.exe-->user32.dll-->SetScrollInfo, Type: Inline - RelativeJump 0x7E419056-->00000000 [safeGF.dll]

[2232]QQDrNetMon.exe-->user32.dll-->SetScrollInfo, Type: Inline - SEH 0x7E41905B [unknown_code_page]

[2232]QQDrNetMon.exe-->user32.dll-->SetScrollInfo, Type: Inline - SEH 0x7E41905C [unknown_code_page]

[2232]QQDrNetMon.exe-->user32.dll-->SetScrollPos, Type: Inline - RelativeJump 0x7E42F750-->00000000 [safeGF.dll]

[2232]QQDrNetMon.exe-->user32.dll-->SetScrollRange, Type: Inline - RelativeJump 0x7E42F99B-->00000000 [safeGF.dll]

[2232]QQDrNetMon.exe-->user32.dll-->ShowScrollBar, Type: Inline - RelativeJump 0x7E42F2F2-->00000000 [safeGF.dll]

[252]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]

[252]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]

[252]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[252]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]

[252]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]

[252]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]

[252]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]

[2596]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [mssrch.dll]

[2596]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]

[2596]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]

[884]mylbx.exe-->kernel32.dll-->RaiseException, Type: IAT modification 0x00620D8D-->00000000 [mylbx.exe]

Link to post
Share on other sites

The first file you uploaded was apparently malware at least this is what the VirusTotal webpage said.

http://www.virustotal.com/file-scan/report...d3d0-1283916251

Those files I have no problem scanning them have you tried to update Mbam and rescan the files?

If that still does not work then try to uninstall then reinstall mbam.

Let me know if that works.

Also could you remove the attached file in your previous post please.

Link to post
Share on other sites

" Those files I have no problem scanning them have you tried to update Mbam and rescan the files? "

Yes, i have update Mbam and rescan the files and results error.

" If that still does not work then try to uninstall then reinstall mbam. "

Just now i try that but scan results error too.

" The first file you uploaded was apparently malware at least this is what the VirusTotal webpage said. "

Could it be a false positive...? The tool create by a blog's person use to modify the software...

The attached file has been removed.

Link to post
Share on other sites

Yes, the problem is still occuring :welcome:

I notice that after uninstal mbam, in C:\Program Files\Malwarebytes' Anti-Malware still have 8 files remain there.

Languages Folder

vbalsgrid6.ocx

unins000

ssubtmr6.dll

zlib.dll

unins000

unins000.msg

&

mbamext.dll (can't delete)

Link to post
Share on other sites

Did you run the program I said to in my last post and the files are there after that?

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
    C:\Program Files\Malwarebytes' Anti-Malware


  • Then click the Run Fix button at the top
  • When it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

=======

Then reboot and see if it still there if it isn't then please reinstall mbam and rescan.

Link to post
Share on other sites

" Did you run the program I said to in my last post and the files are there after that? "

Yes, i have run the

" Then reboot and see if it still there if it isn't then please reinstall mbam and rescan. "

Reboot, it isn't there, reinstall mbam and rescan, the scan still receive error message.

========== FILES ==========

C:\Program Files\Malwarebytes' Anti-Malware\Languages folder moved successfully.

C:\Program Files\Malwarebytes' Anti-Malware folder moved successfully.

OTL by OldTimer - Version 3.2.14.1 log created on 10032010_232821

Link to post
Share on other sites

I have upload the files.

The smaller file(301 KB) maybe upload multiple times, sorry.

The Larger file is split in to 2 parts, the second file upload succesfully; after upload the first part, the webpage display

Your file was successfully submitted. Please let the user helping you know that you have submitted the file.

Query failed : MySQL server has gone away

We apologize for the temporary outage. The administrators are performing maintenance on the site and will be finished soon.

Please try again shortly.

You can try refreshing the page in a couple of minutes by clicking here.

I click the here link and webpage display "Improper usage".

Link to post
Share on other sites

OK the issue will not be fixed until the next update or version of mbam.

It is a known issue with the Heuristics Shuriken midule.

Again it will be fixed with a new version of mbam.

So for now please uncheck the Heuristics Shuriken feature and use mbam like that.

When the new version comes out it will be fixed.

Your logs are clean and if there are no other issues then I will have his thread closed.

Link to post
Share on other sites

OK the issue will not be fixed until the next update or version of mbam.

It is a known issue with the Heuristics Shuriken midule.

Again it will be fixed with a new version of mbam.

So for now please uncheck the Heuristics Shuriken feature and use mbam like that.

When the new version comes out it will be fixed.

Your logs are clean and if there are no other issues then I will have his thread closed.

Ya, i'm worry too much :(

Thanks for your help , kahdah.

Link to post
Share on other sites

No problem you are welcome :(

======Cleanup======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free 9.0

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.