Jump to content


Photo
- - - - -

Hijack.StartPage.Gen Returns After Reboot

Hijack.StartPage.Gen reboot

  • This topic is locked This topic is locked
28 replies to this topic

#1 copmill

copmill

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Male
  • Location:Chongqing, China
  • Interests:Software Development, Computers, Cars

Posted 16 April 2012 - 08:17 AM

Hi all,

I'm having trouble removing Hijack.StartPage.Gen. Malwarebytes Anti-Malware claims to have successfully removed it but after a reboot and a further scan it is still there.

I'm unable to post my DDS logs as requested in the sticky post at the top of this forum as DDS causes my computer to lock-up.

I have attached my Malwarebytes Anti-Malware and HijackThis logs:

Attached File  mbam-log-2012-04-16 (20-05-43).txt   2.11KB   7 downloads

Attached File  hijackthis.log   2.31KB   8 downloads

Any help will be greatly appreciated. If you need any further information please ask.

Regards

copmill

#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 16 April 2012 - 12:47 PM

Hello copmill and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.


Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 copmill

copmill

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Male
  • Location:Chongqing, China
  • Interests:Software Development, Computers, Cars

Posted 16 April 2012 - 11:38 PM

Hi Maniac,

I have disabled and reset TeaTimer as per your instructions.

I then proceeded to run ComboFix as per the linked instructions. However it has been running for about an hour and is still stuck at the following:

Scanning for infected files . . .
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double

The cursor underneath that message is still flashing.

I will let it run unless you tell me otherwise.

Regards

copmill

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 17 April 2012 - 06:02 AM

What is new there?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 copmill

copmill

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Male
  • Location:Chongqing, China
  • Interests:Software Development, Computers, Cars

Posted 17 April 2012 - 06:21 AM

Well it is still the same. The cursor is still flashing. I has been about 7 hours since I started ComboFix and still no progress.

#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 17 April 2012 - 07:06 AM

Okay, please reboot your PC and use Safe Mode with Networking:
http://www.microsoft...e.mspx?mfr=true

Try to re-run ComboFix there.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 copmill

copmill

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Male
  • Location:Chongqing, China
  • Interests:Software Development, Computers, Cars

Posted 17 April 2012 - 07:21 AM

OK. I have started ComboFix in Safe Mode with Networking. I need to go and walk the dog now, so I will check on its progress when I get back and let you know what happens.

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 17 April 2012 - 07:22 AM

Take your time! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 copmill

copmill

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Male
  • Location:Chongqing, China
  • Interests:Software Development, Computers, Cars

Posted 17 April 2012 - 09:31 AM

Well it's been 2 hours since I started ComboFix in Safe Mode and it's stuck at the same place again. :(

#10 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 17 April 2012 - 10:07 AM

Let's try this one in Normal mode:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#11 copmill

copmill

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Male
  • Location:Chongqing, China
  • Interests:Software Development, Computers, Cars

Posted 17 April 2012 - 10:24 AM

OK this one worked.

OTL.txt:

OTL logfile created on: 2012-4-17 23:19:26 - Run 1
OTL by OldTimer - Version 3.2.39.2	 Folder = C:\Documents and Settings\Administrator\桌面
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000804 | Country: 中华人民共和国 | Language: CHS | Date Format: yyyy-M-d

767.48 Mb Total Physical Memory | 466.19 Mb Available Physical Memory | 60.74% Memory free
1.83 Gb Paging File | 1.57 Gb Available in Paging File | 85.73% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10.00 Gb Total Space | 5.21 Gb Free Space | 52.08% Space Free | Partition Type: NTFS
Drive D: | 21.00 Gb Total Space | 20.64 Gb Free Space | 98.29% Space Free | Partition Type: NTFS
Drive E: | 21.00 Gb Total Space | 20.94 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
Drive F: | 22.53 Gb Total Space | 22.46 Gb Free Space | 99.72% Space Free | Partition Type: NTFS
Drive H: | 3.77 Gb Total Space | 3.63 Gb Free Space | 96.17% Space Free | Partition Type: FAT32

Computer Name: PC-201204152019 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-04-17 23:17:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\桌面\OTL.exe
PRC - [2012-03-01 07:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011-06-15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008-04-22 04:00:00 | 000,978,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2012-03-01 07:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011-06-26 14:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012-03-27 17:03:36 | 006,100,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011-04-05 17:35:20 | 000,332,248 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011-04-05 17:35:20 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2011-04-05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2011-02-08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011-02-08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2009-11-18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-06-30 17:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2009-03-25 14:29:00 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation						   ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008-04-22 04:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2008-04-13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-13 01:35:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2006-07-01 22:43:02 | 000,041,984 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001-08-17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ie135.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ie135.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ie135.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ie135.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1004336348-1960408961-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2626.com/?genghuan

IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.2626.com/?0319
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.2626.com/?0319
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.2626.com/?0319
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2626.com/?0319
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.0530\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()



O1 HOSTS File: ([2012-04-16 14:52:41 | 000,442,579 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	   localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15209 more lines...
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnEixt = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1736377-A023-4703-90AF-80AAC3BBBB9A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (当前主页) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2012-03-13 17:45:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-04-17 23:18:42 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\桌面\OTL.exe
[2012-04-17 20:17:49 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012-04-17 20:17:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012-04-17 11:23:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-04-17 11:20:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-04-17 11:20:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-04-17 11:20:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-04-17 11:20:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-04-17 11:20:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-04-17 11:20:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-04-17 11:19:53 | 004,465,601 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\桌面\ComboFix.exe
[2012-04-17 11:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012-04-16 20:56:55 | 000,607,260 | R--- | C] (Swearware) -- D:\dds.com
[2012-04-16 20:29:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\「开始」菜单\程序\管理工具
[2012-04-16 20:29:35 | 000,000,000 | R--D | C] -- D:\My Videos
[2012-04-16 20:29:18 | 000,607,260 | R--- | C] (Swearware) -- D:\dds.scr
[2012-04-16 19:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\「开始」菜单\程序\SysInternals
[2012-04-16 19:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\SysInternals
[2012-04-16 17:37:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2012-04-16 17:19:07 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbhips.sys
[2012-04-16 17:19:06 | 000,212,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2012-04-16 17:18:57 | 000,332,248 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2012-04-16 17:18:57 | 000,069,208 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2012-04-16 14:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\「开始」菜单\程序\Spybot - Search & Destroy
[2012-04-16 14:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012-04-16 14:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012-04-16 14:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\「开始」菜单\程序\HiJackThis
[2012-04-16 14:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012-04-16 13:19:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012-04-16 13:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\「开始」菜单\程序\Malwarebytes' Anti-Malware
[2012-04-16 13:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-04-16 13:19:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-04-16 13:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-04-16 13:18:17 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2012-04-16 13:18:09 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2012-04-16 13:18:02 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2012-04-16 13:18:01 | 002,815,592 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2012-04-16 13:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012-04-16 09:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012-04-16 09:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2012-04-16 09:07:47 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012-04-16 09:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2012-04-16 02:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2012-04-16 02:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2012-04-16 02:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2012-04-16 01:28:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012-04-16 01:25:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012-04-16 01:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2012-04-16 01:18:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2012-04-16 01:18:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2012-04-16 01:16:53 | 000,000,000 | R--D | C] -- D:\My Music
[2012-04-16 01:16:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012-04-16 00:45:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012-04-16 00:45:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012-04-16 00:44:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012-04-15 21:54:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012-04-15 21:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012-04-15 21:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012-04-15 21:19:44 | 000,000,000 | ---D | C] -- D:\Downloads
[2012-04-15 21:06:42 | 000,000,000 | ---D | C] -- D:\我的文档
[2012-04-15 21:03:43 | 000,000,000 | R--D | C] -- D:\My Pictures
[2012-04-15 20:47:37 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2012-04-15 20:44:13 | 000,000,000 | -HSD | C] -- D:\System Volume Information
[2012-04-15 20:31:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012-04-15 20:26:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012-04-15 20:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SogouPY.users
[2012-04-15 20:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SogouPY
[2012-04-15 20:25:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2012-04-15 20:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Maxthon3
[2012-04-15 20:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoralExplorer
[2012-04-15 20:23:06 | 000,019,072 | RH-- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2012-04-15 20:22:55 | 000,017,280 | RH-- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012-04-15 20:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012-04-15 20:22:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012-04-15 20:21:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012-04-15 20:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012-04-15 20:21:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2012-04-15 20:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012-04-15 20:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012-04-15 20:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012-04-15 20:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012-04-15 20:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012-04-15 20:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012-04-15 20:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012-04-15 20:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tencent
[2012-04-15 20:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012-04-15 20:20:18 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012-04-15 20:19:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-04-17 23:17:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-04-17 23:17:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\桌面\OTL.exe
[2012-04-17 11:23:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-04-17 11:18:38 | 004,465,601 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\桌面\ComboFix.exe
[2012-04-17 11:14:07 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012-04-17 11:13:47 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012-04-16 20:57:02 | 000,607,260 | R--- | M] (Swearware) -- D:\dds.com
[2012-04-16 20:29:34 | 000,607,260 | R--- | M] (Swearware) -- D:\dds.scr
[2012-04-16 16:50:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-04-16 14:52:41 | 000,442,579 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-04-16 01:59:02 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-04-16 01:59:02 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-04-16 01:58:56 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-04-16 01:58:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012-04-16 01:21:02 | 000,311,730 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-04-16 01:21:02 | 000,119,188 | ---- | M] () -- C:\WINDOWS\System32\prfh0804.dat
[2012-04-16 01:21:02 | 000,041,198 | ---- | M] () -- C:\WINDOWS\System32\prfc0804.dat
[2012-04-16 01:21:02 | 000,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-04-16 01:18:27 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4A3639C3-B631-4F48-9FAB-C6DB7154EAE1}.job
[2012-04-15 21:27:25 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012-04-15 21:24:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-04-15 20:32:02 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2012-04-15 20:28:45 | 000,108,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-04-15 20:25:07 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2012-04-15 20:25:07 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2012-04-15 20:23:36 | 000,001,047 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012-04-15 20:21:46 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2012-04-04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-04-17 11:23:11 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012-04-17 11:23:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012-04-17 11:20:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-04-17 11:20:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-04-17 11:20:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-04-17 11:20:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-04-17 11:20:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-04-16 13:18:05 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012-04-16 01:58:56 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-04-16 01:58:56 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-04-16 01:58:55 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-04-16 01:58:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012-04-16 01:58:13 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012-04-16 01:58:13 | 000,007,843 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012-04-16 01:18:27 | 000,000,392 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4A3639C3-B631-4F48-9FAB-C6DB7154EAE1}.job
[2012-04-16 01:16:55 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Administrator\「开始」菜单\程序\Internet Explorer.lnk
[2012-04-16 00:45:18 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012-04-16 00:04:56 | 000,019,495 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2012-04-15 21:53:16 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012-04-15 21:29:37 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012-04-15 21:27:25 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012-04-15 21:24:21 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\「开始」菜单\程序\Microsoft Security Essentials.lnk
[2012-04-15 20:25:07 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2012-04-15 20:25:07 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2012-04-15 20:23:13 | 000,239,616 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\wstrenderer.ax
[2012-04-15 20:23:13 | 000,164,352 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\wstpager.ax
[2012-04-15 20:23:10 | 000,040,448 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\wiasf.ax
[2012-04-15 20:23:10 | 000,013,312 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\win87em.dll
[2012-04-15 20:23:09 | 000,053,248 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\vbicodec.ax
[2012-04-15 20:23:09 | 000,001,106 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\vwipxspx.exe
[2012-04-15 20:23:08 | 000,015,360 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\tsd32.dll
[2012-04-15 20:23:07 | 000,003,144 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\sRGB Color Space Profile.icm
[2012-04-15 20:23:07 | 000,000,984 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012-04-15 20:23:04 | 001,685,606 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012-04-15 20:23:04 | 000,270,848 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2012-04-15 20:23:04 | 000,010,240 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\scriptpw.dll
[2012-04-15 20:23:04 | 000,000,888 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012-04-15 20:23:04 | 000,000,882 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\share.exe
[2012-04-15 20:23:03 | 000,003,338 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\redir.exe
[2012-04-15 20:23:02 | 000,733,696 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2012-04-15 20:23:02 | 000,605,050 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012-04-15 20:23:02 | 000,175,104 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\PINTLCSA.DLL
[2012-04-15 20:23:02 | 000,035,332 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prncnfg.vbs
[2012-04-15 20:23:02 | 000,032,095 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prnmngr.vbs
[2012-04-15 20:23:02 | 000,028,992 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prnport.vbs
[2012-04-15 20:23:02 | 000,025,086 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prndrvr.vbs
[2012-04-15 20:23:02 | 000,021,250 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prnjobs.vbs
[2012-04-15 20:23:02 | 000,015,633 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prnqctl.vbs
[2012-04-15 20:23:02 | 000,003,621 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs
[2012-04-15 20:23:02 | 000,001,950 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\pid.inf
[2012-04-15 20:23:01 | 000,165,389 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\pagefileconfig.vbs
[2012-04-15 20:23:01 | 000,157,696 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\paqsp.dll
[2012-04-15 20:23:01 | 000,003,216 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\nw16.exe
[2012-04-15 20:22:59 | 000,035,648 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio411.sys
[2012-04-15 20:22:59 | 000,035,424 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio412.sys
[2012-04-15 20:22:59 | 000,034,560 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio804.sys
[2012-04-15 20:22:59 | 000,034,560 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio404.sys
[2012-04-15 20:22:59 | 000,033,840 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio.sys
[2012-04-15 20:22:59 | 000,029,370 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys
[2012-04-15 20:22:59 | 000,029,274 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys
[2012-04-15 20:22:59 | 000,029,146 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys
[2012-04-15 20:22:59 | 000,029,146 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys
[2012-04-15 20:22:59 | 000,027,866 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos.sys
[2012-04-15 20:22:59 | 000,007,052 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe
[2012-04-15 20:22:56 | 000,355,112 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\msjetoledb40.dll
[2012-04-15 20:22:56 | 000,014,336 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2012-04-15 20:22:55 | 000,000,817 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe
[2012-04-15 20:22:54 | 000,673,088 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mlang.dat
[2012-04-15 20:22:54 | 000,148,992 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2012-04-15 20:22:54 | 000,118,272 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mpeg2data.ax
[2012-04-15 20:22:54 | 000,039,274 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mem.exe
[2012-04-15 20:22:53 | 000,643,717 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012-04-15 20:22:53 | 000,042,809 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\key01.sys
[2012-04-15 20:22:53 | 000,042,537 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\keyboard.sys
[2012-04-15 20:22:50 | 003,440,660 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\gm.dls
[2012-04-15 20:22:50 | 000,004,768 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\himem.sys
[2012-04-15 20:22:49 | 000,097,004 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\eventquery.vbs
[2012-04-15 20:22:49 | 000,008,424 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe
[2012-04-15 20:22:49 | 000,000,882 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\fastopen.exe
[2012-04-15 20:22:48 | 000,186,880 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2012-04-15 20:22:48 | 000,055,296 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\dvdplay.exe
[2012-04-15 20:22:48 | 000,012,786 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\edlin.exe
[2012-04-15 20:22:47 | 000,053,856 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\dosx.exe
[2012-04-15 20:22:46 | 000,020,634 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\debug.exe
[2012-04-15 20:22:45 | 000,017,165 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\country.sys
[2012-04-15 20:22:42 | 000,070,656 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2012-04-15 20:22:42 | 000,012,498 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\append.exe
[2012-04-15 20:22:42 | 000,009,143 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ansi.sys
[2012-04-15 20:22:41 | 000,002,233 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\12520850.cpx
[2012-04-15 20:22:41 | 000,002,151 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\12520437.cpx
[2012-04-15 20:22:40 | 000,004,310 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\odbcconf.rsp
[2012-04-15 20:22:39 | 000,383,804 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\tahoma.ttf
[2012-04-15 20:22:39 | 000,355,680 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\tahomabd.ttf
[2012-04-15 20:22:38 | 000,204,396 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2012-04-15 20:22:38 | 000,007,208 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\secupd.sig
[2012-04-15 20:22:38 | 000,004,569 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\secupd.dat
[2012-04-15 20:22:37 | 000,461,672 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\micross.ttf
[2012-04-15 20:22:37 | 000,252,416 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\compatUI.dll
[2012-04-15 20:22:37 | 000,159,956 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2012-04-15 20:22:37 | 000,152,844 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\framdit.ttf
[2012-04-15 20:22:37 | 000,135,984 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\framd.ttf
[2012-04-15 20:22:37 | 000,024,124 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\marlett.ttf
[2012-04-15 20:22:37 | 000,009,424 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\drvmain.sdb
[2012-04-15 20:22:36 | 000,785,972 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2012-04-15 20:21:46 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2012-04-15 20:20:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012-04-15 20:20:03 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2012-03-18 00:20:46 | 000,063,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\mv614x.sys
[2012-03-18 00:20:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2012-03-14 12:23:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cid_store.dat
[2012-03-14 12:23:21 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\pub_store.dat
[2012-03-14 11:28:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-03-14 10:24:59 | 000,000,373 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012-03-13 17:47:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-03-13 17:43:23 | 000,021,464 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012-03-13 17:40:31 | 000,004,117 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-03-13 17:39:07 | 000,108,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-03-02 00:13:18 | 000,338,280 | ---- | C] () -- C:\WINDOWS\System32\kindling.dll
[2011-01-28 13:47:16 | 000,000,486 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[color=#E56717]========== LOP Check ==========[/color]

[2012-03-14 12:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360safe
[2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360se
[2012-03-14 12:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360WD
[2012-03-14 12:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoralExplorer
[2012-04-15 20:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KuGou7
[2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Maxthon3
[2012-03-14 12:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PPLive
[2012-04-15 20:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SogouPY
[2012-04-15 20:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SogouPY.users
[2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tencent
[2012-03-14 12:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2012-03-14 12:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2012-03-14 12:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Storm
[2012-03-14 12:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2012-04-15 20:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360safe
[2012-04-15 20:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360se
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360WD
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ACD Systems
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\CoralExplorer
[2012-04-15 20:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\KuGou7
[2012-04-15 20:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Maxthon3
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\PPLive
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SogouExplorer
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Tencent
[2012-04-16 17:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2012-04-15 20:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360safe
[2012-04-15 20:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360se
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360WD
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\ACD Systems
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\CoralExplorer
[2012-04-15 20:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\KuGou7
[2012-04-15 20:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\Maxthon3
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\PPLive
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\Tencent
[2012-04-17 11:14:07 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012-04-17 11:13:47 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2012-04-16 01:18:27 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4A3639C3-B631-4F48-9FAB-C6DB7154EAE1}.job

[color=#E56717]========== Purity Check ==========[/color]


< End of report >

Extras.txt:

OTL Extras logfile created on: 2012-4-17 23:19:26 - Run 1
OTL by OldTimer - Version 3.2.39.2	 Folder = C:\Documents and Settings\Administrator\桌面
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000804 | Country: 中华人民共和国 | Language: CHS | Date Format: yyyy-M-d

767.48 Mb Total Physical Memory | 466.19 Mb Available Physical Memory | 60.74% Memory free
1.83 Gb Paging File | 1.57 Gb Available in Paging File | 85.73% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10.00 Gb Total Space | 5.21 Gb Free Space | 52.08% Space Free | Partition Type: NTFS
Drive D: | 21.00 Gb Total Space | 20.64 Gb Free Space | 98.29% Space Free | Partition Type: NTFS
Drive E: | 21.00 Gb Total Space | 20.94 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
Drive F: | 22.53 Gb Total Space | 22.46 Gb Free Space | 99.72% Space Free | Partition Type: NTFS
Drive H: | 3.77 Gb Total Space | 3.63 Gb Free Space | 96.17% Space Free | Partition Type: FAT32

Computer Name: PC-201204152019 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Thunder\Program\Thunder5.exe" = C:\Program Files\Thunder\Program\Thunder5.exe:*:Enabled:Thunder
"C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\QQPCDetector~0\QQPCDetector.exe" = C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\QQPCDetector~0\QQPCDetector.exe:*:Enabled:QQPCDetector
"C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\SetupEx~0\QQSetupEx.exe" = C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\SetupEx~0\QQSetupEx.exe:*:Enabled:QQ2012
"C:\Program Files\Common Files\Tencent\QQDownload\107\Tencentdl.exe" = C:\Program Files\Common Files\Tencent\QQDownload\107\Tencentdl.exe:*:Enabled:腾讯产品下载组件 -- (Tencent)
"D:\Program Files\Tencent\QQ\Bin\QQ.exe" = D:\Program Files\Tencent\QQ\Bin\QQ.exe:*:Enabled:腾讯QQ2012
"D:\Program Files\Tencent\QQ\Bin\auclt.exe" = D:\Program Files\Tencent\QQ\Bin\auclt.exe:*:Enabled:QQUpdate
"D:\Program Files\Tencent\QQ\Bin\txupd.exe" = D:\Program Files\Tencent\QQ\Bin\txupd.exe:*:Enabled:QQUpdate2011
"D:\Program Files\Tencent\QQ\Bin\SetupEx\QQSetupEx.exe" = D:\Program Files\Tencent\QQ\Bin\SetupEx\QQSetupEx.exe:*:Enabled:SetupEX
"C:\Program Files\PPLive\PPTV\PPLive.exe" = C:\Program Files\PPLive\PPTV\PPLive.exe:*:Enabled:PPLive
"C:\Program Files\PPLive\PPTV\3.1.3.0037\PPLiveU.exe" = C:\Program Files\PPLive\PPTV\3.1.3.0037\PPLiveU.exe:*:Enabled:PPLiveU
"C:\Program Files\PPLive\PPTV\3.1.3.0037\RepairSetup.exe" = C:\Program Files\PPLive\PPTV\3.1.3.0037\RepairSetup.exe:*:Enabled:RepairSetup.exe
"C:\Program Files\PPLive\PPTV\3.1.3.0037\crashreporter.exe" = C:\Program Files\PPLive\PPTV\3.1.3.0037\crashreporter.exe:*:Enabled:CrashReporter.exe
"C:\WINDOWS\system32\PPTVLauncher.exe" = C:\WINDOWS\system32\PPTVLauncher.exe:*:Enabled:PPTVLauncher -- (PPLive Corporation)
"C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" = C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe:*:Enabled:PPLive
"C:\Program Files\SogouInput\6.0.0.5909\PinyinUp.exe" = C:\Program Files\SogouInput\6.0.0.5909\PinyinUp.exe:*:Enabled:Sogou Pinyin Service
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{350C97B5-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client ZH-CN Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{90110804-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DF21474-61E3-428B-8D7B-833EA2D0FAAB}" = Microsoft Antimalware Service ZH-CN Language Pack
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA 控制面板 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA 图形驱动程序 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA NView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA 更新 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-4-15 8:31:33 | Computer Name = PC-201204152019 | Source = MsiInstaller | ID = 11324
Description = 产品: QQ2012 -- 错误 1324。文件夹路径 Program Files 中含有无效的字符。

Error - 2012-4-15 8:31:39 | Computer Name = PC-201204152019 | Source = MsiInstaller | ID = 11324
Description = 产品: QQ2012 -- 错误 1324。文件夹路径 Program Files 中含有无效的字符。

Error - 2012-4-15 8:33:33 | Computer Name = PC-201204152019 | Source = MsiInstaller | ID = 11324
Description = 产品: QQ2012 -- 错误 1324。文件夹路径 Program Files 中含有无效的字符。

Error - 2012-4-15 8:48:24 | Computer Name = PC-201204152019 | Source = LoadPerf | ID = 3001
Description = 注册表中性能计数器名称字符串数值的格式不正确。  不正确的字符串是 2278,不正确的索引值是数据节中的第一个 DWORD 值,  最后的有效索引值是数据节中的第二个和第三个
DWORD 值。

Error - 2012-4-15 9:24:25 | Computer Name = PC-201204152019 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 2012-4-15 10:07:54 | Computer Name = PC-201204152019 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4
3, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 2012-4-15 10:54:47 | Computer Name = PC-201204152019 | Source = ESENT | ID = 485
Description = wuauclt (3188) 由于系统错误 32 (0x00000020): "另一个程序正在使用此文件,进程无法访问。 ",删除文件
"C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" 的尝试失败。删除文件操作将失败,并出现错误
-1032 (0xfffffbf8)。

Error - 2012-4-15 13:21:02 | Computer Name = PC-201204152019 | Source = LoadPerf | ID = 3001
Description = 注册表中性能计数器名称字符串数值的格式不正确。  不正确的字符串是 2278,不正确的索引值是数据节中的第一个 DWORD 值,  最后的有效索引值是数据节中的第二个和第三个
DWORD 值。

Error - 2012-4-16 23:19:09 | Computer Name = PC-201204152019 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 2012-4-16 23:05:21 | Computer Name = PC-201204152019 | Source = Service Control Manager | ID = 7026
Description = 下列引导或系统启动驱动程序无法加载:   SBRE

Error - 2012-4-16 23:09:09 | Computer Name = PC-201204152019 | Source = Service Control Manager | ID = 7023
Description = HID Input Service 服务因下列错误而停止:   %%126

Error - 2012-4-16 23:09:09 | Computer Name = PC-201204152019 | Source = Service Control Manager | ID = 7026
Description = 下列引导或系统启动驱动程序无法加载:   SBRE

Error - 2012-4-16 23:19:09 | Computer Name = PC-201204152019 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 在尝试更新签名时遇到错误。	 新签名版本:	   旧签名版本:  1.123.1813.0	 更新源:  %%859	 更新阶段:  %%852
源路径:
  http://www.microsoft.com	 签名类型:  %%800	 更新类型:  %%803	 用户:  NT AUTHORITY\SYSTEM	 当前引擎版本:
	   旧引擎版本:  1.1.8202.0	 错误代码:  0x8024402c	 错误描述:  在检查更新时出现意外问题。有关更新的安装和疑难解答的信息,请参阅“帮助和支持”。


Error - 2012-4-17 8:17:27 | Computer Name = PC-201204152019 | Source = DCOM | ID = 10005
Description = DCOM 遇到错误“%1084”,试图以参数“”启动服务 EventSystem 以运行服务器:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-4-17 8:18:46 | Computer Name = PC-201204152019 | Source = Service Control Manager | ID = 7023
Description = Help and Support 服务因下列错误而停止:   %%126

Error - 2012-4-17 8:18:46 | Computer Name = PC-201204152019 | Source = Service Control Manager | ID = 7026
Description = 下列引导或系统启动驱动程序无法加载:   AmdK8  Fips  MpFilter  SBRE

Error - 2012-4-17 11:18:10 | Computer Name = PC-201204152019 | Source = Service Control Manager | ID = 7023
Description = HID Input Service 服务因下列错误而停止:   %%126

Error - 2012-4-17 11:18:10 | Computer Name = PC-201204152019 | Source = Service Control Manager | ID = 7023
Description = Help and Support 服务因下列错误而停止:   %%126

Error - 2012-4-17 11:18:10 | Computer Name = PC-201204152019 | Source = Service Control Manager | ID = 7026
Description = 下列引导或系统启动驱动程序无法加载:   SBRE


< End of report >


#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 17 April 2012 - 10:38 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2626.com/?genghuan
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.2626.com/?0319
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.2626.com/?0319
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.2626.com/?0319
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2626.com/?0319
    [2012-04-16 17:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
    
    :Commands
    [emptytemp]
    [clearallrestorepoints]
    [resethosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 copmill

copmill

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Male
  • Location:Chongqing, China
  • Interests:Software Development, Computers, Cars

Posted 17 April 2012 - 10:56 AM

OK, done.

Here is the log:

All processes killed
========== OTL ==========
HKU\S-1-5-21-1004336348-1960408961-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Unable to set value : HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E!
Unable to set value : HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E!
Unable to set value : HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E!
Unable to set value : HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E!
C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus\Logs\20120416T093733.015625PID860 folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus\Logs folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 21947236 bytes
->Temporary Internet Files folder emptied: 48723228 bytes
->Java cache emptied: 391104 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 40672 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2376512 bytes
%systemroot%\System32 .tmp files removed: 860 bytes
%systemroot%\System32\dllcache .tmp files removed: 11239280 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 170396 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 81.00 mb

Restore points cleared and new OTL Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.39.2 log created on 04172012_235222
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...


#14 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 17 April 2012 - 11:04 AM

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#15 copmill

copmill

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Male
  • Location:Chongqing, China
  • Interests:Software Development, Computers, Cars

Posted 17 April 2012 - 11:30 AM

OK, so scan completed successfully, one item was detected and removed. Malwarebytes' Anti-Malware requested that I reboot so I did. Here is the log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.17.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PC-201204152019 [administrator]
2012-4-18 0:16:21
mbam-log-2012-04-18 (00-16-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188957
Time elapsed: 2 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage.Gen) -> Bad: (http://www.2626.com/?0319) Good: (http://www.google.com) -> Delete on reboot.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


#16 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 17 April 2012 - 11:41 AM

Please re-run OTL and post a new fresh log.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#17 copmill

copmill

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Male
  • Location:Chongqing, China
  • Interests:Software Development, Computers, Cars

Posted 17 April 2012 - 11:58 AM

OK, I re-ran an OTL Quick Scan with Scan All Users selected.

Here is OTL.txt:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.17.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PC-201204152019 [administrator]
2012-4-18 0:16:21
mbam-log-2012-04-18 (00-16-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188957
Time elapsed: 2 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage.Gen) -> Bad: (http://www.2626.com/?0319) Good: (http://www.google.com) -> Delete on reboot.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


#18 copmill

copmill

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Male
  • Location:Chongqing, China
  • Interests:Software Development, Computers, Cars

Posted 17 April 2012 - 11:59 AM

Oops, looks like I posted the wrong log!!

Here is the real OTL.txt

OTL logfile created on: 2012-4-18 0:52:26 - Run 2
OTL by OldTimer - Version 3.2.39.2	 Folder = C:\Documents and Settings\Administrator\桌面
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000804 | Country: 中华人民共和国 | Language: CHS | Date Format: yyyy-M-d

767.48 Mb Total Physical Memory | 478.02 Mb Available Physical Memory | 62.28% Memory free
1.83 Gb Paging File | 1.59 Gb Available in Paging File | 86.65% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10.00 Gb Total Space | 5.27 Gb Free Space | 52.67% Space Free | Partition Type: NTFS
Drive D: | 21.00 Gb Total Space | 20.64 Gb Free Space | 98.29% Space Free | Partition Type: NTFS
Drive E: | 21.00 Gb Total Space | 20.94 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
Drive F: | 22.53 Gb Total Space | 22.46 Gb Free Space | 99.72% Space Free | Partition Type: NTFS

Computer Name: PC-201204152019 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-04-17 23:17:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\桌面\OTL.exe
PRC - [2012-03-01 07:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011-06-15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008-04-22 04:00:00 | 000,978,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2012-03-01 07:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011-06-26 14:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012-03-27 17:03:36 | 006,100,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011-04-05 17:35:20 | 000,332,248 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011-04-05 17:35:20 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2011-04-05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2011-02-08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011-02-08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2009-11-18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-06-30 17:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2009-03-25 14:29:00 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation						   ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008-04-22 04:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2008-04-13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-13 01:35:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2006-07-01 22:43:02 | 000,041,984 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001-08-17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ie135.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ie135.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ie135.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ie135.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1004336348-1960408961-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.2626.com/?0319
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.2626.com/?0319
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.2626.com/?0319
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2626.com/?0319
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.0530\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()



O1 HOSTS File: ([2012-04-17 23:52:44 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1	   localhost
O1 - Hosts: ::1	   localhost
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnEixt = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (当前主页) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2012-03-13 17:45:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-04-17 23:52:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-04-17 23:18:42 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\桌面\OTL.exe
[2012-04-17 20:17:49 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012-04-17 20:17:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012-04-17 11:23:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-04-17 11:20:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-04-17 11:20:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-04-17 11:20:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-04-17 11:20:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-04-17 11:20:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-04-17 11:20:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-04-17 11:19:53 | 004,465,601 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\桌面\ComboFix.exe
[2012-04-17 11:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012-04-16 20:56:55 | 000,607,260 | R--- | C] (Swearware) -- D:\dds.com
[2012-04-16 20:29:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\「开始」菜单\程序\管理工具
[2012-04-16 20:29:35 | 000,000,000 | R--D | C] -- D:\My Videos
[2012-04-16 20:29:18 | 000,607,260 | R--- | C] (Swearware) -- D:\dds.scr
[2012-04-16 19:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\「开始」菜单\程序\SysInternals
[2012-04-16 19:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\SysInternals
[2012-04-16 17:19:07 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbhips.sys
[2012-04-16 17:19:06 | 000,212,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2012-04-16 17:18:57 | 000,332,248 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2012-04-16 17:18:57 | 000,069,208 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2012-04-16 14:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\「开始」菜单\程序\Spybot - Search & Destroy
[2012-04-16 14:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012-04-16 14:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012-04-16 14:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\「开始」菜单\程序\HiJackThis
[2012-04-16 14:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012-04-16 13:19:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012-04-16 13:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\「开始」菜单\程序\Malwarebytes' Anti-Malware
[2012-04-16 13:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-04-16 13:19:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-04-16 13:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-04-16 13:18:17 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2012-04-16 13:18:09 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2012-04-16 13:18:02 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2012-04-16 13:18:01 | 002,815,592 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2012-04-16 13:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012-04-16 09:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012-04-16 09:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2012-04-16 09:07:47 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012-04-16 09:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2012-04-16 02:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2012-04-16 02:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2012-04-16 02:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2012-04-16 01:28:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012-04-16 01:25:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012-04-16 01:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2012-04-16 01:18:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2012-04-16 01:18:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2012-04-16 01:16:53 | 000,000,000 | R--D | C] -- D:\My Music
[2012-04-16 01:16:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012-04-16 00:45:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012-04-16 00:45:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012-04-16 00:44:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012-04-15 21:54:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012-04-15 21:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012-04-15 21:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012-04-15 21:19:44 | 000,000,000 | ---D | C] -- D:\Downloads
[2012-04-15 21:06:42 | 000,000,000 | ---D | C] -- D:\我的文档
[2012-04-15 21:03:43 | 000,000,000 | R--D | C] -- D:\My Pictures
[2012-04-15 20:47:37 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2012-04-15 20:44:13 | 000,000,000 | -HSD | C] -- D:\System Volume Information
[2012-04-15 20:31:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012-04-15 20:26:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012-04-15 20:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SogouPY.users
[2012-04-15 20:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SogouPY
[2012-04-15 20:25:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2012-04-15 20:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Maxthon3
[2012-04-15 20:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoralExplorer
[2012-04-15 20:23:06 | 000,019,072 | RH-- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2012-04-15 20:22:55 | 000,017,280 | RH-- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012-04-15 20:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012-04-15 20:22:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012-04-15 20:21:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012-04-15 20:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012-04-15 20:21:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2012-04-15 20:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012-04-15 20:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012-04-15 20:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012-04-15 20:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012-04-15 20:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012-04-15 20:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012-04-15 20:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012-04-15 20:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tencent
[2012-04-15 20:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012-04-15 20:20:18 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012-04-15 20:19:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-04-18 00:30:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012-04-18 00:30:33 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012-04-18 00:25:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-04-17 23:52:44 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012-04-17 23:17:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\桌面\OTL.exe
[2012-04-17 11:23:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-04-17 11:18:38 | 004,465,601 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\桌面\ComboFix.exe
[2012-04-16 20:57:02 | 000,607,260 | R--- | M] (Swearware) -- D:\dds.com
[2012-04-16 20:29:34 | 000,607,260 | R--- | M] (Swearware) -- D:\dds.scr
[2012-04-16 16:50:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-04-16 01:59:02 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-04-16 01:59:02 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-04-16 01:58:56 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-04-16 01:58:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012-04-16 01:21:02 | 000,311,730 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-04-16 01:21:02 | 000,119,188 | ---- | M] () -- C:\WINDOWS\System32\prfh0804.dat
[2012-04-16 01:21:02 | 000,041,198 | ---- | M] () -- C:\WINDOWS\System32\prfc0804.dat
[2012-04-16 01:21:02 | 000,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-04-16 01:18:27 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4A3639C3-B631-4F48-9FAB-C6DB7154EAE1}.job
[2012-04-15 21:27:25 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012-04-15 21:24:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-04-15 20:32:02 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2012-04-15 20:28:45 | 000,108,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-04-15 20:25:07 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2012-04-15 20:25:07 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2012-04-15 20:23:36 | 000,001,047 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012-04-15 20:21:46 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2012-04-04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-04-17 11:23:11 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012-04-17 11:23:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012-04-17 11:20:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-04-17 11:20:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-04-17 11:20:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-04-17 11:20:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-04-17 11:20:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-04-16 13:18:05 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012-04-16 01:58:56 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-04-16 01:58:56 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-04-16 01:58:55 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-04-16 01:58:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012-04-16 01:58:13 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012-04-16 01:58:13 | 000,007,843 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012-04-16 01:18:27 | 000,000,392 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4A3639C3-B631-4F48-9FAB-C6DB7154EAE1}.job
[2012-04-16 01:16:55 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Administrator\「开始」菜单\程序\Internet Explorer.lnk
[2012-04-16 00:45:18 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012-04-16 00:04:56 | 000,019,495 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2012-04-15 21:53:16 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012-04-15 21:29:37 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012-04-15 21:27:25 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012-04-15 21:24:21 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\「开始」菜单\程序\Microsoft Security Essentials.lnk
[2012-04-15 20:25:07 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2012-04-15 20:25:07 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2012-04-15 20:23:13 | 000,239,616 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\wstrenderer.ax
[2012-04-15 20:23:13 | 000,164,352 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\wstpager.ax
[2012-04-15 20:23:10 | 000,040,448 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\wiasf.ax
[2012-04-15 20:23:10 | 000,013,312 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\win87em.dll
[2012-04-15 20:23:09 | 000,053,248 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\vbicodec.ax
[2012-04-15 20:23:09 | 000,001,106 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\vwipxspx.exe
[2012-04-15 20:23:08 | 000,015,360 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\tsd32.dll
[2012-04-15 20:23:07 | 000,003,144 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\sRGB Color Space Profile.icm
[2012-04-15 20:23:07 | 000,000,984 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012-04-15 20:23:04 | 001,685,606 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012-04-15 20:23:04 | 000,270,848 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2012-04-15 20:23:04 | 000,010,240 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\scriptpw.dll
[2012-04-15 20:23:04 | 000,000,888 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012-04-15 20:23:04 | 000,000,882 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\share.exe
[2012-04-15 20:23:03 | 000,003,338 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\redir.exe
[2012-04-15 20:23:02 | 000,733,696 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2012-04-15 20:23:02 | 000,605,050 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012-04-15 20:23:02 | 000,175,104 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\PINTLCSA.DLL
[2012-04-15 20:23:02 | 000,035,332 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prncnfg.vbs
[2012-04-15 20:23:02 | 000,032,095 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prnmngr.vbs
[2012-04-15 20:23:02 | 000,028,992 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prnport.vbs
[2012-04-15 20:23:02 | 000,025,086 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prndrvr.vbs
[2012-04-15 20:23:02 | 000,021,250 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prnjobs.vbs
[2012-04-15 20:23:02 | 000,015,633 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prnqctl.vbs
[2012-04-15 20:23:02 | 000,003,621 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs
[2012-04-15 20:23:02 | 000,001,950 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\pid.inf
[2012-04-15 20:23:01 | 000,165,389 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\pagefileconfig.vbs
[2012-04-15 20:23:01 | 000,157,696 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\paqsp.dll
[2012-04-15 20:23:01 | 000,003,216 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\nw16.exe
[2012-04-15 20:22:59 | 000,035,648 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio411.sys
[2012-04-15 20:22:59 | 000,035,424 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio412.sys
[2012-04-15 20:22:59 | 000,034,560 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio804.sys
[2012-04-15 20:22:59 | 000,034,560 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio404.sys
[2012-04-15 20:22:59 | 000,033,840 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio.sys
[2012-04-15 20:22:59 | 000,029,370 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys
[2012-04-15 20:22:59 | 000,029,274 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys
[2012-04-15 20:22:59 | 000,029,146 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys
[2012-04-15 20:22:59 | 000,029,146 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys
[2012-04-15 20:22:59 | 000,027,866 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos.sys
[2012-04-15 20:22:59 | 000,007,052 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe
[2012-04-15 20:22:56 | 000,355,112 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\msjetoledb40.dll
[2012-04-15 20:22:56 | 000,014,336 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2012-04-15 20:22:55 | 000,000,817 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe
[2012-04-15 20:22:54 | 000,673,088 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mlang.dat
[2012-04-15 20:22:54 | 000,148,992 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2012-04-15 20:22:54 | 000,118,272 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mpeg2data.ax
[2012-04-15 20:22:54 | 000,039,274 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mem.exe
[2012-04-15 20:22:53 | 000,643,717 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012-04-15 20:22:53 | 000,042,809 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\key01.sys
[2012-04-15 20:22:53 | 000,042,537 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\keyboard.sys
[2012-04-15 20:22:50 | 003,440,660 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\gm.dls
[2012-04-15 20:22:50 | 000,004,768 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\himem.sys
[2012-04-15 20:22:49 | 000,097,004 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\eventquery.vbs
[2012-04-15 20:22:49 | 000,008,424 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe
[2012-04-15 20:22:49 | 000,000,882 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\fastopen.exe
[2012-04-15 20:22:48 | 000,186,880 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2012-04-15 20:22:48 | 000,055,296 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\dvdplay.exe
[2012-04-15 20:22:48 | 000,012,786 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\edlin.exe
[2012-04-15 20:22:47 | 000,053,856 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\dosx.exe
[2012-04-15 20:22:46 | 000,020,634 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\debug.exe
[2012-04-15 20:22:45 | 000,017,165 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\country.sys
[2012-04-15 20:22:42 | 000,070,656 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2012-04-15 20:22:42 | 000,012,498 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\append.exe
[2012-04-15 20:22:42 | 000,009,143 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ansi.sys
[2012-04-15 20:22:41 | 000,002,233 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\12520850.cpx
[2012-04-15 20:22:41 | 000,002,151 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\12520437.cpx
[2012-04-15 20:22:40 | 000,004,310 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\odbcconf.rsp
[2012-04-15 20:22:39 | 000,383,804 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\tahoma.ttf
[2012-04-15 20:22:39 | 000,355,680 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\tahomabd.ttf
[2012-04-15 20:22:38 | 000,204,396 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2012-04-15 20:22:38 | 000,007,208 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\secupd.sig
[2012-04-15 20:22:38 | 000,004,569 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\secupd.dat
[2012-04-15 20:22:37 | 000,461,672 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\micross.ttf
[2012-04-15 20:22:37 | 000,252,416 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\compatUI.dll
[2012-04-15 20:22:37 | 000,159,956 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2012-04-15 20:22:37 | 000,152,844 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\framdit.ttf
[2012-04-15 20:22:37 | 000,135,984 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\framd.ttf
[2012-04-15 20:22:37 | 000,024,124 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\marlett.ttf
[2012-04-15 20:22:37 | 000,009,424 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\drvmain.sdb
[2012-04-15 20:22:36 | 000,785,972 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2012-04-15 20:21:46 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2012-04-15 20:20:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012-04-15 20:20:03 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2012-03-18 00:20:46 | 000,063,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\mv614x.sys
[2012-03-18 00:20:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2012-03-14 12:23:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cid_store.dat
[2012-03-14 12:23:21 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\pub_store.dat
[2012-03-14 11:28:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-03-14 10:24:59 | 000,000,373 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012-03-13 17:47:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-03-13 17:43:23 | 000,021,464 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012-03-13 17:40:31 | 000,004,117 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-03-13 17:39:07 | 000,108,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-03-02 00:13:18 | 000,338,280 | ---- | C] () -- C:\WINDOWS\System32\kindling.dll
[2011-01-28 13:47:16 | 000,000,486 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[color=#E56717]========== LOP Check ==========[/color]

[2012-03-14 12:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360safe
[2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360se
[2012-03-14 12:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360WD
[2012-03-14 12:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoralExplorer
[2012-04-15 20:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KuGou7
[2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Maxthon3
[2012-03-14 12:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PPLive
[2012-04-15 20:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SogouPY
[2012-04-15 20:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SogouPY.users
[2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tencent
[2012-03-14 12:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2012-03-14 12:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2012-03-14 12:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Storm
[2012-03-14 12:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2012-04-15 20:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360safe
[2012-04-15 20:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360se
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360WD
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ACD Systems
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\CoralExplorer
[2012-04-15 20:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\KuGou7
[2012-04-15 20:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Maxthon3
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\PPLive
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SogouExplorer
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Tencent
[2012-04-15 20:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360safe
[2012-04-15 20:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360se
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360WD
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\ACD Systems
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\CoralExplorer
[2012-04-15 20:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\KuGou7
[2012-04-15 20:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\Maxthon3
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\PPLive
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\Tencent
[2012-04-18 00:30:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012-04-18 00:30:33 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2012-04-16 01:18:27 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4A3639C3-B631-4F48-9FAB-C6DB7154EAE1}.job

[color=#E56717]========== Purity Check ==========[/color]


< End of report >


#19 copmill

copmill

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Male
  • Location:Chongqing, China
  • Interests:Software Development, Computers, Cars

Posted 17 April 2012 - 01:36 PM

Well it's 2:30am here, so time for bed.

I'll catch up with you tomorrow Maniac.

Thanks for your help today.

#20 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 17 April 2012 - 03:39 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.2626.com/?0319
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.2626.com/?0319
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.2626.com/?0319
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2626.com/?0319
    [2012-03-14 12:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360safe
    [2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360se
    [2012-03-14 12:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360WD
    [2012-04-15 20:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360safe
    [2012-04-15 20:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360se
    [2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360WD
    [2012-04-15 20:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360safe
    [2012-04-15 20:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360se
    [2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360WD
    [2012-04-15 20:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Maxthon3
    [2012-04-15 20:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoralExplorer
    [2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\CoralExplorer
    [2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\CoralExplorer
    [2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Maxthon3
    [2012-04-15 20:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Maxthon3
    [2012-04-15 20:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\Maxthon3
    [2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SogouExplorer
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users