Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old July 11th, 2010, 03:00 PM
TIMEZONEC's Avatar
TIMEZONEC TIMEZONEC is offline
Senior Member
 
Join Date: Jul 2006
Age: 41
Posts: 142
Internet Loading Really Slow

Hey,

About a month ago or so, when I go to any site it loads really slow and then it will load fast again, then slow. I don't know what the problem is, but for example I click on homepage, it takes maybe about 25-30 secs to load, same for other pages. But if I'm lucky it will load really fast! I notice almost the same thing for my dad's computer but the thing is I just reformatted also. You think it might be the network somehow too?

Here is a log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:16 AM, on 7/11/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files (x86)\PPStream\PPSAP.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.ex e
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\ppsap.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download By FlashGet3 - C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files (x86)\Tencent\QQ\Bin\AddEmotion.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://software.kuaiche.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8086 bytes
Reply With Quote
  #2  
Old July 14th, 2010, 01:57 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Hello TIMEZONEC,

This log indicates Windows 7, 64 bit. Since most of the scan tools we use are not set up for either of those (such as the incorrect "file missing" listings showing in this HijackThis log), so we have a limited selection to work with here.

So far the log only shows that some type of QQ/Tencent program had been installed there. I am aware that in Asian areas of the globe QQ/Tencent's adware software is often considered "normal" computer use, but we recognize their programs as adware/search hijacker software. Between it, and that PP live stream program that shows here those may well cause Internet slowness.

Let's get a more detailed look at things. For Windows 7, be sure to right click/Run as administrator any of the files we use.


Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top check "Scan All Users", then click "Quick Scan". Make no other changes at this time.

Once the scan completes the results will open in Notepad - copy/paste those back here please.
Reply With Quote
  #3  
Old July 15th, 2010, 04:57 PM
TIMEZONEC's Avatar
TIMEZONEC TIMEZONEC is offline
Senior Member
 
Join Date: Jul 2006
Age: 41
Posts: 142
For PPStream, should I uninstall it?
OTL logfile created on: 7/15/2010 8:51:39 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Warren Jai\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 76.73 Gb Free Space | 51.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.64 Gb Total Space | 245.65 Gb Free Space | 52.76% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WARRENJAI-PC
Current User Name: Warren Jai
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - File not found -- C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.ex e
PRC - File not found -- C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe
PRC - [2010/07/15 08:51:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Warren Jai\Downloads\OTL.exe
PRC - [2010/07/01 17:25:22 | 000,395,048 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2010/06/28 19:08:52 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/28 19:08:51 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/09 15:41:33 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/04/16 09:19:28 | 000,103,800 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe
PRC - [2009/12/30 16:24:34 | 000,703,488 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
PRC - [2009/12/23 14:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/11/20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/07/22 01:14:20 | 000,210,312 | ---- | M] (PPStream Inc) -- C:\Program Files (x86)\PPStream\PPSAP.exe


========== Modules (SafeList) ==========

MOD - [2010/07/15 08:51:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Warren Jai\Downloads\OTL.exe
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_4211 89da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/03 16:17:05 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 18:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 18:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/01 17:25:22 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/09 18:08:55 | 000,120,712 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2010/05/03 16:15:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/16 09:19:28 | 000,103,800 | ---- | M] (Dynamic Network Services, Inc.) [Auto | Running] -- C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2009/12/30 16:24:34 | 000,703,488 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2009/12/23 14:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/11/20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/08/11 12:40:58 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2006/10/27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/09 18:08:45 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/05/18 20:10:48 | 000,144,400 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/04/26 17:25:44 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 18:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 18:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 16:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 16:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/11 12:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/08/11 12:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2008/08/11 12:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.35dh.com/?s
IE - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 7D 8D 6C 83 00 CB 01 [binary data]
IE - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.10
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.7.8
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.586
Reply With Quote
  #4  
Old July 15th, 2010, 04:58 PM
TIMEZONEC's Avatar
TIMEZONEC TIMEZONEC is offline
Senior Member
 
Join Date: Jul 2006
Age: 41
Posts: 142
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/28 19:08:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/29 06:25:02 | 000,000,000 | ---D | M]

[2010/01/14 19:07:25 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Extensions
[2010/01/14 19:07:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/07/14 22:58:29 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions
[2010/07/03 21:43:51 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/07/14 22:58:25 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/12 16:04:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/07/13 06:31:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/09 22:03:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/02 21:28:31 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\foxmarks@kei.com
[2010/04/30 14:51:57 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\LogMeInClient@logmein.com
[2010/04/14 15:34:22 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\personas@christopher.beard
[2010/06/11 17:19:58 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\smarterwiki@wikiatic.com
[2010/01/28 17:22:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/12 13:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.ex e ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download All By FlashGet3 - C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Download By FlashGet3 - C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 添加到QQ表情 - C:\Program Files (x86)\Tencent\QQ\Bin\AddEmotion.htm ()
O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download By FlashGet3 - C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files (x86)\Tencent\QQ\Bin\AddEmotion.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/01 22:52:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/26 07:36:58 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
O33 - MountPoints2\{4264617e-fe4e-11de-8cd3-00012e0d971b}\Shell - "" = AutoRun
O33 - MountPoints2\{4264617e-fe4e-11de-8cd3-00012e0d971b}\Shell\AutoRun\command - "" = G:\IronKey.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\IronKey.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\IronKey.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Reply With Quote
  #5  
Old July 15th, 2010, 04:58 PM
TIMEZONEC's Avatar
TIMEZONEC TIMEZONEC is offline
Senior Member
 
Join Date: Jul 2006
Age: 41
Posts: 142
========== Files/Folders - Created Within 90 Days ==========

[2010/07/03 17:17:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/24 22:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/24 22:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/24 22:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/24 22:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/24 22:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/11 08:46:49 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\AppData\Roaming\VoipStunt
[2010/06/11 08:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VoipStunt.com
[2010/06/09 20:39:02 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\Documents\BFBC2
[2010/06/09 15:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/06/09 15:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/06/08 07:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LorexClient 4.0
[2010/06/05 16:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010/06/05 15:54:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010/06/04 15:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2010/06/03 22:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jghdtv
[2010/05/31 12:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DynDNS Updater
[2010/05/31 12:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\DynDNS
[2010/05/31 11:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla Server
[2010/05/21 15:24:38 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\.VirtualBox
[2010/05/21 15:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2010/05/18 20:10:48 | 000,144,400 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2010/05/18 20:10:46 | 000,318,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNotify.dll
[2010/05/15 20:54:04 | 000,000,000 | ---D | C] -- C:\ubuntu
[2010/05/15 19:04:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/05/05 18:26:30 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\AppData\Roaming\QQMusicUpdate
[2010/05/03 16:39:19 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\Documents\Adobe
[2010/05/03 16:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/05/03 16:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/03 16:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010/05/03 16:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/05/03 16:18:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010/05/03 16:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010/05/03 16:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/05/03 16:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/03 16:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010/05/01 07:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/30 18:08:45 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\AppData\Roaming\AVS4YOU
[2010/04/30 18:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/04/30 18:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2010/04/30 18:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2010/04/30 14:57:51 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\AppData\Local\LogMeIn
[2010/04/30 14:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2010/04/30 14:57:48 | 000,033,152 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2010/04/30 14:57:47 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2010/04/30 14:57:47 | 000,087,384 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll.000.bak
[2010/04/30 14:57:47 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2010/04/30 14:57:44 | 000,080,768 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2010/04/30 14:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2010/04/26 17:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies
[2010/04/25 07:32:48 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\AppData\Roaming\dvdcss
[2010/04/24 21:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/24 21:52:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/24 21:44:12 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\AppData\Local\Apple Computer
[2010/04/24 21:44:11 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\AppData\Roaming\Apple Computer
[2010/04/24 21:43:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/04/24 21:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/04/24 21:42:19 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\AppData\Local\Apple
[2010/04/24 21:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/04/24 21:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/04/24 21:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/04/17 19:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

========== Files - Modified Within 90 Days ==========

[2010/07/15 08:52:03 | 002,883,584 | -HS- | M] () -- C:\Users\Warren Jai\NTUSER.DAT
[2010/07/15 06:54:40 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/15 06:54:40 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/15 06:49:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/15 06:49:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/15 06:49:28 | 1559,142,400 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/13 21:57:01 | 002,003,992 | -H-- | M] () -- C:\Users\Warren Jai\AppData\Local\IconCache.db
[2010/07/11 06:58:09 | 000,002,097 | ---- | M] () -- C:\Users\Warren Jai\Desktop\HijackThis.lnk
[2010/07/10 09:20:46 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/10 09:20:46 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/10 09:20:46 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/04 14:04:09 | 000,326,574 | ---- | M] () -- C:\Users\Warren Jai\Desktop\4753042786_a6869bb97d_b.jpg
[2010/07/03 19:57:59 | 000,001,535 | ---- | M] () -- C:\Windows\psnetwork.ini
[2010/07/03 19:57:59 | 000,000,093 | ---- | M] () -- C:\Windows\PCDNSetting.ini
[2010/07/03 19:57:58 | 000,000,992 | ---- | M] () -- C:\Windows\powerplayer.ini
[2010/07/03 19:56:22 | 000,000,140 | ---- | M] () -- C:\Windows\powerlist.ini
[2010/07/03 19:55:11 | 000,000,060 | ---- | M] () -- C:\Windows\MediaList.ini
[2010/06/27 15:20:51 | 023,555,030 | ---- | M] () -- C:\Users\Warren Jai\pipilib
[2010/06/09 20:42:06 | 000,000,296 | ---- | M] () -- C:\Users\Warren Jai\Documents\ax_files.xml
[2010/06/09 18:08:45 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2010/06/09 18:08:44 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2010/06/09 18:08:44 | 000,033,152 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2010/05/18 20:10:48 | 000,144,400 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2010/05/18 20:10:46 | 000,318,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNotify.dll
[2010/05/08 17:10:06 | 000,001,106 | ---- | M] () -- C:\Users\Warren Jai\Application Data\Microsoft\Internet Explorer\Quick Launch\PPTV .lnk
[2010/05/05 18:26:15 | 000,001,167 | ---- | M] () -- C:\Users\Warren Jai\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2010/05/04 18:57:36 | 003,034,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/03 16:39:02 | 000,110,400 | ---- | M] () -- C:\Users\Warren Jai\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/30 14:57:43 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/04/26 17:25:44 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/04/26 06:45:12 | 000,000,185 | ---- | M] () -- C:\Users\Warren Jai\Application Data\Microsoft\Internet Explorer\Quick Launch\绝色高清电影.url
[2010/04/26 02:09:18 | 000,331,776 | ---- | M] () -- C:\Windows\SysWow64\pptv.scr

========== Files Created - No Company Name ==========

[2010/07/11 06:58:09 | 000,002,097 | ---- | C] () -- C:\Users\Warren Jai\Desktop\HijackThis.lnk
[2010/07/04 14:04:01 | 000,326,574 | ---- | C] () -- C:\Users\Warren Jai\Desktop\4753042786_a6869bb97d_b.jpg
[2010/06/27 15:20:51 | 023,555,030 | ---- | C] () -- C:\Users\Warren Jai\pipilib
[2010/06/04 15:59:21 | 000,000,296 | ---- | C] () -- C:\Users\Warren Jai\Documents\ax_files.xml
[2010/05/08 17:10:06 | 000,001,106 | ---- | C] () -- C:\Users\Warren Jai\Application Data\Microsoft\Internet Explorer\Quick Launch\PPTV .lnk
[2010/05/05 18:26:15 | 000,001,167 | ---- | C] () -- C:\Users\Warren Jai\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2010/05/01 17:04:39 | 000,000,093 | ---- | C] () -- C:\Windows\PCDNSetting.ini
[2010/04/30 14:57:42 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/04/26 06:45:12 | 000,000,185 | ---- | C] () -- C:\Users\Warren Jai\Application Data\Microsoft\Internet Explorer\Quick Launch\绝色高清电影.url
[2010/04/26 02:09:18 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\pptv.scr
[2010/02/13 19:15:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ppadapi.dll
[2010/02/13 19:15:30 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\PPWORDW.DLL
[2010/02/03 16:41:22 | 000,000,140 | ---- | C] () -- C:\Windows\powerlist.ini
[2010/02/03 16:41:22 | 000,000,060 | ---- | C] () -- C:\Windows\MediaList.ini
[2010/02/03 12:10:39 | 000,001,535 | ---- | C] () -- C:\Windows\psnetwork.ini
[2010/02/03 12:10:38 | 000,000,992 | ---- | C] () -- C:\Windows\powerplayer.ini
[2010/01/14 16:43:39 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/01/10 19:00:02 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2010/01/10 18:59:07 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/01/10 18:38:15 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/01/10 11:47:41 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\acccore
[2010/07/11 14:36:42 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\BITS
[2010/01/22 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Canon
[2010/01/14 16:43:27 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\FlashGet
[2010/01/14 16:43:26 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO
[2010/02/08 17:14:29 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\NJStar
[2010/02/03 12:10:13 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\PPLive
[2010/07/04 06:59:45 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\PPStream
[2010/05/05 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\QQMusicUpdate
[2010/01/10 18:58:58 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\ScanSoft
[2010/05/05 18:26:15 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Tencent
[2010/01/14 19:07:24 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Thunderbird
[2010/07/10 14:46:22 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\uTorrent
[2010/06/11 08:46:49 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\VoipStunt
[2010/05/05 13:58:32 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/01/10 20:32:30 | 000,000,000 | ---D | M](C:\Program Files (x86)\ìú??ó??·) -- C:\Program Files (x86)\ÌÚѶÓÎÏ·
(C:\Program Files (x86)\ìú??ó??·) -- C:\Program Files (x86)\ÌÚѶÓÎÏ·

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8CE646EE
< End of report >
Reply With Quote
  #6  
Old July 16th, 2010, 01:48 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Not seeing any malware in those views, other than some settings from QQ. This is a bit tough to interpret though:

C:\Program Files (x86)\ÌÚѶÓÎÏ

When there is no font packages installed for some characters that are used, the system does it's best, which usually shows as odd characters like the one above. Do you know what program on your system it refers to?


I am aware streaming programs are popular as an alternative to limited television programs in many areas of the world. So unless it is a certainty PP Live is causing you problems no need to remove it.


Let's take a look at the installed programs.

Open HijackThis again, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
Reply With Quote
  #7  
Old July 16th, 2010, 04:51 AM
TIMEZONEC's Avatar
TIMEZONEC TIMEZONEC is offline
Senior Member
 
Join Date: Jul 2006
Age: 41
Posts: 142
??1aí???μ?êó(JGHDTV) 2010 v3.0′???°?
?a?μ×?Dí
|ìTorrent
¥t2y¤p?X??
Acrobat.com
Acrobat.com
Active@ ISO Burner
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Player
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Reader 9.3.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 7
AoA Audio Extractor
Apple Application Support
Apple Software Update
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Canon MP Navigator EX 1.0
Canon MX310 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Connect
Counter-Strike
Counter-Strike: Source
Download Updater (AOL LLC)
DynDNS Updater
FileZilla Server (remove only)
FlashGet 3.3
HiJackThis
HijackThis 2.0.2
ìú??QQ2009
kuler
LogMeIn
LorexClient 4.0
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
NJStar Chinese WP
NVIDIA Stereoscopic 3D Driver
PDF Settings CS4
PFConfig 1.0.223
Photo Stamp Remover 1.2 Retail by minimaL
Photoshop Camera Raw
Pixel Bender Toolkit
PPSó°ò? V2.6.86.8999 ?yê?°?
PPTV V2.4.3.0019
Presto! PageManager 7.15.16
QQó??·
QQò?à?2009
QuickTime
RealPlayer
ScanSoft OmniPage SE 4
SHOUTcast Source DSP 1.9.1 (remove only)
Skype web features
Skype? 4.1
Steam
Suite Shared Configuration CS4
Ubuntu
VLC media player 1.0.3
VoipStunt
Watermark Studio 2.0
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Reply With Quote
  #8  
Old July 17th, 2010, 01:09 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
It would be a wise security decision if you uninstalled any torrent software, but for infection-related programs these QQ installs are very likely doing some type of adware/spyware/search hijacker activity. And may be part of the problems you are having there:


ìú??QQ2009
QQó??·
QQò?à?2009


Not sure what these are, so maybe you can help with translating what they say:

??1aí???μ?êó(JGHDTV) 2010 v3.0′???°?
?a?μ×?Dí
¥t2y¤p?X??


Do the uninstalls of the QQ programs, then temp disable any security programs, and download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-1.46.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Laptop loading slow internet running slow ira82 Windows XP 11 April 3rd, 2010 04:09 AM
Slow loading on internet niotic Internet / Browsers 12 April 21st, 2009 02:51 AM
Slow loading on internet niotic Windows XP 5 April 13th, 2009 07:48 PM
Internet pages loading slow arejayare Malware Removal 2 March 15th, 2006 03:22 PM
slow internet loading KGrace Malware Removal 8 August 21st, 2004 08:28 PM


All times are GMT +1. The time now is 07:05 AM.