copmill

Hijack.StartPage.Gen Returns After Reboot

29 posts in this topic

Hi all,

I'm having trouble removing Hijack.StartPage.Gen. Malwarebytes Anti-Malware claims to have successfully removed it but after a reboot and a further scan it is still there.

I'm unable to post my DDS logs as requested in the sticky post at the top of this forum as DDS causes my computer to lock-up.

I have attached my Malwarebytes Anti-Malware and HijackThis logs:

mbam-log-2012-04-16 (20-05-43).txt

hijackthis.log

Any help will be greatly appreciated. If you need any further information please ask.

Regards

copmill

Share this post


Link to post
Share on other sites

Hello copmill and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

Hi Maniac,

I have disabled and reset TeaTimer as per your instructions.

I then proceeded to run ComboFix as per the linked instructions. However it has been running for about an hour and is still stuck at the following:


Scanning for infected files . . .
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double

The cursor underneath that message is still flashing.

I will let it run unless you tell me otherwise.

Regards

copmill

Share this post


Link to post
Share on other sites

Well it is still the same. The cursor is still flashing. I has been about 7 hours since I started ComboFix and still no progress.

Share this post


Link to post
Share on other sites

OK. I have started ComboFix in Safe Mode with Networking. I need to go and walk the dog now, so I will check on its progress when I get back and let you know what happens.

Share this post


Link to post
Share on other sites

Well it's been 2 hours since I started ComboFix in Safe Mode and it's stuck at the same place again. :(

Share this post


Link to post
Share on other sites

Let's try this one in Normal mode:

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

OK this one worked.

OTL.txt:


OTL logfile created on: 2012-4-17 23:19:26 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\桌面
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000804 | Country: 中华人民共和国 | Language: CHS | Date Format: yyyy-M-d

767.48 Mb Total Physical Memory | 466.19 Mb Available Physical Memory | 60.74% Memory free
1.83 Gb Paging File | 1.57 Gb Available in Paging File | 85.73% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10.00 Gb Total Space | 5.21 Gb Free Space | 52.08% Space Free | Partition Type: NTFS
Drive D: | 21.00 Gb Total Space | 20.64 Gb Free Space | 98.29% Space Free | Partition Type: NTFS
Drive E: | 21.00 Gb Total Space | 20.94 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
Drive F: | 22.53 Gb Total Space | 22.46 Gb Free Space | 99.72% Space Free | Partition Type: NTFS
Drive H: | 3.77 Gb Total Space | 3.63 Gb Free Space | 96.17% Space Free | Partition Type: FAT32

Computer Name: PC-201204152019 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-04-17 23:17:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\桌面\OTL.exe
PRC - [2012-03-01 07:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011-06-15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008-04-22 04:00:00 | 000,978,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2012-03-01 07:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011-06-26 14:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-03-27 17:03:36 | 006,100,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011-04-05 17:35:20 | 000,332,248 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011-04-05 17:35:20 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2011-04-05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2011-02-08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011-02-08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2009-11-18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-06-30 17:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2009-03-25 14:29:00 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008-04-22 04:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2008-04-13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-13 01:35:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2006-07-01 22:43:02 | 000,041,984 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001-08-17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ie135.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ie135.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ie135.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ie135.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1004336348-1960408961-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2626.com/?genghuan

IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.2626.com/?0319
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.2626.com/?0319
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.2626.com/?0319
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2626.com/?0319
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.0530\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()



O1 HOSTS File: ([2012-04-16 14:52:41 | 000,442,579 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15209 more lines...
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnEixt = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1736377-A023-4703-90AF-80AAC3BBBB9A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (当前主页) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2012-03-13 17:45:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-04-17 23:18:42 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\桌面\OTL.exe
[2012-04-17 20:17:49 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012-04-17 20:17:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012-04-17 11:23:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-04-17 11:20:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-04-17 11:20:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-04-17 11:20:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-04-17 11:20:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-04-17 11:20:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-04-17 11:20:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-04-17 11:19:53 | 004,465,601 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\桌面\ComboFix.exe
[2012-04-17 11:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012-04-16 20:56:55 | 000,607,260 | R--- | C] (Swearware) -- D:\dds.com
[2012-04-16 20:29:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\「开始」菜单\程序\管理工具
[2012-04-16 20:29:35 | 000,000,000 | R--D | C] -- D:\My Videos
[2012-04-16 20:29:18 | 000,607,260 | R--- | C] (Swearware) -- D:\dds.scr
[2012-04-16 19:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\「开始」菜单\程序\SysInternals
[2012-04-16 19:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\SysInternals
[2012-04-16 17:37:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2012-04-16 17:19:07 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbhips.sys
[2012-04-16 17:19:06 | 000,212,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2012-04-16 17:18:57 | 000,332,248 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2012-04-16 17:18:57 | 000,069,208 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2012-04-16 14:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\「开始」菜单\程序\Spybot - Search & Destroy
[2012-04-16 14:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012-04-16 14:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012-04-16 14:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\「开始」菜单\程序\HiJackThis
[2012-04-16 14:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012-04-16 13:19:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012-04-16 13:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\「开始」菜单\程序\Malwarebytes' Anti-Malware
[2012-04-16 13:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-04-16 13:19:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-04-16 13:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-04-16 13:18:17 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2012-04-16 13:18:09 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2012-04-16 13:18:02 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2012-04-16 13:18:01 | 002,815,592 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2012-04-16 13:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012-04-16 09:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012-04-16 09:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2012-04-16 09:07:47 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012-04-16 09:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2012-04-16 02:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2012-04-16 02:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2012-04-16 02:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2012-04-16 01:28:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012-04-16 01:25:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012-04-16 01:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2012-04-16 01:18:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2012-04-16 01:18:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2012-04-16 01:16:53 | 000,000,000 | R--D | C] -- D:\My Music
[2012-04-16 01:16:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012-04-16 00:45:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012-04-16 00:45:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012-04-16 00:44:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012-04-15 21:54:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012-04-15 21:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012-04-15 21:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012-04-15 21:19:44 | 000,000,000 | ---D | C] -- D:\Downloads
[2012-04-15 21:06:42 | 000,000,000 | ---D | C] -- D:\我的文档
[2012-04-15 21:03:43 | 000,000,000 | R--D | C] -- D:\My Pictures
[2012-04-15 20:47:37 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2012-04-15 20:44:13 | 000,000,000 | -HSD | C] -- D:\System Volume Information
[2012-04-15 20:31:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012-04-15 20:26:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012-04-15 20:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SogouPY.users
[2012-04-15 20:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SogouPY
[2012-04-15 20:25:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2012-04-15 20:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Maxthon3
[2012-04-15 20:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoralExplorer
[2012-04-15 20:23:06 | 000,019,072 | RH-- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2012-04-15 20:22:55 | 000,017,280 | RH-- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012-04-15 20:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012-04-15 20:22:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012-04-15 20:21:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012-04-15 20:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012-04-15 20:21:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2012-04-15 20:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012-04-15 20:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012-04-15 20:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012-04-15 20:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012-04-15 20:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012-04-15 20:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012-04-15 20:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012-04-15 20:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tencent
[2012-04-15 20:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012-04-15 20:20:18 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012-04-15 20:19:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-04-17 23:17:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-04-17 23:17:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\桌面\OTL.exe
[2012-04-17 11:23:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-04-17 11:18:38 | 004,465,601 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\桌面\ComboFix.exe
[2012-04-17 11:14:07 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012-04-17 11:13:47 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012-04-16 20:57:02 | 000,607,260 | R--- | M] (Swearware) -- D:\dds.com
[2012-04-16 20:29:34 | 000,607,260 | R--- | M] (Swearware) -- D:\dds.scr
[2012-04-16 16:50:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-04-16 14:52:41 | 000,442,579 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-04-16 01:59:02 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-04-16 01:59:02 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-04-16 01:58:56 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-04-16 01:58:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012-04-16 01:21:02 | 000,311,730 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-04-16 01:21:02 | 000,119,188 | ---- | M] () -- C:\WINDOWS\System32\prfh0804.dat
[2012-04-16 01:21:02 | 000,041,198 | ---- | M] () -- C:\WINDOWS\System32\prfc0804.dat
[2012-04-16 01:21:02 | 000,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-04-16 01:18:27 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4A3639C3-B631-4F48-9FAB-C6DB7154EAE1}.job
[2012-04-15 21:27:25 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012-04-15 21:24:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-04-15 20:32:02 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2012-04-15 20:28:45 | 000,108,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-04-15 20:25:07 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2012-04-15 20:25:07 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2012-04-15 20:23:36 | 000,001,047 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012-04-15 20:21:46 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2012-04-04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-04-17 11:23:11 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012-04-17 11:23:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012-04-17 11:20:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-04-17 11:20:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-04-17 11:20:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-04-17 11:20:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-04-17 11:20:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-04-16 13:18:05 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012-04-16 01:58:56 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-04-16 01:58:56 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-04-16 01:58:55 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-04-16 01:58:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012-04-16 01:58:13 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012-04-16 01:58:13 | 000,007,843 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012-04-16 01:18:27 | 000,000,392 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4A3639C3-B631-4F48-9FAB-C6DB7154EAE1}.job
[2012-04-16 01:16:55 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Administrator\「开始」菜单\程序\Internet Explorer.lnk
[2012-04-16 00:45:18 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012-04-16 00:04:56 | 000,019,495 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2012-04-15 21:53:16 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012-04-15 21:29:37 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012-04-15 21:27:25 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012-04-15 21:24:21 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\「开始」菜单\程序\Microsoft Security Essentials.lnk
[2012-04-15 20:25:07 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2012-04-15 20:25:07 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2012-04-15 20:23:13 | 000,239,616 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\wstrenderer.ax
[2012-04-15 20:23:13 | 000,164,352 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\wstpager.ax
[2012-04-15 20:23:10 | 000,040,448 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\wiasf.ax
[2012-04-15 20:23:10 | 000,013,312 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\win87em.dll
[2012-04-15 20:23:09 | 000,053,248 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\vbicodec.ax
[2012-04-15 20:23:09 | 000,001,106 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\vwipxspx.exe
[2012-04-15 20:23:08 | 000,015,360 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\tsd32.dll
[2012-04-15 20:23:07 | 000,003,144 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\sRGB Color Space Profile.icm
[2012-04-15 20:23:07 | 000,000,984 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012-04-15 20:23:04 | 001,685,606 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012-04-15 20:23:04 | 000,270,848 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2012-04-15 20:23:04 | 000,010,240 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\scriptpw.dll
[2012-04-15 20:23:04 | 000,000,888 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012-04-15 20:23:04 | 000,000,882 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\share.exe
[2012-04-15 20:23:03 | 000,003,338 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\redir.exe
[2012-04-15 20:23:02 | 000,733,696 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2012-04-15 20:23:02 | 000,605,050 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012-04-15 20:23:02 | 000,175,104 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\PINTLCSA.DLL
[2012-04-15 20:23:02 | 000,035,332 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prncnfg.vbs
[2012-04-15 20:23:02 | 000,032,095 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prnmngr.vbs
[2012-04-15 20:23:02 | 000,028,992 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prnport.vbs
[2012-04-15 20:23:02 | 000,025,086 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prndrvr.vbs
[2012-04-15 20:23:02 | 000,021,250 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prnjobs.vbs
[2012-04-15 20:23:02 | 000,015,633 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prnqctl.vbs
[2012-04-15 20:23:02 | 000,003,621 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs
[2012-04-15 20:23:02 | 000,001,950 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\pid.inf
[2012-04-15 20:23:01 | 000,165,389 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\pagefileconfig.vbs
[2012-04-15 20:23:01 | 000,157,696 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\paqsp.dll
[2012-04-15 20:23:01 | 000,003,216 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\nw16.exe
[2012-04-15 20:22:59 | 000,035,648 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio411.sys
[2012-04-15 20:22:59 | 000,035,424 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio412.sys
[2012-04-15 20:22:59 | 000,034,560 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio804.sys
[2012-04-15 20:22:59 | 000,034,560 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio404.sys
[2012-04-15 20:22:59 | 000,033,840 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio.sys
[2012-04-15 20:22:59 | 000,029,370 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys
[2012-04-15 20:22:59 | 000,029,274 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys
[2012-04-15 20:22:59 | 000,029,146 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys
[2012-04-15 20:22:59 | 000,029,146 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys
[2012-04-15 20:22:59 | 000,027,866 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos.sys
[2012-04-15 20:22:59 | 000,007,052 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe
[2012-04-15 20:22:56 | 000,355,112 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\msjetoledb40.dll
[2012-04-15 20:22:56 | 000,014,336 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2012-04-15 20:22:55 | 000,000,817 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe
[2012-04-15 20:22:54 | 000,673,088 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mlang.dat
[2012-04-15 20:22:54 | 000,148,992 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2012-04-15 20:22:54 | 000,118,272 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mpeg2data.ax
[2012-04-15 20:22:54 | 000,039,274 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mem.exe
[2012-04-15 20:22:53 | 000,643,717 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012-04-15 20:22:53 | 000,042,809 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\key01.sys
[2012-04-15 20:22:53 | 000,042,537 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\keyboard.sys
[2012-04-15 20:22:50 | 003,440,660 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\gm.dls
[2012-04-15 20:22:50 | 000,004,768 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\himem.sys
[2012-04-15 20:22:49 | 000,097,004 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\eventquery.vbs
[2012-04-15 20:22:49 | 000,008,424 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe
[2012-04-15 20:22:49 | 000,000,882 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\fastopen.exe
[2012-04-15 20:22:48 | 000,186,880 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2012-04-15 20:22:48 | 000,055,296 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\dvdplay.exe
[2012-04-15 20:22:48 | 000,012,786 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\edlin.exe
[2012-04-15 20:22:47 | 000,053,856 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\dosx.exe
[2012-04-15 20:22:46 | 000,020,634 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\debug.exe
[2012-04-15 20:22:45 | 000,017,165 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\country.sys
[2012-04-15 20:22:42 | 000,070,656 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2012-04-15 20:22:42 | 000,012,498 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\append.exe
[2012-04-15 20:22:42 | 000,009,143 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ansi.sys
[2012-04-15 20:22:41 | 000,002,233 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\12520850.cpx
[2012-04-15 20:22:41 | 000,002,151 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\12520437.cpx
[2012-04-15 20:22:40 | 000,004,310 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\odbcconf.rsp
[2012-04-15 20:22:39 | 000,383,804 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\tahoma.ttf
[2012-04-15 20:22:39 | 000,355,680 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\tahomabd.ttf
[2012-04-15 20:22:38 | 000,204,396 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2012-04-15 20:22:38 | 000,007,208 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\secupd.sig
[2012-04-15 20:22:38 | 000,004,569 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\secupd.dat
[2012-04-15 20:22:37 | 000,461,672 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\micross.ttf
[2012-04-15 20:22:37 | 000,252,416 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\compatUI.dll
[2012-04-15 20:22:37 | 000,159,956 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2012-04-15 20:22:37 | 000,152,844 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\framdit.ttf
[2012-04-15 20:22:37 | 000,135,984 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\framd.ttf
[2012-04-15 20:22:37 | 000,024,124 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\marlett.ttf
[2012-04-15 20:22:37 | 000,009,424 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\drvmain.sdb
[2012-04-15 20:22:36 | 000,785,972 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2012-04-15 20:21:46 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2012-04-15 20:20:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012-04-15 20:20:03 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2012-03-18 00:20:46 | 000,063,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\mv614x.sys
[2012-03-18 00:20:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2012-03-14 12:23:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cid_store.dat
[2012-03-14 12:23:21 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\pub_store.dat
[2012-03-14 11:28:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-03-14 10:24:59 | 000,000,373 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012-03-13 17:47:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-03-13 17:43:23 | 000,021,464 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012-03-13 17:40:31 | 000,004,117 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-03-13 17:39:07 | 000,108,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-03-02 00:13:18 | 000,338,280 | ---- | C] () -- C:\WINDOWS\System32\kindling.dll
[2011-01-28 13:47:16 | 000,000,486 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[color=#E56717]========== LOP Check ==========[/color]

[2012-03-14 12:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360safe
[2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360se
[2012-03-14 12:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360WD
[2012-03-14 12:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoralExplorer
[2012-04-15 20:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KuGou7
[2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Maxthon3
[2012-03-14 12:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PPLive
[2012-04-15 20:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SogouPY
[2012-04-15 20:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SogouPY.users
[2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tencent
[2012-03-14 12:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2012-03-14 12:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2012-03-14 12:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Storm
[2012-03-14 12:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2012-04-15 20:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360safe
[2012-04-15 20:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360se
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360WD
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ACD Systems
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\CoralExplorer
[2012-04-15 20:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\KuGou7
[2012-04-15 20:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Maxthon3
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\PPLive
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SogouExplorer
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Tencent
[2012-04-16 17:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2012-04-15 20:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360safe
[2012-04-15 20:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360se
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360WD
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\ACD Systems
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\CoralExplorer
[2012-04-15 20:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\KuGou7
[2012-04-15 20:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\Maxthon3
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\PPLive
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\Tencent
[2012-04-17 11:14:07 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012-04-17 11:13:47 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2012-04-16 01:18:27 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4A3639C3-B631-4F48-9FAB-C6DB7154EAE1}.job

[color=#E56717]========== Purity Check ==========[/color]


< End of report >

Extras.txt:


OTL Extras logfile created on: 2012-4-17 23:19:26 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\桌面
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000804 | Country: 中华人民共和国 | Language: CHS | Date Format: yyyy-M-d

767.48 Mb Total Physical Memory | 466.19 Mb Available Physical Memory | 60.74% Memory free
1.83 Gb Paging File | 1.57 Gb Available in Paging File | 85.73% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10.00 Gb Total Space | 5.21 Gb Free Space | 52.08% Space Free | Partition Type: NTFS
Drive D: | 21.00 Gb Total Space | 20.64 Gb Free Space | 98.29% Space Free | Partition Type: NTFS
Drive E: | 21.00 Gb Total Space | 20.94 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
Drive F: | 22.53 Gb Total Space | 22.46 Gb Free Space | 99.72% Space Free | Partition Type: NTFS
Drive H: | 3.77 Gb Total Space | 3.63 Gb Free Space | 96.17% Space Free | Partition Type: FAT32

Computer Name: PC-201204152019 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Thunder\Program\Thunder5.exe" = C:\Program Files\Thunder\Program\Thunder5.exe:*:Enabled:Thunder
"C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\QQPCDetector~0\QQPCDetector.exe" = C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\QQPCDetector~0\QQPCDetector.exe:*:Enabled:QQPCDetector
"C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\SetupEx~0\QQSetupEx.exe" = C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\SetupEx~0\QQSetupEx.exe:*:Enabled:QQ2012
"C:\Program Files\Common Files\Tencent\QQDownload\107\Tencentdl.exe" = C:\Program Files\Common Files\Tencent\QQDownload\107\Tencentdl.exe:*:Enabled:腾讯产品下载组件 -- (Tencent)
"D:\Program Files\Tencent\QQ\Bin\QQ.exe" = D:\Program Files\Tencent\QQ\Bin\QQ.exe:*:Enabled:腾讯QQ2012
"D:\Program Files\Tencent\QQ\Bin\auclt.exe" = D:\Program Files\Tencent\QQ\Bin\auclt.exe:*:Enabled:QQUpdate
"D:\Program Files\Tencent\QQ\Bin\txupd.exe" = D:\Program Files\Tencent\QQ\Bin\txupd.exe:*:Enabled:QQUpdate2011
"D:\Program Files\Tencent\QQ\Bin\SetupEx\QQSetupEx.exe" = D:\Program Files\Tencent\QQ\Bin\SetupEx\QQSetupEx.exe:*:Enabled:SetupEX
"C:\Program Files\PPLive\PPTV\PPLive.exe" = C:\Program Files\PPLive\PPTV\PPLive.exe:*:Enabled:PPLive
"C:\Program Files\PPLive\PPTV\3.1.3.0037\PPLiveU.exe" = C:\Program Files\PPLive\PPTV\3.1.3.0037\PPLiveU.exe:*:Enabled:PPLiveU
"C:\Program Files\PPLive\PPTV\3.1.3.0037\RepairSetup.exe" = C:\Program Files\PPLive\PPTV\3.1.3.0037\RepairSetup.exe:*:Enabled:RepairSetup.exe
"C:\Program Files\PPLive\PPTV\3.1.3.0037\crashreporter.exe" = C:\Program Files\PPLive\PPTV\3.1.3.0037\crashreporter.exe:*:Enabled:CrashReporter.exe
"C:\WINDOWS\system32\PPTVLauncher.exe" = C:\WINDOWS\system32\PPTVLauncher.exe:*:Enabled:PPTVLauncher -- (PPLive Corporation)
"C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" = C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe:*:Enabled:PPLive
"C:\Program Files\SogouInput\6.0.0.5909\PinyinUp.exe" = C:\Program Files\SogouInput\6.0.0.5909\PinyinUp.exe:*:Enabled:Sogou Pinyin Service
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{350C97B5-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client ZH-CN Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{90110804-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DF21474-61E3-428B-8D7B-833EA2D0FAAB}" = Microsoft Antimalware Service ZH-CN Language Pack
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA 控制面板 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA 图形驱动程序 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA NView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA 更新 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-4-15 8:31:33 | Computer Name = PC-201204152019 | Source = MsiInstaller | ID = 11324
Description = 产品: QQ2012 -- 错误 1324。文件夹路径 Program Files 中含有无效的字符。

Error - 2012-4-15 8:31:39 | Computer Name = PC-201204152019 | Source = MsiInstaller | ID = 11324
Description = 产品: QQ2012 -- 错误 1324。文件夹路径 Program Files 中含有无效的字符。

Error - 2012-4-15 8:33:33 | Computer Name = PC-201204152019 | Source = MsiInstaller | ID = 11324
Description = 产品: QQ2012 -- 错误 1324。文件夹路径 Program Files 中含有无效的字符。

Error - 2012-4-15 8:48:24 | Computer Name = PC-201204152019 | Source = LoadPerf | ID = 3001
Description = 注册表中性能计数器名称字符串数值的格式不正确。 不正确的字符串是 2278,不正确的索引值是数据节中的第一个 DWORD 值, 最后的有效索引值是数据节中的第二个和第三个
DWORD 值。

Error - 2012-4-15 9:24:25 | Computer Name = PC-201204152019 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 2012-4-15 10:07:54 | Computer Name = PC-201204152019 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4
3, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 2012-4-15 10:54:47 | Computer Name = PC-201204152019 | Source = ESENT | ID = 485
Description = wuauclt (3188) 由于系统错误 32 (0x00000020): "另一个程序正在使用此文件,进程无法访问。 ",删除文件
"C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" 的尝试失败。删除文件操作将失败,并出现错误
-1032 (0xfffffbf8)。

Error - 2012-4-15 13:21:02 | Computer Name = PC-201204152019 | Source = LoadPerf | ID = 3001
Description = 注册表中性能计数器名称字符串数值的格式不正确。 不正确的字符串是 2278,不正确的索引值是数据节中的第一个 DWORD 值, 最后的有效索引值是数据节中的第二个和第三个
DWORD 值。

Error - 2012-4-16 23:19:09 | Computer Name = PC-201204152019 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 2012-4-16 23:05:21 | Computer Name = PC-201204152019 | Source = Service Control Manager | ID = 7026
Description = 下列引导或系统启动驱动程序无法加载: SBRE

Error - 2012-4-16 23:09:09 | Computer Name = PC-201204152019 | Source = Service Control Manager | ID = 7023
Description = HID Input Service 服务因下列错误而停止: %%126

Error - 2012-4-16 23:09:09 | Computer Name = PC-201204152019 | Source = Service Control Manager | ID = 7026
Description = 下列引导或系统启动驱动程序无法加载: SBRE

Error - 2012-4-16 23:19:09 | Computer Name = PC-201204152019 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 在尝试更新签名时遇到错误。 新签名版本: 旧签名版本: 1.123.1813.0 更新源: %%859 更新阶段: %%852
源路径:
http://www.microsoft.com 签名类型: %%800 更新类型: %%803 用户: NT AUTHORITY\SYSTEM 当前引擎版本:
旧引擎版本: 1.1.8202.0 错误代码: 0x8024402c 错误描述: 在检查更新时出现意外问题。有关更新的安装和疑难解答的信息,请参阅“帮助和支持”。


Error - 2012-4-17 8:17:27 | Computer Name = PC-201204152019 | Source = DCOM | ID = 10005
Description = DCOM 遇到错误“%1084”,试图以参数“”启动服务 EventSystem 以运行服务器: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-4-17 8:18:46 | Computer Name = PC-201204152019 | Source = Service Control Manager | ID = 7023
Description = Help and Support 服务因下列错误而停止: %%126

Error - 2012-4-17 8:18:46 | Computer Name = PC-201204152019 | Source = Service Control Manager | ID = 7026
Description = 下列引导或系统启动驱动程序无法加载: AmdK8 Fips MpFilter SBRE

Error - 2012-4-17 11:18:10 | Computer Name = PC-201204152019 | Source = Service Control Manager | ID = 7023
Description = HID Input Service 服务因下列错误而停止: %%126

Error - 2012-4-17 11:18:10 | Computer Name = PC-201204152019 | Source = Service Control Manager | ID = 7023
Description = Help and Support 服务因下列错误而停止: %%126

Error - 2012-4-17 11:18:10 | Computer Name = PC-201204152019 | Source = Service Control Manager | ID = 7026
Description = 下列引导或系统启动驱动程序无法加载: SBRE


< End of report >

Share this post


Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2626.com/?genghuan
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.2626.com/?0319
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.2626.com/?0319
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.2626.com/?0319
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2626.com/?0319
    [2012-04-16 17:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus

    :Commands
    [emptytemp]
    [clearallrestorepoints]
    [resethosts]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

OK, done.

Here is the log:


All processes killed
========== OTL ==========
HKU\S-1-5-21-1004336348-1960408961-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Unable to set value : HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E!
Unable to set value : HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E!
Unable to set value : HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E!
Unable to set value : HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E!
C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus\Logs\20120416T093733.015625PID860 folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus\Logs folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 21947236 bytes
->Temporary Internet Files folder emptied: 48723228 bytes
->Java cache emptied: 391104 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 40672 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2376512 bytes
%systemroot%\System32 .tmp files removed: 860 bytes
%systemroot%\System32\dllcache .tmp files removed: 11239280 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 170396 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 81.00 mb

Restore points cleared and new OTL Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.39.2 log created on 04172012_235222
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Share this post


Link to post
Share on other sites

OK, so scan completed successfully, one item was detected and removed. Malwarebytes' Anti-Malware requested that I reboot so I did. Here is the log:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.17.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PC-201204152019 [administrator]
2012-4-18 0:16:21
mbam-log-2012-04-18 (00-16-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188957
Time elapsed: 2 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage.Gen) -> Bad: (http://www.2626.com/?0319) Good: (http://www.google.com) -> Delete on reboot.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Share this post


Link to post
Share on other sites

Please re-run OTL and post a new fresh log.

Share this post


Link to post
Share on other sites

OK, I re-ran an OTL Quick Scan with Scan All Users selected.

Here is OTL.txt:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.17.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PC-201204152019 [administrator]
2012-4-18 0:16:21
mbam-log-2012-04-18 (00-16-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188957
Time elapsed: 2 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage.Gen) -> Bad: (http://www.2626.com/?0319) Good: (http://www.google.com) -> Delete on reboot.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Share this post


Link to post
Share on other sites

Oops, looks like I posted the wrong log!!

Here is the real OTL.txt


OTL logfile created on: 2012-4-18 0:52:26 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\桌面
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000804 | Country: 中华人民共和国 | Language: CHS | Date Format: yyyy-M-d

767.48 Mb Total Physical Memory | 478.02 Mb Available Physical Memory | 62.28% Memory free
1.83 Gb Paging File | 1.59 Gb Available in Paging File | 86.65% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10.00 Gb Total Space | 5.27 Gb Free Space | 52.67% Space Free | Partition Type: NTFS
Drive D: | 21.00 Gb Total Space | 20.64 Gb Free Space | 98.29% Space Free | Partition Type: NTFS
Drive E: | 21.00 Gb Total Space | 20.94 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
Drive F: | 22.53 Gb Total Space | 22.46 Gb Free Space | 99.72% Space Free | Partition Type: NTFS

Computer Name: PC-201204152019 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-04-17 23:17:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\桌面\OTL.exe
PRC - [2012-03-01 07:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011-06-15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008-04-22 04:00:00 | 000,978,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2012-03-01 07:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011-06-26 14:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-03-27 17:03:36 | 006,100,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011-04-05 17:35:20 | 000,332,248 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011-04-05 17:35:20 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2011-04-05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2011-02-08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011-02-08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2009-11-18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-06-30 17:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2009-03-25 14:29:00 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008-04-22 04:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2008-04-13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-13 01:35:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2006-07-01 22:43:02 | 000,041,984 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001-08-17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ie135.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ie135.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ie135.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ie135.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1004336348-1960408961-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.2626.com/?0319
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.2626.com/?0319
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.2626.com/?0319
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2626.com/?0319
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.0530\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()



O1 HOSTS File: ([2012-04-17 23:52:44 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnEixt = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (当前主页) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2012-03-13 17:45:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-04-17 23:52:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-04-17 23:18:42 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\桌面\OTL.exe
[2012-04-17 20:17:49 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012-04-17 20:17:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012-04-17 11:23:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-04-17 11:20:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-04-17 11:20:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-04-17 11:20:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-04-17 11:20:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-04-17 11:20:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-04-17 11:20:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-04-17 11:19:53 | 004,465,601 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\桌面\ComboFix.exe
[2012-04-17 11:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012-04-16 20:56:55 | 000,607,260 | R--- | C] (Swearware) -- D:\dds.com
[2012-04-16 20:29:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\「开始」菜单\程序\管理工具
[2012-04-16 20:29:35 | 000,000,000 | R--D | C] -- D:\My Videos
[2012-04-16 20:29:18 | 000,607,260 | R--- | C] (Swearware) -- D:\dds.scr
[2012-04-16 19:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\「开始」菜单\程序\SysInternals
[2012-04-16 19:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\SysInternals
[2012-04-16 17:19:07 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbhips.sys
[2012-04-16 17:19:06 | 000,212,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2012-04-16 17:18:57 | 000,332,248 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2012-04-16 17:18:57 | 000,069,208 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2012-04-16 14:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\「开始」菜单\程序\Spybot - Search & Destroy
[2012-04-16 14:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012-04-16 14:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012-04-16 14:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\「开始」菜单\程序\HiJackThis
[2012-04-16 14:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012-04-16 13:19:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012-04-16 13:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\「开始」菜单\程序\Malwarebytes' Anti-Malware
[2012-04-16 13:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-04-16 13:19:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-04-16 13:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-04-16 13:18:17 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2012-04-16 13:18:09 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2012-04-16 13:18:02 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2012-04-16 13:18:01 | 002,815,592 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2012-04-16 13:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012-04-16 09:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012-04-16 09:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2012-04-16 09:07:47 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012-04-16 09:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2012-04-16 02:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2012-04-16 02:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2012-04-16 02:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2012-04-16 01:28:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012-04-16 01:25:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012-04-16 01:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2012-04-16 01:18:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2012-04-16 01:18:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2012-04-16 01:16:53 | 000,000,000 | R--D | C] -- D:\My Music
[2012-04-16 01:16:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012-04-16 00:45:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012-04-16 00:45:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012-04-16 00:44:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012-04-15 21:54:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012-04-15 21:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012-04-15 21:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012-04-15 21:19:44 | 000,000,000 | ---D | C] -- D:\Downloads
[2012-04-15 21:06:42 | 000,000,000 | ---D | C] -- D:\我的文档
[2012-04-15 21:03:43 | 000,000,000 | R--D | C] -- D:\My Pictures
[2012-04-15 20:47:37 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2012-04-15 20:44:13 | 000,000,000 | -HSD | C] -- D:\System Volume Information
[2012-04-15 20:31:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012-04-15 20:26:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012-04-15 20:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SogouPY.users
[2012-04-15 20:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SogouPY
[2012-04-15 20:25:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2012-04-15 20:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Maxthon3
[2012-04-15 20:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoralExplorer
[2012-04-15 20:23:06 | 000,019,072 | RH-- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2012-04-15 20:22:55 | 000,017,280 | RH-- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012-04-15 20:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012-04-15 20:22:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012-04-15 20:21:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012-04-15 20:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012-04-15 20:21:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2012-04-15 20:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012-04-15 20:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012-04-15 20:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012-04-15 20:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012-04-15 20:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012-04-15 20:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012-04-15 20:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012-04-15 20:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tencent
[2012-04-15 20:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012-04-15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012-04-15 20:20:18 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012-04-15 20:19:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-04-18 00:30:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012-04-18 00:30:33 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012-04-18 00:25:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-04-17 23:52:44 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012-04-17 23:17:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\桌面\OTL.exe
[2012-04-17 11:23:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-04-17 11:18:38 | 004,465,601 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\桌面\ComboFix.exe
[2012-04-16 20:57:02 | 000,607,260 | R--- | M] (Swearware) -- D:\dds.com
[2012-04-16 20:29:34 | 000,607,260 | R--- | M] (Swearware) -- D:\dds.scr
[2012-04-16 16:50:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-04-16 01:59:02 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-04-16 01:59:02 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-04-16 01:58:56 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-04-16 01:58:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012-04-16 01:21:02 | 000,311,730 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-04-16 01:21:02 | 000,119,188 | ---- | M] () -- C:\WINDOWS\System32\prfh0804.dat
[2012-04-16 01:21:02 | 000,041,198 | ---- | M] () -- C:\WINDOWS\System32\prfc0804.dat
[2012-04-16 01:21:02 | 000,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-04-16 01:18:27 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4A3639C3-B631-4F48-9FAB-C6DB7154EAE1}.job
[2012-04-15 21:27:25 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012-04-15 21:24:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-04-15 20:32:02 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2012-04-15 20:28:45 | 000,108,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-04-15 20:25:07 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2012-04-15 20:25:07 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2012-04-15 20:23:36 | 000,001,047 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012-04-15 20:21:46 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2012-04-04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-04-17 11:23:11 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012-04-17 11:23:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012-04-17 11:20:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-04-17 11:20:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-04-17 11:20:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-04-17 11:20:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-04-17 11:20:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-04-16 13:18:05 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012-04-16 01:58:56 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-04-16 01:58:56 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-04-16 01:58:55 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-04-16 01:58:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012-04-16 01:58:13 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012-04-16 01:58:13 | 000,007,843 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012-04-16 01:18:27 | 000,000,392 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4A3639C3-B631-4F48-9FAB-C6DB7154EAE1}.job
[2012-04-16 01:16:55 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Administrator\「开始」菜单\程序\Internet Explorer.lnk
[2012-04-16 00:45:18 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012-04-16 00:04:56 | 000,019,495 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2012-04-15 21:53:16 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012-04-15 21:29:37 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012-04-15 21:27:25 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012-04-15 21:24:21 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\「开始」菜单\程序\Microsoft Security Essentials.lnk
[2012-04-15 20:25:07 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2012-04-15 20:25:07 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2012-04-15 20:23:13 | 000,239,616 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\wstrenderer.ax
[2012-04-15 20:23:13 | 000,164,352 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\wstpager.ax
[2012-04-15 20:23:10 | 000,040,448 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\wiasf.ax
[2012-04-15 20:23:10 | 000,013,312 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\win87em.dll
[2012-04-15 20:23:09 | 000,053,248 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\vbicodec.ax
[2012-04-15 20:23:09 | 000,001,106 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\vwipxspx.exe
[2012-04-15 20:23:08 | 000,015,360 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\tsd32.dll
[2012-04-15 20:23:07 | 000,003,144 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\sRGB Color Space Profile.icm
[2012-04-15 20:23:07 | 000,000,984 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012-04-15 20:23:04 | 001,685,606 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012-04-15 20:23:04 | 000,270,848 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2012-04-15 20:23:04 | 000,010,240 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\scriptpw.dll
[2012-04-15 20:23:04 | 000,000,888 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012-04-15 20:23:04 | 000,000,882 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\share.exe
[2012-04-15 20:23:03 | 000,003,338 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\redir.exe
[2012-04-15 20:23:02 | 000,733,696 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2012-04-15 20:23:02 | 000,605,050 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012-04-15 20:23:02 | 000,175,104 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\PINTLCSA.DLL
[2012-04-15 20:23:02 | 000,035,332 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prncnfg.vbs
[2012-04-15 20:23:02 | 000,032,095 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prnmngr.vbs
[2012-04-15 20:23:02 | 000,028,992 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prnport.vbs
[2012-04-15 20:23:02 | 000,025,086 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prndrvr.vbs
[2012-04-15 20:23:02 | 000,021,250 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prnjobs.vbs
[2012-04-15 20:23:02 | 000,015,633 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\prnqctl.vbs
[2012-04-15 20:23:02 | 000,003,621 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs
[2012-04-15 20:23:02 | 000,001,950 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\pid.inf
[2012-04-15 20:23:01 | 000,165,389 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\pagefileconfig.vbs
[2012-04-15 20:23:01 | 000,157,696 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\paqsp.dll
[2012-04-15 20:23:01 | 000,003,216 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\nw16.exe
[2012-04-15 20:22:59 | 000,035,648 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio411.sys
[2012-04-15 20:22:59 | 000,035,424 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio412.sys
[2012-04-15 20:22:59 | 000,034,560 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio804.sys
[2012-04-15 20:22:59 | 000,034,560 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio404.sys
[2012-04-15 20:22:59 | 000,033,840 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntio.sys
[2012-04-15 20:22:59 | 000,029,370 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys
[2012-04-15 20:22:59 | 000,029,274 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys
[2012-04-15 20:22:59 | 000,029,146 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys
[2012-04-15 20:22:59 | 000,029,146 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys
[2012-04-15 20:22:59 | 000,027,866 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos.sys
[2012-04-15 20:22:59 | 000,007,052 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe
[2012-04-15 20:22:56 | 000,355,112 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\msjetoledb40.dll
[2012-04-15 20:22:56 | 000,014,336 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2012-04-15 20:22:55 | 000,000,817 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe
[2012-04-15 20:22:54 | 000,673,088 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mlang.dat
[2012-04-15 20:22:54 | 000,148,992 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2012-04-15 20:22:54 | 000,118,272 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mpeg2data.ax
[2012-04-15 20:22:54 | 000,039,274 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\mem.exe
[2012-04-15 20:22:53 | 000,643,717 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012-04-15 20:22:53 | 000,042,809 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\key01.sys
[2012-04-15 20:22:53 | 000,042,537 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\keyboard.sys
[2012-04-15 20:22:50 | 003,440,660 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\gm.dls
[2012-04-15 20:22:50 | 000,004,768 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\himem.sys
[2012-04-15 20:22:49 | 000,097,004 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\eventquery.vbs
[2012-04-15 20:22:49 | 000,008,424 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe
[2012-04-15 20:22:49 | 000,000,882 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\fastopen.exe
[2012-04-15 20:22:48 | 000,186,880 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2012-04-15 20:22:48 | 000,055,296 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\dvdplay.exe
[2012-04-15 20:22:48 | 000,012,786 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\edlin.exe
[2012-04-15 20:22:47 | 000,053,856 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\dosx.exe
[2012-04-15 20:22:46 | 000,020,634 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\debug.exe
[2012-04-15 20:22:45 | 000,017,165 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\country.sys
[2012-04-15 20:22:42 | 000,070,656 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2012-04-15 20:22:42 | 000,012,498 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\append.exe
[2012-04-15 20:22:42 | 000,009,143 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\ansi.sys
[2012-04-15 20:22:41 | 000,002,233 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\12520850.cpx
[2012-04-15 20:22:41 | 000,002,151 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\12520437.cpx
[2012-04-15 20:22:40 | 000,004,310 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\odbcconf.rsp
[2012-04-15 20:22:39 | 000,383,804 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\tahoma.ttf
[2012-04-15 20:22:39 | 000,355,680 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\tahomabd.ttf
[2012-04-15 20:22:38 | 000,204,396 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2012-04-15 20:22:38 | 000,007,208 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\secupd.sig
[2012-04-15 20:22:38 | 000,004,569 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\secupd.dat
[2012-04-15 20:22:37 | 000,461,672 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\micross.ttf
[2012-04-15 20:22:37 | 000,252,416 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\compatUI.dll
[2012-04-15 20:22:37 | 000,159,956 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2012-04-15 20:22:37 | 000,152,844 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\framdit.ttf
[2012-04-15 20:22:37 | 000,135,984 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\framd.ttf
[2012-04-15 20:22:37 | 000,024,124 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\marlett.ttf
[2012-04-15 20:22:37 | 000,009,424 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\drvmain.sdb
[2012-04-15 20:22:36 | 000,785,972 | RH-- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2012-04-15 20:21:46 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2012-04-15 20:20:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012-04-15 20:20:03 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2012-03-18 00:20:46 | 000,063,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\mv614x.sys
[2012-03-18 00:20:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2012-03-14 12:23:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cid_store.dat
[2012-03-14 12:23:21 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\pub_store.dat
[2012-03-14 11:28:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-03-14 10:24:59 | 000,000,373 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012-03-13 17:47:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-03-13 17:43:23 | 000,021,464 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012-03-13 17:40:31 | 000,004,117 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-03-13 17:39:07 | 000,108,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-03-02 00:13:18 | 000,338,280 | ---- | C] () -- C:\WINDOWS\System32\kindling.dll
[2011-01-28 13:47:16 | 000,000,486 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[color=#E56717]========== LOP Check ==========[/color]

[2012-03-14 12:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360safe
[2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360se
[2012-03-14 12:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360WD
[2012-03-14 12:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoralExplorer
[2012-04-15 20:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KuGou7
[2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Maxthon3
[2012-03-14 12:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PPLive
[2012-04-15 20:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SogouPY
[2012-04-15 20:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SogouPY.users
[2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tencent
[2012-03-14 12:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2012-03-14 12:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2012-03-14 12:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Storm
[2012-03-14 12:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2012-04-15 20:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360safe
[2012-04-15 20:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360se
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360WD
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ACD Systems
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\CoralExplorer
[2012-04-15 20:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\KuGou7
[2012-04-15 20:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Maxthon3
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\PPLive
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SogouExplorer
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Tencent
[2012-04-15 20:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360safe
[2012-04-15 20:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360se
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360WD
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\ACD Systems
[2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\CoralExplorer
[2012-04-15 20:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\KuGou7
[2012-04-15 20:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\Maxthon3
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\PPLive
[2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\Tencent
[2012-04-18 00:30:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012-04-18 00:30:33 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2012-04-16 01:18:27 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4A3639C3-B631-4F48-9FAB-C6DB7154EAE1}.job

[color=#E56717]========== Purity Check ==========[/color]


< End of report >

Share this post


Link to post
Share on other sites

Well it's 2:30am here, so time for bed.

I'll catch up with you tomorrow Maniac.

Thanks for your help today.

Share this post


Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.2626.com/?0319
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.2626.com/?0319
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.2626.com/?0319
    IE - HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2626.com/?0319
    [2012-03-14 12:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360safe
    [2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360se
    [2012-03-14 12:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\360WD
    [2012-04-15 20:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360safe
    [2012-04-15 20:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360se
    [2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\360WD
    [2012-04-15 20:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360safe
    [2012-04-15 20:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360se
    [2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\360WD
    [2012-04-15 20:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Maxthon3
    [2012-04-15 20:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoralExplorer
    [2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\CoralExplorer
    [2012-04-15 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\CoralExplorer
    [2012-04-15 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Maxthon3
    [2012-04-15 20:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Maxthon3
    [2012-04-15 20:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\Maxthon3
    [2012-04-15 20:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SogouExplorer


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

OK, I ran that fix and rebooted.

Here is the log:


========== OTL ==========
Unable to set value : HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E!
Unable to set value : HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E!
Unable to set value : HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E!
Unable to set value : HKU\S-1-5-21-1004336348-1960408961-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E!
C:\Documents and Settings\Administrator\Application Data\360safe folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\v3update folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\Update folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\Hang folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\Favorites folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\extensions\SafeCentral folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\extensions\Favorites\Log folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\extensions\Favorites folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\extensions\ExtYouxi\server folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\extensions\ExtYouxi\pngs folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\extensions\ExtYouxi folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\extensions\ExtSafeAddress folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\extensions\ExtDownload folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\extensions\ExtDoctor folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\extensions\ExtBank\icon folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\extensions\ExtBank folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\extensions\ExtAdfilter folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\extensions folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\data\snapcache folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\data\SkinUpdate folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\data\SkinMisc\IE6Default folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\data\SkinMisc folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\data\ico folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\data\DailyBackup folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\data\bak folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\data folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\Youxi folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\yinyue folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\xinwen folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\xiaoshuo folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\wanyouxi folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\TranslatorPlugin folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\SnapPlugin folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\shipin folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\maidongxi folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\ExtYouxi folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\ExtWebmail folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\ExtTuan folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\ExtShare folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\ExtFeedWeibo folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\download_temp folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\baoku folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\3001 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\3000 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\2091 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\2026 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\2022 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\2011 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\2001 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\2000 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\1018 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps\1000 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se\apps folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360se folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\360WD folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360safe folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\v3update folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\Update folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\Hang folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\Favorites folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\extensions\SafeCentral folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\extensions\Favorites\Log folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\extensions\Favorites folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\extensions\ExtYouxi\server folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\extensions\ExtYouxi\pngs folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\extensions\ExtYouxi folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\extensions\ExtSafeAddress folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\extensions\ExtDownload folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\extensions\ExtDoctor folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\extensions\ExtBank\icon folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\extensions\ExtBank folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\extensions\ExtAdfilter folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\extensions folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\data\snapcache folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\data\SkinUpdate folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\data\SkinMisc\IE6Default folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\data\SkinMisc folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\data\ico folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\data\DailyBackup folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\data\bak folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\data folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\Youxi folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\yinyue folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\xinwen folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\xiaoshuo folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\wanyouxi folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\TranslatorPlugin folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\SnapPlugin folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\shipin folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\maidongxi folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\ExtYouxi folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\ExtWebmail folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\ExtTuan folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\ExtShare folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\ExtFeedWeibo folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\download_temp folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\baoku folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\3001 folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\3000 folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\2091 folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\2026 folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\2022 folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\2011 folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\2001 folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\2000 folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\1018 folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps\1000 folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se\apps folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360se folder moved successfully.
C:\Documents and Settings\Default User\Application Data\360WD folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360safe folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\v3update folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\Update folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\Hang folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\Favorites folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\extensions\SafeCentral folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\extensions\Favorites\Log folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\extensions\Favorites folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\extensions\ExtYouxi\server folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\extensions\ExtYouxi\pngs folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\extensions\ExtYouxi folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\extensions\ExtSafeAddress folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\extensions\ExtDownload folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\extensions\ExtDoctor folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\extensions\ExtBank\icon folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\extensions\ExtBank folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\extensions\ExtAdfilter folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\extensions folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\data\snapcache folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\data\SkinUpdate folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\data\SkinMisc\IE6Default folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\data\SkinMisc folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\data\ico folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\data\DailyBackup folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\data\bak folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\data folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\Youxi folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\yinyue folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\xinwen folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\xiaoshuo folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\wanyouxi folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\TranslatorPlugin folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\SnapPlugin folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\shipin folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\maidongxi folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\ExtYouxi folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\ExtWebmail folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\ExtTuan folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\ExtShare folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\ExtFeedWeibo folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\download_temp folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\baoku folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\3001 folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\3000 folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\2091 folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\2026 folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\2022 folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\2011 folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\2001 folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\2000 folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\1018 folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps\1000 folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se\apps folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360se folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\360WD folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Maxthon3\Users\guest\QuickAccess folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Maxthon3\Users\guest\Favorite folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Maxthon3\Users\guest\Config folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Maxthon3\Users\guest folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Maxthon3\Users folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Maxthon3 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\CoralExplorer\Users\Default folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\CoralExplorer\Users folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\CoralExplorer folder moved successfully.
C:\Documents and Settings\Default User\Application Data\CoralExplorer\Users\Default folder moved successfully.
C:\Documents and Settings\Default User\Application Data\CoralExplorer\Users folder moved successfully.
C:\Documents and Settings\Default User\Application Data\CoralExplorer folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\CoralExplorer\Users\Default folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\CoralExplorer\Users folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\CoralExplorer folder moved successfully.
Folder C:\Documents and Settings\Administrator\Application Data\Maxthon3\ not found.
C:\Documents and Settings\Default User\Application Data\Maxthon3\Users\guest\QuickAccess folder moved successfully.
C:\Documents and Settings\Default User\Application Data\Maxthon3\Users\guest\Favorite folder moved successfully.
C:\Documents and Settings\Default User\Application Data\Maxthon3\Users\guest\Config folder moved successfully.
C:\Documents and Settings\Default User\Application Data\Maxthon3\Users\guest folder moved successfully.
C:\Documents and Settings\Default User\Application Data\Maxthon3\Users folder moved successfully.
C:\Documents and Settings\Default User\Application Data\Maxthon3 folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\Maxthon3\Users\guest\QuickAccess folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\Maxthon3\Users\guest\Favorite folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\Maxthon3\Users\guest\Config folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\Maxthon3\Users\guest folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\Maxthon3\Users folder moved successfully.
C:\Documents and Settings\UpdatusUser\Application Data\Maxthon3 folder moved successfully.
C:\Documents and Settings\Default User\Application Data\SogouExplorer folder moved successfully.

OTL by OldTimer - Version 3.2.39.2 log created on 04182012_112648

Share this post


Link to post
Share on other sites

Hi,

Yes and no. Unfortunately I'm going to have to do a clean re-install. The computer belongs to my wife's grand-father and he wants it back tomorrow. Fortunately I've got backups of his data.

So anyway thanks for your help, but this one can be marked as closed/solved now.

Share this post


Link to post
Share on other sites

By the way, what would you recommend for anti-virus/anti-spyware. My current preference is Microsoft Security Essentials and Spybot Search & Destroy.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.