Old July 11th, 2010, 03:00 PM
Internet Loading Really Slow


About a month ago or so, when I go to any site it loads really slow and then it will load fast again, then slow. I don't know what the problem is, but for example I click on homepage, it takes maybe about 25-30 secs to load, same for other pages. But if I'm lucky it will load really fast! I notice almost the same thing for my dad's computer but the thing is I just reformatted also. You think it might be the network somehow too?

Here is a log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:16 AM, on 7/11/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PPStream\PPSAP.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.ex e
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\ppsap.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download By FlashGet3 - C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files (x86)\Tencent\QQ\Bin\AddEmotion.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://software.kuaiche.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

End of file - 8086 bytes
Old July 14th, 2010, 01:57 AM
Cyber Tech Help Moderator
This log indicates Windows 7, 64 bit. Since most of the scan tools we use are not set up for either of those (such as the incorrect "file missing" listings showing in this HijackThis log), so we have a limited selection to work with here.

So far the log only shows that some type of QQ/Tencent program had been installed there. I am aware that in Asian areas of the globe QQ/Tencent's adware software is often considered "normal" computer use, but we recognize their programs as adware/search hijacker software. Between it, and that PP live stream program that shows here those may well cause Internet slowness.

Let's get a more detailed look at things. For Windows 7, be sure to right click/Run as administrator any of the files we use.

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top check "Scan All Users", then click "Quick Scan". Make no other changes at this time.

Once the scan completes the results will open in Notepad - copy/paste those back here please.
Old July 15th, 2010, 04:57 PM
For PPStream, should I uninstall it?
OTL logfile created on: 7/15/2010 8:51:39 AM - Run 1
OTL by OldTimer - Version Folder = C:\Users\Warren Jai\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 76.73 Gb Free Space | 51.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.64 Gb Total Space | 245.65 Gb Free Space | 52.76% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WARRENJAI-PC
Current User Name: Warren Jai
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - File not found -- C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.ex e
PRC - File not found -- C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe
PRC - [2010/07/15 08:51:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Warren Jai\Downloads\OTL.exe
PRC - [2010/07/01 17:25:22 | 000,395,048 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2010/06/28 19:08:52 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/28 19:08:51 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/09 15:41:33 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/04/16 09:19:28 | 000,103,800 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe
PRC - [2009/12/30 16:24:34 | 000,703,488 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
PRC - [2009/12/23 14:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/11/20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/07/22 01:14:20 | 000,210,312 | ---- | M] (PPStream Inc) -- C:\Program Files (x86)\PPStream\PPSAP.exe

========== Modules (SafeList) ==========

MOD - [2010/07/15 08:51:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Warren Jai\Downloads\OTL.exe
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_4211 89da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/03 16:17:05 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 18:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 18:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/01 17:25:22 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/09 18:08:55 | 000,120,712 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2010/05/03 16:15:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/16 09:19:28 | 000,103,800 | ---- | M] (Dynamic Network Services, Inc.) [Auto | Running] -- C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2009/12/30 16:24:34 | 000,703,488 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2009/12/23 14:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/11/20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/08/11 12:40:58 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2006/10/27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/09 18:08:45 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/05/18 20:10:48 | 000,144,400 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/04/26 17:25:44 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 18:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 18:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 16:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 16:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/11 12:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/08/11 12:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2008/08/11 12:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.35dh.com/?s
IE - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 7D 8D 6C 83 00 CB 01 [binary data]
IE - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.10
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.7.8
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:
Old July 15th, 2010, 04:58 PM
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/28 19:08:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/29 06:25:02 | 000,000,000 | ---D | M]

[2010/01/14 19:07:25 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Extensions
[2010/01/14 19:07:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/07/14 22:58:29 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions
[2010/07/03 21:43:51 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/07/14 22:58:25 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/12 16:04:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/07/13 06:31:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/09 22:03:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/02 21:28:31 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\foxmarks@kei.com
[2010/04/30 14:51:57 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\LogMeInClient@logmein.com
[2010/04/14 15:34:22 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\personas@christopher.beard
[2010/06/11 17:19:58 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Mozilla\Firefox\Profiles\d1y00 a3p.default\extensions\smarterwiki@wikiatic.com
[2010/01/28 17:22:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/12 13:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.ex e ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download All By FlashGet3 - C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Download By FlashGet3 - C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 添加到QQ表情 - C:\Program Files (x86)\Tencent\QQ\Bin\AddEmotion.htm ()
O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download By FlashGet3 - C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files (x86)\Tencent\QQ\Bin\AddEmotion.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1075706933-1105776201-3294468584-1001\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/01 22:52:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/26 07:36:58 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
O33 - MountPoints2\{4264617e-fe4e-11de-8cd3-00012e0d971b}\Shell - "" = AutoRun
O33 - MountPoints2\{4264617e-fe4e-11de-8cd3-00012e0d971b}\Shell\AutoRun\command - "" = G:\IronKey.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\IronKey.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\IronKey.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Old July 15th, 2010, 04:58 PM
========== Files/Folders - Created Within 90 Days ==========

[2010/07/03 17:17:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/24 22:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/24 22:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/24 22:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/24 22:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/24 22:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/11 08:46:49 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\AppData\Roaming\VoipStunt
[2010/06/11 08:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VoipStunt.com
[2010/06/09 20:39:02 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\Documents\BFBC2
[2010/06/09 15:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/06/09 15:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/06/08 07:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LorexClient 4.0
[2010/06/05 16:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010/06/05 15:54:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010/06/04 15:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2010/06/03 22:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jghdtv
[2010/05/31 12:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DynDNS Updater
[2010/05/31 12:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\DynDNS
[2010/05/31 11:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla Server
[2010/05/21 15:24:38 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\.VirtualBox
[2010/05/21 15:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2010/05/18 20:10:48 | 000,144,400 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2010/05/18 20:10:46 | 000,318,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNotify.dll
[2010/05/15 20:54:04 | 000,000,000 | ---D | C] -- C:\ubuntu
[2010/05/15 19:04:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/05/05 18:26:30 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\AppData\Roaming\QQMusicUpdate
[2010/05/03 16:39:19 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\Documents\Adobe
[2010/05/03 16:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/05/03 16:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/03 16:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010/05/03 16:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/05/03 16:18:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010/05/03 16:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010/05/03 16:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/05/03 16:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/03 16:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010/05/01 07:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/30 18:08:45 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\AppData\Roaming\AVS4YOU
[2010/04/30 18:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/04/30 18:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2010/04/30 18:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2010/04/30 14:57:51 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\AppData\Local\LogMeIn
[2010/04/30 14:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2010/04/30 14:57:48 | 000,033,152 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2010/04/30 14:57:47 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2010/04/30 14:57:47 | 000,087,384 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll.000.bak
[2010/04/30 14:57:47 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2010/04/30 14:57:44 | 000,080,768 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2010/04/30 14:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2010/04/26 17:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies
[2010/04/25 07:32:48 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\AppData\Roaming\dvdcss
[2010/04/24 21:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/24 21:52:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/24 21:44:12 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\AppData\Local\Apple Computer
[2010/04/24 21:44:11 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\AppData\Roaming\Apple Computer
[2010/04/24 21:43:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/04/24 21:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/04/24 21:42:19 | 000,000,000 | ---D | C] -- C:\Users\Warren Jai\AppData\Local\Apple
[2010/04/24 21:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/04/24 21:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/04/24 21:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/04/17 19:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

========== Files - Modified Within 90 Days ==========

[2010/07/15 08:52:03 | 002,883,584 | -HS- | M] () -- C:\Users\Warren Jai\NTUSER.DAT
[2010/07/15 06:54:40 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/15 06:54:40 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/15 06:49:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/15 06:49:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/15 06:49:28 | 1559,142,400 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/13 21:57:01 | 002,003,992 | -H-- | M] () -- C:\Users\Warren Jai\AppData\Local\IconCache.db
[2010/07/11 06:58:09 | 000,002,097 | ---- | M] () -- C:\Users\Warren Jai\Desktop\HijackThis.lnk
[2010/07/10 09:20:46 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/10 09:20:46 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/10 09:20:46 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/04 14:04:09 | 000,326,574 | ---- | M] () -- C:\Users\Warren Jai\Desktop\4753042786_a6869bb97d_b.jpg
[2010/07/03 19:57:59 | 000,001,535 | ---- | M] () -- C:\Windows\psnetwork.ini
[2010/07/03 19:57:59 | 000,000,093 | ---- | M] () -- C:\Windows\PCDNSetting.ini
[2010/07/03 19:57:58 | 000,000,992 | ---- | M] () -- C:\Windows\powerplayer.ini
[2010/07/03 19:56:22 | 000,000,140 | ---- | M] () -- C:\Windows\powerlist.ini
[2010/07/03 19:55:11 | 000,000,060 | ---- | M] () -- C:\Windows\MediaList.ini
[2010/06/27 15:20:51 | 023,555,030 | ---- | M] () -- C:\Users\Warren Jai\pipilib
[2010/06/09 20:42:06 | 000,000,296 | ---- | M] () -- C:\Users\Warren Jai\Documents\ax_files.xml
[2010/06/09 18:08:45 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2010/06/09 18:08:44 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2010/06/09 18:08:44 | 000,033,152 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2010/05/18 20:10:48 | 000,144,400 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2010/05/18 20:10:46 | 000,318,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNotify.dll
[2010/05/08 17:10:06 | 000,001,106 | ---- | M] () -- C:\Users\Warren Jai\Application Data\Microsoft\Internet Explorer\Quick Launch\PPTV .lnk
[2010/05/05 18:26:15 | 000,001,167 | ---- | M] () -- C:\Users\Warren Jai\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2010/05/04 18:57:36 | 003,034,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/03 16:39:02 | 000,110,400 | ---- | M] () -- C:\Users\Warren Jai\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/30 14:57:43 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/04/26 17:25:44 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/04/26 06:45:12 | 000,000,185 | ---- | M] () -- C:\Users\Warren Jai\Application Data\Microsoft\Internet Explorer\Quick Launch\绝色高清电影.url
[2010/04/26 02:09:18 | 000,331,776 | ---- | M] () -- C:\Windows\SysWow64\pptv.scr

========== Files Created - No Company Name ==========

[2010/07/11 06:58:09 | 000,002,097 | ---- | C] () -- C:\Users\Warren Jai\Desktop\HijackThis.lnk
[2010/07/04 14:04:01 | 000,326,574 | ---- | C] () -- C:\Users\Warren Jai\Desktop\4753042786_a6869bb97d_b.jpg
[2010/06/27 15:20:51 | 023,555,030 | ---- | C] () -- C:\Users\Warren Jai\pipilib
[2010/06/04 15:59:21 | 000,000,296 | ---- | C] () -- C:\Users\Warren Jai\Documents\ax_files.xml
[2010/05/08 17:10:06 | 000,001,106 | ---- | C] () -- C:\Users\Warren Jai\Application Data\Microsoft\Internet Explorer\Quick Launch\PPTV .lnk
[2010/05/05 18:26:15 | 000,001,167 | ---- | C] () -- C:\Users\Warren Jai\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2010/05/01 17:04:39 | 000,000,093 | ---- | C] () -- C:\Windows\PCDNSetting.ini
[2010/04/30 14:57:42 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/04/26 06:45:12 | 000,000,185 | ---- | C] () -- C:\Users\Warren Jai\Application Data\Microsoft\Internet Explorer\Quick Launch\绝色高清电影.url
[2010/04/26 02:09:18 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\pptv.scr
[2010/02/13 19:15:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ppadapi.dll
[2010/02/13 19:15:30 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\PPWORDW.DLL
[2010/02/03 16:41:22 | 000,000,140 | ---- | C] () -- C:\Windows\powerlist.ini
[2010/02/03 16:41:22 | 000,000,060 | ---- | C] () -- C:\Windows\MediaList.ini
[2010/02/03 12:10:39 | 000,001,535 | ---- | C] () -- C:\Windows\psnetwork.ini
[2010/02/03 12:10:38 | 000,000,992 | ---- | C] () -- C:\Windows\powerplayer.ini
[2010/01/14 16:43:39 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/01/10 19:00:02 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2010/01/10 18:59:07 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/01/10 18:38:15 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/01/10 11:47:41 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\acccore
[2010/07/11 14:36:42 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\BITS
[2010/01/22 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Canon
[2010/01/14 16:43:27 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\FlashGet
[2010/01/14 16:43:26 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\FlashGetBHO
[2010/02/08 17:14:29 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\NJStar
[2010/02/03 12:10:13 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\PPLive
[2010/07/04 06:59:45 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\PPStream
[2010/05/05 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\QQMusicUpdate
[2010/01/10 18:58:58 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\ScanSoft
[2010/05/05 18:26:15 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Tencent
[2010/01/14 19:07:24 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\Thunderbird
[2010/07/10 14:46:22 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\uTorrent
[2010/06/11 08:46:49 | 000,000,000 | ---D | M] -- C:\Users\Warren Jai\AppData\Roaming\VoipStunt
[2010/05/05 13:58:32 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2010/01/10 20:32:30 | 000,000,000 | ---D | M](C:\Program Files (x86)\ìú??ó??·) -- C:\Program Files (x86)\ÌÚѶÓÎÏ·
(C:\Program Files (x86)\ìú??ó??·) -- C:\Program Files (x86)\ÌÚѶÓÎÏ·

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8CE646EE
< End of report >
Old July 16th, 2010, 01:48 AM
Not seeing any malware in those views, other than some settings from QQ. This is a bit tough to interpret though:

C:\Program Files (x86)\ÌÚѶÓÎÏ

When there is no font packages installed for some characters that are used, the system does it's best, which usually shows as odd characters like the one above. Do you know what program on your system it refers to?

I am aware streaming programs are popular as an alternative to limited television programs in many areas of the world. So unless it is a certainty PP Live is causing you problems no need to remove it.

Let's take a look at the installed programs.

Open HijackThis again, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
Old July 16th, 2010, 04:51 AM
??1aí???μ?êó(JGHDTV) 2010 v3.0′???°?
Active@ ISO Burner
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Player
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Reader 9.3.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AoA Audio Extractor
Apple Application Support
Apple Software Update
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Canon MP Navigator EX 1.0
Canon MX310 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Counter-Strike: Source
Download Updater (AOL LLC)
DynDNS Updater
FileZilla Server (remove only)
FlashGet 3.3
HijackThis 2.0.2
LorexClient 4.0
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.6)
MSXML 4.0 SP2 (KB954430)
NJStar Chinese WP
NVIDIA Stereoscopic 3D Driver
PDF Settings CS4
PFConfig 1.0.223
Photo Stamp Remover 1.2 Retail by minimaL
Photoshop Camera Raw
Pixel Bender Toolkit
PPSó°ò? V2.6.86.8999 ?yê?°?
PPTV V2.4.3.0019
Presto! PageManager 7.15.16
ScanSoft OmniPage SE 4
SHOUTcast Source DSP 1.9.1 (remove only)
Skype web features
Skype? 4.1
Suite Shared Configuration CS4
VLC media player 1.0.3
Watermark Studio 2.0
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Old July 17th, 2010, 01:09 AM
It would be a wise security decision if you uninstalled any torrent software, but for infection-related programs these QQ installs are very likely doing some type of adware/spyware/search hijacker activity. And may be part of the problems you are having there:


Not sure what these are, so maybe you can help with translating what they say:

??1aí???μ?êó(JGHDTV) 2010 v3.0′???°?

Do the uninstalls of the QQ programs, then temp disable any security programs, and download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-1.46.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.
