Author Topic: Cannot Modify Entries in Start Menu->All Programs (Read 30839 times)

Michael · « **on:** September 03, 2012, 10:33:39 AM »

I'm running Win XP SP3.

Whenever I try to move or delete the entries, I get a prompt that Access is denied, make sure disk is not full or write protected blah blah blah.....

It happens on all the entries, and it happens even if I quit the program from running in the background, and disable antivirus (AVG).

My machine is running XP and W7. I can only boot into Safe Mode on W7, not able for XP.

Here are the logs required:

# AdwCleaner v2.000 - Logfile created 09/03/2012 at 21:50:50
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Tadashi - MICHAEL
# Boot Mode : Normal
# Running from : F:\Downloads\Application\Malware\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Tadashi\Application Data\Mozilla\Firefox\Profiles\mdexcx0l.default\searchplugins\Askcom.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Found : C:\Documents and Settings\All Users\Application Data\wxDfast
Folder Found : C:\Documents and Settings\Tadashi\Application Data\Babylon
Folder Found : C:\Documents and Settings\Tadashi\Application Data\Media Finder
Folder Found : C:\Documents and Settings\Tadashi\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
Folder Found : C:\Documents and Settings\Tadashi\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Folder Found : C:\Program Files\FunWebProducts

***** [Registry] *****

Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\Zugo
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKU\S-1-5-21-839522115-115176313-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-839522115-115176313-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112555&tt=060612_6_&babsrc=NT_ss&mntrId=5c6ec2e20000000000000015f2d09612

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Tadashi\Application Data\Mozilla\Firefox\Profiles\mdexcx0l.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("extensions.501b47f9e6ebc.scode", "(function(){try{if('mystart.incredibar.com,premiumrepor[...]
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=060612_6_");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "5c6ec2e20000000000000015f2d09612");
Found : user_pref("extensions.BabylonToolbar_i.id", "5c6ec2e20000000000000015f2d09612");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15501");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=06061[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:51:41");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112555&tt=060612_6_&babsrc=KW_ss&mntrId=5[...]

-\\ Google Chrome v10.0.648.205

File : C:\Documents and Settings\Tadashi\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6819 octets] - [03/09/2012 21:50:50]

########## EOF - C:\AdwCleaner[R1].txt - [6879 octets] ##########

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.01.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tadashi :: MICHAEL [administrator]

9/3/2012 9:52:49 PM
mbam-log-2012-09-03 (21-52-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234433
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 12
C:\Documents and Settings\All Users\Application Data\wxDfast (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\wxDfast\downloads (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\3.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\3.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\4.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\4.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 6
C:\Documents and Settings\All Users\Application Data\wxDfast\background.html (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\wxDfast\content.js (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\wxDfast\fhmaaahccancghecknfegbkcigmghple.crx (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\wxDfast\profile.ini (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\wxDfast\runtime.dll (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\wxDfast\settings.ini (PUP.wxDfast) -> Quarantined and deleted successfully.

(end)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Tadashi at 0:16:43 on 2012-09-04
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.3071.1628 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Yes\Connect\GCTWiMaxServiceD.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AcroDist.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MoRUN.net\StickerLite\sticker.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Documents and Settings\Tadashi\Local Settings\Application Data\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Documents and Settings\Tadashi\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Tadashi\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Tadashi\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Tadashi\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Tadashi\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Tadashi\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Tadashi\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Tadashi\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Tadashi\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Tadashi\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Program Files\Tencent\QQ\Bin\QQExternal.exe
C:\WINDOWS\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bb2000.net/
uInternet Connection Wizard,ShellNext = hxxp://www.samsung.com/Products/Monitors/magictune/magictune_05s.htm
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [QQ2009] "c:\program files\tencent\qq\bin\QQ.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MoRUN.net Sticker Lite] c:\program files\morun.net\stickerlite\sticker.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Adobe Acrobat Synchronizer] "c:\program files\adobe\acrobat 10.0\acrobat\AdobeCollabSync.exe"
uRun: [RockMelt Update] "c:\documents and settings\tadashi\local settings\application data\rockmelt\update\RockMeltUpdate.exe" /c
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Launch Ai Booster] "c:\program files\asus\ai booster\OverClk.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QQPCHint] c:\program files\tencent\qqpcmgr\6.2.2021.201\QQPCHint.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\tadashi\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
uPolicies-explorer: NoLogoff = 01000000
uPolicies-explorer: NoSMMyDocs = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} - hxxps://b2c.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{412AFA72-2DCA-4CDA-AF30-0AC4F0996AC5} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tadashi\application data\mozilla\firefox\profiles\mdexcx0l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=060612_6_&babsrc=KW_ss&mntrId=5c6ec2e20000000000000015f2d09612&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\tadashi\local settings\application data\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\tencent\txsso\1.2.1.38\bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npaliedit.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\tencent\qqlive\liveocx\npQQLive.dll
FF - plugin: c:\program files\tencent\qqmusic\npQzoneMusic.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=060612_6_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 5c6ec2e20000000000000015f2d09612
FF - user.js: extensions.BabylonToolbar_i.hardId - 5c6ec2e20000000000000015f2d09612
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15501
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:51:41
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 301248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-18 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-18 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67664]
R1 TCSafeBox;TCSafeBox;c:\program files\tencent\qqpcmgr\6.2.2021.201\TCSafeBox.sys [2011-10-26 29048]
R1 TSCPM;TSCPM;c:\program files\tencent\qqpcmgr\6.2.2021.201\tscpm.sys [2011-10-26 16504]
R1 TSKSP;TSKSP;c:\program files\tencent\qqpcmgr\6.2.2021.201\TSKsp.sys [2011-10-26 153784]
R1 TSSysKit;TSSysKit;c:\program files\tencent\qqpcmgr\6.2.2021.201\TSSysKit.sys [2011-11-10 81016]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-30 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 GCTWiMaxServiceD;Connect Service Daemon;c:\program files\yes\connect\GCTWiMaxServiceD.exe [2011-3-10 528477]
R2 GdmWmPrt;Yes Go Protocol Driver;c:\windows\system32\drivers\gdmwmprt.sys [2011-3-10 24576]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2011-11-27 5152]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-7-16 2673064]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [2011-3-10 223232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
S3 GDMINIT;GCT Initial Device Driver;c:\windows\system32\drivers\gdminit.sys [2011-3-10 26112]
S3 GdmUWm;Yes Go;c:\windows\system32\drivers\gdmuwm.sys [2011-3-10 92160]
S3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [2011-3-10 13440]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-11 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-11 136176]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2011-3-10 18634]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-29 114144]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-2-4 27064]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TcHardWare;TcHardWare;c:\program files\tencent\qqpcmgr\6.2.2021.201\QQPCHW.sys [2011-10-26 34168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
chm.file="hh.exe" %1
txtfile=c:\windows\notepad.exe %1
.
=============== Created Last 30 ================
.
2012-08-29 00:16:41   --------   d-----w-   c:\program files\Mozilla Maintenance Service
2012-08-29 00:16:35   770384   ----a-w-   c:\program files\mozilla firefox\msvcr100.dll
2012-08-29 00:16:35   73696   ----a-w-   c:\program files\mozilla firefox\breakpadinjector.dll
2012-08-29 00:16:35   421200   ----a-w-   c:\program files\mozilla firefox\msvcp100.dll
2012-08-29 00:16:35   192592   ----a-w-   c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-08-29 00:16:35   114144   ----a-w-   c:\program files\mozilla firefox\maintenanceservice.exe
2012-08-19 16:43:50   --------   d-----w-   c:\program files\ExpressFiles
2012-08-19 16:43:50   --------   d-----w-   c:\documents and settings\tadashi\application data\ExpressFiles
2012-08-13 05:35:32   5115584   ----a-w-   c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2012-08-05 11:32:48   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-05 11:32:48   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-07-06 13:58:51   78336   ----a-w-   c:\windows\system32\browser.dll
2012-07-04 14:05:18   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15   1866112   ----a-w-   c:\windows\system32\win32k.sys
2012-07-03 05:46:44   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-07-02 17:49:33   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-07-02 17:49:32   43520   ------w-   c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43   385024   ------w-   c:\windows\system32\html.iec
2012-06-30 04:23:57   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2012-06-30 04:23:57   348160   ----a-w-   c:\windows\system32\msvcr71.dll
.
============= FINISH: 0:23:18.84 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/10/2011 4:14:35 AM
System Uptime: 9/4/2012 12:13:02 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5LD2
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 3010/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 40 GiB total, 3.986 GiB free.
D: is FIXED (NTFS) - 60 GiB total, 39.901 GiB free.
E: is FIXED (NTFS) - 500 GiB total, 30.399 GiB free.
F: is FIXED (NTFS) - 332 GiB total, 25.05 GiB free.
G: is FIXED (NTFS) - 116 GiB total, 10.142 GiB free.
H: is FIXED (NTFS) - 116 GiB total, 4.978 GiB free.
I: is CDROM ()
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP521: 8/27/2012 10:31:21 PM - System Checkpoint
RP522: 8/29/2012 3:39:37 PM - System Checkpoint
RP523: 8/30/2012 7:00:34 PM - System Checkpoint
RP524: 9/1/2012 8:53:03 AM - System Checkpoint
RP525: 9/2/2012 5:55:17 PM - System Checkpoint
RP526: 9/3/2012 7:43:46 PM - System Checkpoint
.
==== Installed Programs ======================
.
4G Network Manager
Adobe Acrobat X Pro - English, Fran鏰is, Deutsch
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader X (10.1.2)
Advertising Center
Ai Booster
Alipay security control 2.4.0.4
Alipay security plugin 1.3.0.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase 3
AstroPlanner V2
AsusUpdate
AVG 2012
AVS Document Converter 2.0.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Boilsoft Video Splitter 6.34
Bonjour
Bulk Rename Utility 2.7.1.1
CamStudio
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon iP2700 series Printer Driver
Canon MP Navigator 3.1
Canon MP140 series
Canon Utilities Easy-LayoutPrint
Canon Utilities Easy-PhotoPrint
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Compatibility Pack for the 2007 Office system
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW Graphics Suite X5 Activation
CorelDRAW Graphics Suite X6
CorelDRAW Graphics Suite X6 - Capture
CorelDRAW Graphics Suite X6 - Common
CorelDRAW Graphics Suite X6 - Connect
CorelDRAW Graphics Suite X6 - Custom Data
CorelDRAW Graphics Suite X6 - Draw
CorelDRAW Graphics Suite X6 - EN
CorelDRAW Graphics Suite X6 - Filters
CorelDRAW Graphics Suite X6 - FontNav
CorelDRAW Graphics Suite X6 - IPM
CorelDRAW Graphics Suite X6 - PHOTO-PAINT
CorelDRAW Graphics Suite X6 - Photozoom Plugin
CorelDRAW Graphics Suite X6 - Redist
CorelDRAW Graphics Suite X6 - Setup Files
CorelDRAW Graphics Suite X6 - VBA
CorelDRAW Graphics Suite X6 - VideoBrowser
CorelDRAW Graphics Suite X6 - VSTA
CorelDRAW Graphics Suite X6 - Writing Tools
CorelDRAW(R) Graphics Suite X5
DAEMON Tools Lite
DolbyFiles
DSLRControl 1.0.1
DVD Cutter Plus 1.0
EVEREST Home Edition v2.20
Evernote v. 4.5.8
Folder Size for Windows
Function Plotter for CorelDRAW X5
Ghostscript GPL 8.64 (Msi Setup)
GIGABYTE VGA Utility Manager
Google Chrome
Google Earth
Google Update Helper
GoToMeeting 5.1.0.880
HandBrake 0.9.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB943232-v2)
Hotfix for Windows XP (KB951830)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB971314)
ImagXpress
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 5
JavaFX 2.1.1
K-Lite Codec Pack 7.6.0 (Basic)
LG CyberLink LabelPrint
LG ODD Auto Firmware Update
LG Power Tools
MagicTune Premium
Malwarebytes Anti-Malware version 1.62.0.1300
Marvell Miniport Driver
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Choice Guard
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual Basic for Applications 7.1 (x86)
Microsoft Visual Basic for Applications 7.1 (x86) English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
MoRUN.net Sticker Lite
Movie Templates - Starter Kit
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MultiScreen
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
NeroExpress
neroxml
NVIDIA Control Panel 266.58
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
Orbitron - Satellite Tracking System
PC Probe II
PDF Image Extraction Wizard 6.0
PDF Settings CS5
Perfect Uninstaller v6.3.3.9
Philips ToUcam Pro Camera
Photo to Cartoon
Plug-in Suite 4
Pocket Stars
Portrait Professional 10.7 Trial
PowerDVD
PPStream
PxMergeModule
QQLive
QQ拼音输入法4.5
QQ游戏
QQ电脑管家6.2
QQ音乐2010
QR Codes for CorelDRAW X6
QuickTime
ReaConverter 6.5 Standard
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RegiStax 6
RegiStax 6.1.0.8 update
Revo Uninstaller Pro 2.5.8
RockMelt
Safari
Samsung_MonSetup
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2525694)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982316)
Security Update for Windows XP (KB982665)
Segoe UI
Skype Click to Call
Skype? 5.10
SopCast 3.2.9
SpeedFan (remove only)
SUPERAntiSpyware
SWF & FLV Player 3.0 (build 3.0.33.5106)
SyTools Open Office Writer Recovery
TeamViewer 7
The Photographer's Ephemeris
Tweak UI
Uninstall Tool
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955704)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Virtual Moon Atlas V5.1
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
VLC media player 2.0.2
VOB Cutter 1.0
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR 4.00 (32-bit)
Yahoo! Detect
YouTube Downloader 3.5
腾讯QQ2011
腾讯视频控件
.
==== Event Viewer Messages From Past Week ========
.
9/3/2012 2:41:25 PM, error: Print [6161] - The document Full page fax print owned by Tadashi failed to print on printer Canon iP2700 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 26148864. Number of bytes printed: 26100104. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\MICHAEL. Win32 error code returned by the print processor: 122 (0x7a).
9/2/2012 4:09:44 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 6C:C2:6B:68:6F:B9. Network operations on this system may be disrupted as a result.
9/1/2012 12:26:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/1/2012 12:25:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/1/2012 12:24:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip TCSafeBox
9/1/2012 12:24:47 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2012 12:24:47 PM, error: Service Control Manager [7001] - The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2012 12:24:47 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2012 12:24:47 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2012 12:24:47 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2012 12:24:47 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2012 12:24:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/1/2012 10:41:08 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
9/1/2012 10:40:53 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
9/1/2012 10:38:47 PM, error: Service Control Manager [7034] - The MagicTuneEngine service terminated unexpectedly. It has done this 1 time(s).
8/31/2012 7:38:55 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library General USB Flash Disk USB Device.
8/30/2012 2:06:38 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library Kingston DataTraveler 109 USB Device.
8/29/2012 12:22:47 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
.
==== End Of File ===========================

SuperDave · « **Reply #1 on:** September 03, 2012, 04:39:41 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
The log shows that you only have 3.986 Gb of free space on your C drive. Windows requires 15%(6 Gb) or more to function properly. You will have to find more free space on that C Drive. You can do this by removing unwanted or unused programs. You can also transfer videos, pictures, music and other important documents to another drive. ( you have lots of room on the E and F drives)

Remove the Adware:

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with OK
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

***************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
****************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Michael · « **Reply #2 on:** September 04, 2012, 02:23:29 AM »

Hi Dave, thanks for your attention.

Below are the logs:

# AdwCleaner v2.000 - Logfile created 09/04/2012 at 14:35:26
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Tadashi - MICHAEL
# Boot Mode : Normal
# Running from : F:\Downloads\Application\Malware\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Tadashi\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
File Deleted : C:\Documents and Settings\Tadashi\Application Data\Mozilla\Firefox\Profiles\mdexcx0l.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\Tadashi\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Tadashi\Application Data\Media Finder
Folder Deleted : C:\Documents and Settings\Tadashi\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]

***** [Registry] *****

Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112555&tt=060612_6_&babsrc=NT_ss&mntrId=5c6ec2e20000000000000015f2d09612 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Tadashi\Application Data\Mozilla\Firefox\Profiles\mdexcx0l.default\prefs.js

C:\Documents and Settings\Tadashi\Application Data\Mozilla\Firefox\Profiles\mdexcx0l.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.501b47f9e6ebc.scode", "(function(){try{if('mystart.incredibar.com,premiumrepor[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=060612_6_");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "5c6ec2e20000000000000015f2d09612");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "5c6ec2e20000000000000015f2d09612");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15501");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=06061[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:51:41");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112555&tt=060612_6_&babsrc=KW_ss&mntrId=5[...]

-\\ Google Chrome v10.0.648.205

File : C:\Documents and Settings\Tadashi\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6948 octets] - [03/09/2012 21:50:50]
AdwCleaner[R2].txt - [6223 octets] - [04/09/2012 14:35:09]
AdwCleaner[S1].txt - [6564 octets] - [04/09/2012 14:35:26]

########## EOF - C:\AdwCleaner[S1].txt - [6624 octets] ##########

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/04/2012 at 04:11 PM

Application Version : 5.5.1012

Core Rules Database Version : 9168
Trace Rules Database Version: 6980

Scan type : Complete Scan
Total Scan Time : 01:19:10

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 653
Memory threats detected : 0
Registry items scanned : 36640
Registry threats detected : 0
File items scanned : 117723
File threats detected : 12

Adware.Tracking Cookie
   C:\Documents and Settings\Tadashi\Cookies\74NRUGQY.txt [ /atdmt.com ]
   C:\Documents and Settings\Tadashi\Cookies\JR5YA6KX.txt [ /c.atdmt.com ]
   C:\Documents and Settings\Tadashi\Cookies\H7222TWJ.txt [ /atdmt.combing.com ]

Adware.Tencent
   C:\PROGRAM FILES\腾讯游戏\QQGAME\BUGREPORT.EXE
   C:\PROGRAM FILES\腾讯游戏\QQGAME\PCMLOADER\QQDOWNLOAD.DLL
   C:\PROGRAM FILES\腾讯游戏\QQGAME\PCMLOADER\QQPCDOWNLOAD.EXE
   C:\PROGRAM FILES\腾讯游戏\QQGAME\TERSAFE.DLL
   C:\PROGRAM FILES\腾讯游戏\QQGAME\VIDEO\AUDIOENGINE.DLL
   C:\PROGRAM FILES\腾讯游戏\QQGAME\VIDEO\VCODEC.DLL
   C:\PROGRAM FILES\腾讯游戏\QQGAME\VIDEO\VEXPRESSION.DLL
   C:\PROGRAM FILES\腾讯游戏\QQGAME\VIDEO\VIDEODEVICE.DLL
   C:\PROGRAM FILES\腾讯游戏\QQGAME\VIDEO\VQQALLINONE.DLL

Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
JavaFX 2.1.1
Java(TM) 6 Update 29
Java(TM) 7 Update 5
Java version out of Date!
Adobe Flash Player    11.3.300.270
Adobe Reader X 10.1.2 Adobe Reader out of Date!
Mozilla Firefox (15.0)
````````Process Check: objlist.exe by Laurent````````[/u]
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]

SuperDave · « **Reply #3 on:** September 04, 2012, 04:24:21 PM »

You can remove Java(TM) 6 Update 29 . It is no longer necessary.

Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
**********************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Michael · « **Reply #4 on:** September 04, 2012, 09:44:09 PM »

Hi Dave,

I'm not sure why the ComboFix is running in Chinese language.
Must be some setting somewhere.

Anyway, here is the log:

ComboFix 12-09-04.03 - Tadashi 5/2012 Wed 11:29:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.3071.2366 [GMT 8:00]
执行位置: c:\documents and settings\Tadashi\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.ilg
c:\documents and settings\Tadashi\g2mdlhlpx.exe
c:\program files\Common Files\Tencent\Paycenter
c:\program files\Common Files\Tencent\Paycenter\qqcert.dll
c:\program files\Common Files\Tencent\Paycenter\qqedit.dll
G:\install.exe
.
.
((((((((((((((((((((((((( 2012-08-05 至 2012-09-05 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-09-05 03:08 . 2012-09-05 03:08   --------   d-----w-   c:\documents and settings\Tadashi\Application Data\VDownloader
2012-09-05 03:02 . 2012-09-05 03:03   --------   d-----w-   c:\program files\TuneUpMedia
2012-09-05 03:02 . 2012-09-05 03:02   --------   d-----w-   c:\documents and settings\Tadashi\Application Data\TuneUpMedia
2012-09-05 03:02 . 2012-09-05 03:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\TuneUpMedia
2012-09-05 03:00 . 2012-09-05 03:00   --------   d-----w-   c:\program files\WinPcap
2012-09-05 03:00 . 2012-09-05 03:11   --------   d-----w-   c:\documents and settings\Tadashi\Local Settings\Application Data\VDownloader
2012-09-05 03:00 . 2010-01-26 03:11   444283   ----a-w-   c:\program files\Common Files\WinPcapNmap.exe
2012-09-05 03:00 . 2012-09-05 03:08   --------   d-----w-   c:\program files\VDownloader
2012-09-05 03:00 . 2012-09-05 03:00   --------   d-----w-   c:\documents and settings\Tadashi\Application Data\OpenCandy
2012-08-29 00:16 . 2012-08-29 00:16   --------   d-----w-   c:\program files\Mozilla Maintenance Service
2012-08-29 00:16 . 2012-08-25 02:00   192592   ----a-w-   c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-08-29 00:16 . 2012-08-25 02:00   114144   ----a-w-   c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-08-29 00:16 . 2012-08-25 02:00   73696   ----a-w-   c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-29 00:16 . 2012-08-25 02:00   770384   ----a-w-   c:\program files\Mozilla Firefox\msvcr100.dll
2012-08-29 00:16 . 2012-08-25 02:00   421200   ----a-w-   c:\program files\Mozilla Firefox\msvcp100.dll
2012-08-19 16:43 . 2012-08-19 16:44   --------   d-----w-   c:\program files\ExpressFiles
2012-08-19 16:43 . 2012-08-19 16:44   --------   d-----w-   c:\documents and settings\Tadashi\Application Data\ExpressFiles
2012-08-13 05:35 . 2012-08-13 05:35   5115584   ----a-w-   c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-05 03:12 . 2012-04-04 03:11   696520   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-09-05 03:12 . 2012-02-28 16:30   73416   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2008-04-14 12:00   78336   ----a-w-   c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-03-09 20:08   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-14 12:00   1866112   ----a-w-   c:\windows\system32\win32k.sys
2012-07-03 05:46 . 2011-03-14 19:00   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-07-02 17:49 . 2008-04-14 12:00   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 12:00   43520   ------w-   c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2008-04-14 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-04-14 12:00   385024   ------w-   c:\windows\system32\html.iec
2012-06-30 04:23 . 2003-10-17 05:44   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2012-06-30 04:23 . 2003-10-17 05:44   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2012-06-18 09:20 . 2011-12-01 23:32   143872   ----a-w-   c:\windows\system32\javacpl.cpl
2012-08-25 02:01 . 2011-12-17 14:44   266720   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QQ2009"="c:\program files\Tencent\QQ\Bin\QQ.exe" [2011-03-15 136568]
"MoRUN.net Sticker Lite"="c:\program files\MoRUN.net\StickerLite\sticker.exe" [2010-07-26 451072]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416]
"RockMelt Update"="c:\documents and settings\Tadashi\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe" [2012-04-24 136336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"Launch Ai Booster"="c:\program files\ASUS\Ai Booster\OverClk.exe" [2005-04-25 3630080]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-30 296096]
"VDownloader"="c:\program files\VDownloader\VDownloader.exe" [2012-08-21 881152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Tadashi\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-8-14 1014624]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-09 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51   919008   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-09-16 07:04   497648   ------w-   c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-21 20:57   406992   ----a-w-   c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-04-11 17:10   65536   ----a-w-   c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 17:52   59240   ----a-w-   c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 12:06   59280   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20   1305408   ----a-w-   c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 11:33   421776   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchYTLCM]
2010-09-18 05:34   3772928   ----a-w-   c:\program files\Yes\Connect\Connect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2012-01-10 10:43   557056   ----a-w-   c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiScreen]
2009-08-11 05:57   303104   ----a-w-   c:\program files\MultiScreen\MultiScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 11:56   13880424   ----a-w-   c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 11:56   111208   ----a-w-   c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-11-04 00:51   1753192   ----a-w-   c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 12:56   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 12:24   32768   ----a-w-   c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RockMelt Update]
2012-04-24 09:38   136336   ----atw-   c:\documents and settings\Tadashi\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-04-26 06:16   14370816   ----a-w-   c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 03:07   252296   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 05:37   517096   ----a-w-   c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-06-30 04:24   296096   ----a-w-   c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VGAUtil]
2005-08-16 07:50   544768   ----a-w-   c:\program files\GigaByte\VGA Utility Manager\G-vga.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\Documents and Settings\\Tadashi\\Application Data\\Tencent\\QQ\\STemp\\SetupEx~0\\QQSetupEx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Tencent\\QQ\\Bin\\QQ.exe"=
"c:\\Program Files\\Tencent\\QQ\\Bin\\auclt.exe"=
"c:\\Program Files\\Tencent\\QQ\\Bin\\SetupEx\\QQSetupEx.exe"=
"c:\\Program Files\\Tencent\\QQMusic\\QQMusicUpdate.exe"=
"c:\\Program Files\\Tencent\\QQMusic\\QzoneMusic.exe"=
"c:\\Program Files\\Tencent\\QQMusic\\QQMusic.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"c:\\Program Files\\MoRUN.net\\StickerLite\\sticker.exe"=
"c:\\Documents and Settings\\Tadashi\\Local Settings\\Application Data\\RockMelt\\Application\\rockmelt.exe"=
"c:\\Program Files\\腾讯游戏\\QQGAME\\PCMLoader\\QQPCDownload.exe"=
"c:\\Program Files\\ds9\\ds9.exe"=
"c:\\Program Files\\Tencent\\QQLive\\QQLive.exe"=
"c:\\Program Files\\Tencent\\QQLive\\QQLiveUp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\6.2.2021.201\\bugreport.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\6.2.2021.201\\QQPCAddWidget.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\6.2.2021.201\\QQPCFileOpen.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\6.2.2021.201\\QQPCFileSafe.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\6.2.2021.201\\QQPCInstAssist.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\6.2.2021.201\\QQPCInstAssistWizard.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\6.2.2021.201\\QQPCLeakScan.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\6.2.2021.201\\QQPCLoader.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\6.2.2021.201\\QQPCMgr_tz_Setup.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\6.2.2021.201\\QQPConfig.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\6.2.2021.201\\QQPCSoftMgr.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\6.2.2021.201\\QQPCSPlash.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\6.2.2021.201\\plugins\\QMNetMon\\QQPCNetFlow.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\6.2.2021.201\\plugins\\FileSmash\\QQPCSmashFile.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\6.2.2021.201\\QQPCSafebox.exe"=
"c:\\Program Files\\Common Files\\Tencent\\QQDownload\\110\\Tencentdl.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Tencent\\QQPinyin\\4.5.1206.400\\QQPCDetector.exe"=
"c:\\Program Files\\Tencent\\QQPinyin\\4.5.1206.400\\QQPYConfig.exe"=
"c:\\Program Files\\Tencent\\QQPinyin\\4.5.1206.400\\QQPYLiveup.exe"=
"c:\\Program Files\\Tencent\\QQPinyin\\4.5.1206.400\\QQPYLevel.exe"=
"c:\\Program Files\\Tencent\\QQPinyin\\4.5.1206.400\\QQPYDict.exe"=
"c:\\Program Files\\Tencent\\QQPinyin\\4.5.1206.400\\QQImeRegDict.exe"=
"c:\\Program Files\\Tencent\\QQPinyin\\4.5.1206.400\\QQImeRegSkin.exe"=
"c:\\Program Files\\Tencent\\QQPinyin\\4.5.1206.400\\QQImeDownload.exe"=
"c:\\Program Files\\Tencent\\QQPinyin\\4.5.1206.400\\QQPYMBlog.exe"=
"c:\\Program Files\\Tencent\\QQPinyin\\4.5.1206.400\\QQPYHandInput.exe"=
"c:\\Program Files\\Tencent\\QQPinyin\\4.5.1206.400\\QQPYCloud.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 301248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [6/18/2011 2:09 PM 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/18/2010 2:25 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 2:41 AM 67664]
R1 TCSafeBox;TCSafeBox;c:\program files\Tencent\QQPCMgr\6.2.2021.201\TCSafeBox.sys [10/26/2011 7:30 PM 29048]
R1 TSCPM;TSCPM;c:\program files\Tencent\QQPCMgr\6.2.2021.201\tscpm.sys [10/26/2011 7:30 PM 16504]
R1 TSKSP;TSKSP;c:\program files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys [10/26/2011 7:08 PM 153784]
R1 TSSysKit;TSSysKit;c:\program files\Tencent\QQPCMgr\6.2.2021.201\TSSysKit.sys [11/10/2011 10:55 AM 81016]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/30/2010 1:48 AM 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 5:25 PM 5160568]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 GCTWiMaxServiceD;Connect Service Daemon;c:\program files\Yes\Connect\GCTWiMaxServiceD.exe [3/10/2011 10:27 PM 528477]
R2 GdmWmPrt;Yes Go Protocol Driver;c:\windows\system32\drivers\gdmwmprt.sys [3/10/2011 10:27 PM 24576]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [11/27/2011 9:18 AM 5152]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/27/2010 10:09 AM 50704]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [7/16/2012 10:31 PM 2673064]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [3/10/2011 12:03 PM 223232]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/13/2012 1:33 PM 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/3/2012 1:19 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 11:11 AM 250056]
S3 GDMINIT;GCT Initial Device Driver;c:\windows\system32\drivers\gdminit.sys [3/10/2011 10:27 PM 26112]
S3 GdmUWm;Yes Go;c:\windows\system32\drivers\gdmuwm.sys [3/10/2011 10:27 PM 92160]
S3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [3/10/2011 11:05 AM 13440]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2011 8:08 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2011 8:08 PM 136176]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [3/10/2011 11:05 AM 18634]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [8/29/2012 8:16 AM 114144]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/4/2012 12:14 AM 27064]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 TcHardWare;TcHardWare;c:\program files\Tencent\QQPCMgr\6.2.2021.201\QQPCHW.sys [10/26/2011 7:30 PM 34168]
.
‘计划任务’ 文件夹里的内容
.
2012-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 22:14]
.
2012-09-04 c:\windows\Tasks\AdobeAAMUpdater-1.0-MICHAEL-Tadashi.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-06-10 07:04]
.
2012-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2012-09-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-115176313-1606980848-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 04:00]
.
2012-09-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-115176313-1606980848-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 04:00]
.
2012-09-04 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-839522115-115176313-1606980848-1003Core.job
- c:\documents and settings\Tadashi\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2011-03-10 09:38]
.
2012-09-05 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-839522115-115176313-1606980848-1003UA.job
- c:\documents and settings\Tadashi\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2011-03-10 09:38]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bb2000.net/
uInternet Connection Wizard,ShellNext = hxxp://www.samsung.com/Products/Monitors/magictune/magictune_05s.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.1.1
DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} - hxxps://b2c.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
FF - ProfilePath - c:\documents and settings\Tadashi\Application Data\Mozilla\Firefox\Profiles\mdexcx0l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
------- 文件类型 -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-QQPCHint - c:\program files\Tencent\QQPCMgr\6.2.2021.201\QQPCHint.exe
MSConfigStartUp- QQPCTray - c:\program files\Tencent\QQPCMgr\4.6.1150.203\QQPCTray.exe
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-QQPCHint - c:\program files\Tencent\QQPCMgr\6.2.2021.201\QQPCHint.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-05 11:36
Windows 5.1.2600 Service Pack 3 NTFS
.
扫描被隐藏的进程。。。
.
扫描被隐藏的启动组。。。
.
扫描被隐藏的文件。。。
.
扫描完成
被隐藏的档案: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-115176313-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\~伅媜忲N\Q*Q*5u仭{禰]
"Order"=hex:08,00,00,00,02,00,00,00,20,02,00,00,01,00,00,00,04,00,00,00,96,00,
00,00,00,00,00,00,88,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,76,00,36,\
.
[HKEY_USERS\S-1-5-21-839522115-115176313-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2DE2FC43-0B57-53F7-51A8-56AC2CA3D555}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jakgkiodknjpolemghgc"=hex:62,61,67,6b,00,00
"jakgkiodknjpolemghkd"=hex:62,61,6d,6a,00,00
"iakhghihjmgahchfdp"=hex:6b,61,6c,69,6e,6e,6a,6f,66,70,63,70,67,63,6e,61,6f,6b,
6b,69,69,66,00,00
"haajmejbokajfohn"=hex:6b,61,6c,69,6e,6e,65,6d,70,6f,68,66,64,63,70,6b,6a,64,
6d,66,6e,63,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Q*Q*黚髼搹eQ誰]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"Changed"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Q*Q*8nb]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,da,63,05,
4e,36,10,cc,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*黚髼搹eQ誰]
"DisplayName"="QQ拼音输入法4.5"
"UninstallString"="c:\\Program Files\\Tencent\\QQPinyin\\4.5.1206.400\\uninst.exe"
"DisplayIcon"="c:\\Program Files\\Tencent\\QQPinyin\\4.5.1206.400\\QQPinyin.ico"
"DisplayVersion"="4.5"
"Publisher"="腾讯公司"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*8nb]
"DisplayName"="QQ游戏"
"UninstallString"="c:\\Program Files\\腾讯游戏\\QQGAME\\Uninstall.EXE"
"Publisher"="腾讯公司"
"DisplayIcon"="c:\\Program Files\\腾讯游戏\\QQGAME\\QQGame.EXE"
"DisplayVersion"="2.4.201.60"
.
--------------------- 运行进程下的动态链接库 ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
完成时间: 2012-09-05 11:39:35
ComboFix-quarantined-files.txt 2012-09-05 03:39
.
Pre-Run: 7,766,798,336 bytes free
Post-Run: 7,762,653,184 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CHS.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
.
- - End Of File - - FE27D929A512D5AA9DD9B2F54CC2E8C7

SuperDave · « **Reply #5 on:** September 05, 2012, 05:28:34 PM »

Quote

I'm not sure why the ComboFix is running in Chinese language.
Must be some setting somewhere.

What is the language of your computer?

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
************************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Michael · « **Reply #6 on:** September 05, 2012, 09:04:10 PM »

Hi Dave, my system language is English.

Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````[/u]
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
JavaFX 2.1.1
Java(TM) 7 Update 5
Java version out of Date!
Adobe Flash Player 11.3.300.270
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0)
````````Process Check: objlist.exe by Laurent````````[/u]
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B21C7000
Module End: B21DF000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F79CF000
Module End: F79D1000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateFile
Address: B235A813
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwCreateKey
Address: B236272C
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwCreateSection
Address: B236683B
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwCreateThread
Address: B2365173
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwDeleteFile
Address: B235AB49
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwDeleteKey
Address: B23631B2
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwDeleteValueKey
Address: B2363386
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwDeviceIoControlFile
Address: B23690D9
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwDuplicateObject
Address: B2359B33
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwEnumerateValueKey
Address: B235F3E7
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwLoadDriver
Address: B2369450
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwNotifyChangeKey
Address: B14A9004
Driver Base: B14A8000
Driver End: B14AB000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwNotifyChangeMultipleKeys
Address: B14A90D4
Driver Base: B14A8000
Driver End: B14AB000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwOpenFile
Address: B235AD39
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwOpenProcess
Address: B14A8D76
Driver Base: B14A8000
Driver End: B14AB000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwOpenSection
Address: B23669EE
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwQueryValueKey
Address: B235FDD1
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwQueueApcThread
Address: B23679C2
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwRequestWaitReplyPort
Address: B2363B66
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwSetInformationFile
Address: B235A15E
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwSetSecurityObject
Address: B23698F4
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwSetSystemInformation
Address: B2369DC7
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwSetValueKey
Address: B2362A9D
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwSuspendThread
Address: B2367710
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwSystemDebugControl
Address: B2369809
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwTerminateProcess
Address: B14A8E1E
Driver Base: B14A8000
Driver End: B14AB000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwTerminateThread
Address: B14A8EBA
Driver Base: B14A8000
Driver End: B14AB000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwWriteFile
Address: B235A603
Driver Base: B2357000
Driver End: B237C000
Driver Name: \??\C:\Program Files\Tencent\QQPCMgr\6.2.2021.201\TSKsp.sys

Function Name: ZwWriteVirtualMemory
Address: B14A8F56
Driver Base: B14A8000
Driver End: B14AB000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: PsGetThreadWin32Thread
At Address: 804E6BFC
Jump To: F5806135
Module Name: _unknown_

Hooked Function: PsGetProcessWin32Process
At Address: 804E6BFC
Jump To: F5806135
Module Name: _unknown_

Hooked Function: PsGetCurrentProcessSessionId
At Address: 804EA47C
Jump To: 72CF044B
Module Name: _unknown_

******************************************************************************************
******************************************************************************************

SuperDave · « **Reply #7 on:** September 06, 2012, 04:43:15 PM »

Please do not ignore this warning from Security Check: Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)

How's your computer running now? Any other issues I don't know about?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Michael · « **Reply #8 on:** September 07, 2012, 12:37:15 PM »

Please do not ignore this warning from Security Check: Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)

It didn't prompt me to do defragmentation and I was not aware of this finding.

How's your computer running now? Any other issues I don't know about?

Running as usual. Still cannot modify (delete/move) the entries in All Programs.
No other issues that I'm aware of

ESET Log:

C:\RECYCLER\S-1-5-21-839522115-115176313-1606980848-1003\Dc15.exe   a variant of Win32/InstallCore.AC application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{36B7AAF4-E3A0-4D91-8DF6-B865A2171562}\RP521\A0308034.dll   Win32/GenUpdater application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{36B7AAF4-E3A0-4D91-8DF6-B865A2171562}\RP522\A0308081.dll   Win32/GenUpdater application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{36B7AAF4-E3A0-4D91-8DF6-B865A2171562}\RP523\A0308241.dll   Win32/GenUpdater application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{36B7AAF4-E3A0-4D91-8DF6-B865A2171562}\RP524\A0308399.dll   Win32/GenUpdater application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{36B7AAF4-E3A0-4D91-8DF6-B865A2171562}\RP526\A0311054.exe   probably a variant of Win32/ExpressFiles application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{36B7AAF4-E3A0-4D91-8DF6-B865A2171562}\RP530\A0312783.exe   a variant of Win32/InstallCore.AC application   cleaned by deleting - quarantined
F:\Documents\Computing\IT Resources Sharing\_MPTB_talk02oct2006\software\NOD32v25041\FIX.exe   Win32/RiskWare.HackAV.AI application   cleaned by deleting - quarantined
F:\Documents\Friends\Meimei\

?.rar   a variant of Win32/PSW.QQPass.NHW trojan   deleted - quarantined
F:\Downloads\Application\Audio\Setup_FreeConverter.exe   Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
F:\Downloads\Application\Entertainment\swf_flv_player.exe   Win32/Toolbar.Zugo application   cleaned by deleting - quarantined
F:\Downloads\Application\Entertainment\TVAntsSoftonicDownloader56473.exe   a variant of Win32/SoftonicDownloader.A application   cleaned by deleting - quarantined
F:\Downloads\Application\Graphic\installer_portrait_professional_9_7_2_English.exe   Win32/Toggle application   cleaned by deleting - quarantined
F:\Downloads\Application\Video\DVDCutterPlusSetup.exe   a variant of Win32/Toolbar.Funmoods application   cleaned by deleting - quarantined
F:\Downloads\Application\Video\MMCsetup.exe   Win32/Somoto application   cleaned by deleting - quarantined
F:\Downloads\Application\Video\YouTubeDownloaderSetup35.exe   probably a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
F:\Downloads\Application\Video\RM Recorder\WMR setup v6.0.1.4.exe   probably a variant of Win32/Agent.IBHNLFO trojan   cleaned by deleting - quarantined
F:\Downloads\Siemens SX1\13.rar   multiple threats   deleted - quarantined

SuperDave · « **Reply #9 on:** September 07, 2012, 06:56:35 PM »

Quote

Running as usual. Still cannot modify (delete/move) the entries in All Programs.

What happens when you try to do this?

Michael · « **Reply #10 on:** September 09, 2012, 12:36:25 PM »

As I mentioned in the initial post in this thread, whenever I try to move or delete the entries, I get a prompt that Access is denied, make sure disk is not full or write protected blah blah blah.....

It happens on most of the entries, and it happens even if I quit the program from running in the background, and disable antivirus (AVG).

[year+ old attachment deleted by admin]

SuperDave · « **Reply #11 on:** September 09, 2012, 05:32:40 PM »

Some of our members report that this is a very good tool to handle that sort of things.

Michael · « **Reply #12 on:** September 10, 2012, 08:00:18 AM »

But what is the root cause for the issue? And how is it suppose to be solved?

That tool seems to be an alternative rather than solution.

SuperDave · « **Reply #13 on:** September 10, 2012, 04:52:58 PM »

Quote

But what is the root cause for the issue? And how is it suppose to be solved?

I could be a number of things causing it. I've had it happen on my computers from time to time.
If there are no other issues, we can do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

*******************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
********************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Michael · « **Reply #14 on:** September 11, 2012, 10:04:31 AM »

Windows cannot find Combomix

[year+ old attachment deleted by admin]

Computer Hope Forum

News:

Author Topic: Cannot Modify Entries in Start Menu->All Programs (Read 30839 times)

Michael

Cannot Modify Entries in Start Menu->All Programs

SuperDave

Re: Cannot Modify Entries in Start Menu->All Programs

Michael

Re: Cannot Modify Entries in Start Menu->All Programs

SuperDave

Re: Cannot Modify Entries in Start Menu->All Programs

Michael

Re: Cannot Modify Entries in Start Menu->All Programs

SuperDave

Re: Cannot Modify Entries in Start Menu->All Programs

Michael

Re: Cannot Modify Entries in Start Menu->All Programs

SuperDave

Re: Cannot Modify Entries in Start Menu->All Programs

Michael

Re: Cannot Modify Entries in Start Menu->All Programs

SuperDave

Re: Cannot Modify Entries in Start Menu->All Programs

Michael

Re: Cannot Modify Entries in Start Menu->All Programs

SuperDave

Re: Cannot Modify Entries in Start Menu->All Programs

Michael

Re: Cannot Modify Entries in Start Menu->All Programs

SuperDave

Re: Cannot Modify Entries in Start Menu->All Programs

Michael

Re: Cannot Modify Entries in Start Menu->All Programs