Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is really really slow.


  • This topic is locked This topic is locked
8 replies to this topic

#1 ._.

._.

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 23 August 2010 - 11:08 PM

My computer has been running kinda slow ever since Saturday. It's taking like 20 mins to log on and start-up. And two minutes to open programs (Start menu, My Document, Firefox, IE etc.). I've ran Kaspersky, MalwareBytes, Windows Defender, One-Care online scanner, and found nothing. I've also tried doing defragment, didnt help...

Alex


P.S. Seems like I need to run DDS log and GMER :thumbsup:
P.P.S I've ran DDS log and there's no txt files when it's done.. And I got a blue screen while doing GMER.

Edited by ._., 24 August 2010 - 12:10 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 AM

Posted 24 August 2010 - 01:30 PM

Please go here....

Create a OTL log and post it in the new topic here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.

  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ._.

._.
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 24 August 2010 - 08:43 PM

Create a OTL log and post it in the new topic here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.

copy and paste them in a reply here:


So do I reply here or post a new topic?

#4 ._.

._.
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 24 August 2010 - 08:59 PM

I assume I'm supposed to post it here...
OTL.txt:
OTL logfile created on: 24/8/2010 21:45:26 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Chius\桌面
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

758.00 Mb Total Physical Memory | 289.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1516 1516 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.51 Gb Total Space | 46.87 Gb Free Space | 64.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHIUS-NEC
Current User Name: Chius
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/24 21:44:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chius\桌面\OTL.exe
PRC - [2010/08/23 19:26:28 | 000,174,432 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2010/07/27 15:32:55 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/27 15:32:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/04/15 06:54:48 | 000,978,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/05/08 22:41:06 | 000,972,800 | ---- | M] () -- C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe
PRC - [2005/02/17 02:16:34 | 000,520,192 | ---- | M] () -- C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/08/24 21:44:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chius\桌面\OTL.exe
MOD - [2008/04/15 06:53:46 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/23 19:26:28 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2010/08/21 23:15:25 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2005/02/17 02:16:34 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe -- (FspadSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva321.sys -- (XDva321)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Chius\LOCALS~1\Temp\OAH14.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010/07/27 14:42:41 | 000,296,976 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/08/15 23:35:11 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/15 14:01:00 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/05/16 20:59:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/05/13 17:46:52 | 000,031,760 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008/12/15 20:41:32 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2008/06/24 23:32:26 | 000,011,244 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Keyboard.sys -- (kbdfdo)
DRV - [2008/04/13 14:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2005/07/29 03:12:44 | 001,019,960 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/06/03 04:50:00 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/05/08 22:31:50 | 000,014,848 | ---- | M] (Asia Vital Components Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fspad.sys -- (fspad)
DRV - [2004/10/29 06:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Windows XP 的 Intel®
DRV - [2004/10/07 22:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/12 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2003/09/25 22:41:12 | 000,044,032 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/31 07:16:32 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 02:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 02:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 02:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 02:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 02:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 01:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 01:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 01:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 01:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 01:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 01:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 01:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 01:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 01:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/19 18:12:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/21 22:30:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/07/27 14:44:02 | 000,000,000 | ---D | M]

[2009/08/15 23:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chius\Application Data\Mozilla\Extensions
[2010/08/24 08:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chius\Application Data\Mozilla\Firefox\Profiles\s3peoo87.default\extensions
[2009/08/16 15:05:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chius\Application Data\Mozilla\Firefox\Profiles\s3peoo87.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/09 20:44:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Chius\Application Data\Mozilla\Firefox\Profiles\s3peoo87.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/24 01:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/07 09:02:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 00:16:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/27 14:44:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/24 01:52:28 | 000,416,826 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14388 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe ()
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\IMKR6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1250393609421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1250441904437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.227.47.6 128.227.47.7
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (目前的首頁) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\NEC.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\NEC.BMP
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (66723180231786496)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/24 21:44:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chius\桌面\OTL.exe
[2010/08/23 23:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chius\桌面\gmer
[2010/08/23 20:32:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/23 20:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/23 20:13:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/23 18:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\SafeConnect
[2010/08/23 16:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/08/22 18:39:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chius\Recent
[2010/08/22 15:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/08/22 01:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/08/21 22:29:46 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/08/21 22:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/08/21 22:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chius\Application Data\Skype
[2010/08/19 17:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/08/19 17:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Zenographics
[2010/08/19 15:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/08/19 15:01:29 | 001,334,040 | ---- | C] (Impulse Point, LLC) -- C:\Documents and Settings\Chius\桌面\ServiceInstaller.exe
[2010/08/16 21:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/16 20:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/16 20:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/16 20:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/27 14:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/07/27 14:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/07/27 14:42:41 | 000,296,976 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/07/11 18:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chius\桌面\All-In-One-WVS-by-DotA-Utilities
[2010/06/15 19:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/10 21:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chius\「開始」
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/24 21:44:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chius\桌面\OTL.exe
[2010/08/24 20:18:50 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Chius\ntuser.dat
[2010/08/24 12:31:51 | 000,004,528 | ---- | M] () -- C:\Documents and Settings\Chius\桌面\Fall Schedule.pdf
[2010/08/24 12:20:19 | 000,013,768 | ---- | M] () -- C:\Documents and Settings\Chius\桌面\10 Fall Class Schedule.pdf
[2010/08/24 01:52:28 | 000,416,826 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/24 00:14:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/24 00:14:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/23 23:23:09 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Chius\桌面\gmer.zip
[2010/08/23 23:16:24 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Chius\桌面\dds.scr
[2010/08/23 23:01:38 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\Chius\桌面\SCClient.lnk
[2010/08/23 22:34:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chius\ntuser.ini
[2010/08/23 22:34:10 | 004,295,546 | -H-- | M] () -- C:\Documents and Settings\Chius\Local Settings\Application Data\IconCache.db
[2010/08/23 20:32:07 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Chius\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/22 23:28:55 | 000,057,007 | ---- | M] () -- C:\Documents and Settings\Chius\桌面\Schedule.JPG
[2010/08/21 23:39:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/19 17:24:54 | 000,014,540 | ---- | M] () -- C:\Documents and Settings\Chius\桌面\Money.xlsx
[2010/08/19 15:09:40 | 005,154,304 | ---- | M] () -- C:\Documents and Settings\Chius\桌面\WindowsDefender.msi
[2010/08/19 15:01:40 | 001,334,040 | ---- | M] (Impulse Point, LLC) -- C:\Documents and Settings\Chius\桌面\ServiceInstaller.exe
[2010/08/16 21:01:02 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\iTunes.lnk
[2010/08/13 20:40:41 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 19:20:28 | 001,004,154 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 19:20:28 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 19:20:28 | 000,337,808 | ---- | M] () -- C:\WINDOWS\System32\prfh0404.dat
[2010/08/13 19:20:28 | 000,160,394 | ---- | M] () -- C:\WINDOWS\System32\prfc0404.dat
[2010/08/13 19:20:28 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 23:24:45 | 000,009,071 | ---- | M] () -- C:\Documents and Settings\Chius\桌面\USPS vs Fedex.xlsx
[2010/08/02 20:03:26 | 000,010,075 | ---- | M] () -- C:\Documents and Settings\Chius\桌面\Checking.xlsx
[2010/07/29 21:00:01 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/07/29 21:00:00 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/07/27 14:59:15 | 000,604,140 | -HS- | M] () -- C:\WINDOWS\System32\drivers\ISwift3.dat
[2010/07/27 14:42:41 | 000,296,976 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/07/11 17:40:00 | 316,600,465 | ---- | M] () -- C:\Documents and Settings\Chius\桌面\All-In-One-WVS-by-DotA-Utilities.rar
[2010/07/08 10:59:25 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Chius\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/06 18:41:20 | 000,010,561 | ---- | M] () -- C:\Documents and Settings\Chius\桌面\mEaL pLaN.xlsx
[2010/07/06 13:19:46 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Adobe Reader 9.lnk
[2010/06/14 15:27:37 | 000,076,600 | ---- | M] () -- C:\Documents and Settings\Chius\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/10 22:56:05 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/06/01 15:38:16 | 004,395,288 | ---- | M] () -- C:\Documents and Settings\Chius\My Documents\Phone.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/24 12:31:51 | 000,004,528 | ---- | C] () -- C:\Documents and Settings\Chius\桌面\Fall Schedule.pdf
[2010/08/24 12:20:17 | 000,013,768 | ---- | C] () -- C:\Documents and Settings\Chius\桌面\10 Fall Class Schedule.pdf
[2010/08/23 23:22:01 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Chius\桌面\gmer.zip
[2010/08/23 23:16:20 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Chius\桌面\dds.scr
[2010/08/23 23:01:38 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\Chius\桌面\SCClient.lnk
[2010/08/23 20:32:07 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\Chius\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/22 23:28:55 | 000,057,007 | ---- | C] () -- C:\Documents and Settings\Chius\桌面\Schedule.JPG
[2010/08/19 17:48:49 | 000,574,100 | R--- | C] () -- C:\WINDOWS\System32\hp1022n.img
[2010/08/19 17:48:49 | 000,206,768 | R--- | C] () -- C:\WINDOWS\System32\hp1022.img
[2010/08/19 17:48:49 | 000,128,612 | R--- | C] () -- C:\WINDOWS\System32\hp1020.img
[2010/08/19 15:10:15 | 008,650,752 | ---- | C] () -- C:\Documents and Settings\Chius\ntuser.dat
[2010/08/19 15:09:39 | 005,154,304 | ---- | C] () -- C:\Documents and Settings\Chius\桌面\WindowsDefender.msi
[2010/08/16 21:01:02 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\iTunes.lnk
[2010/08/02 23:24:44 | 000,009,071 | ---- | C] () -- C:\Documents and Settings\Chius\桌面\USPS vs Fedex.xlsx
[2010/07/27 14:59:15 | 000,604,140 | -HS- | C] () -- C:\WINDOWS\System32\drivers\ISwift3.dat
[2010/07/27 14:44:39 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/07/27 14:44:39 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/07/27 13:48:14 | 000,010,075 | ---- | C] () -- C:\Documents and Settings\Chius\桌面\Checking.xlsx
[2010/07/11 17:13:40 | 316,600,465 | ---- | C] () -- C:\Documents and Settings\Chius\桌面\All-In-One-WVS-by-DotA-Utilities.rar
[2010/07/06 18:37:14 | 000,010,561 | ---- | C] () -- C:\Documents and Settings\Chius\桌面\mEaL pLaN.xlsx
[2010/06/01 15:38:00 | 004,395,288 | ---- | C] () -- C:\Documents and Settings\Chius\My Documents\Phone.pdf
[2010/04/18 11:03:28 | 000,011,244 | ---- | C] () -- C:\WINDOWS\System32\drivers\Keyboard.sys
[2009/10/04 21:08:25 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2009/08/25 16:38:15 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Chius\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/15 23:53:53 | 000,000,163 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/15 23:35:11 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/15 10:32:55 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chius\Local Settings\Application Data\fusioncache.dat
[2009/08/15 10:24:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/17 20:55:38 | 000,000,797 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/12/21 22:47:02 | 000,000,832 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/13 07:46:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/08/15 23:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/02/10 23:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/15 19:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/22 18:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/16 16:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/05 19:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chius\Application Data\BITS
[2009/08/15 23:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chius\Application Data\DAEMON Tools Lite
[2009/10/04 21:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chius\Application Data\FlashGetBHO
[2010/01/30 20:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chius\Application Data\ijjigame
[2009/08/15 23:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chius\Application Data\Leadertech
[2009/09/08 18:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chius\Application Data\Notepad++
[2009/12/22 21:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chius\Application Data\quickhit.football.QHFootball.4D5206CA741FBF5FD6AAD1A97F5076E917382B34.1
[2010/04/04 16:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chius\Application Data\Tencent

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/12 00:00:00 | 018,907,918 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/08/16 00:25:15 | 024,342,908 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/12 00:00:00 | 018,907,918 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/08/16 00:25:15 | 024,342,908 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 11:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/12 00:00:00 | 018,907,918 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/08/16 00:25:15 | 024,342,908 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/12 00:00:00 | 018,907,918 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/08/16 00:25:15 | 024,342,908 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 10:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 10:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/15 06:54:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=0A9FB6653A8AC115B5110C0A5C263952 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/15 06:54:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=0A9FB6653A8AC115B5110C0A5C263952 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/12 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=D33069982F8DCCA36BA9B5E64188BA48 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/15 06:54:35 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=380F657700A117DA25AB6E4713EB8E08 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/15 06:54:35 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=380F657700A117DA25AB6E4713EB8E08 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/12 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1E2BA80D8CFC0C6814E5774E42B53D9 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/15 06:54:37 | 000,172,544 | ---- | M] (Microsoft Corporation) MD5=011B5C1D7D51291041B4574CD423253C -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/15 06:54:37 | 000,172,544 | ---- | M] (Microsoft Corporation) MD5=011B5C1D7D51291041B4574CD423253C -- C:\WINDOWS\system32\scecli.dll
[2004/08/12 08:00:00 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=3294F364BA88EDA4A296A7FDD55653E9 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

========== Files - Unicode (All) ==========
[2010/08/23 16:36:13 | 000,000,000 | ---D | M](C:\WINDOWS\System32\???沋??稘-d) -- C:\WINDOWS\System32\ﰄƻ룲沋旤–稘­d
[2010/08/23 16:36:13 | 000,000,000 | ---D | C](C:\WINDOWS\System32\???沋??稘-d) -- C:\WINDOWS\System32\ﰄƻ룲沋旤–稘­d

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76
< End of report >


Extras.txt
OTL Extras logfile created on: 24/8/2010 21:45:26 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Chius\桌面
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

758.00 Mb Total Physical Memory | 289.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1516 1516 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.51 Gb Total Space | 46.87 Gb Free Space | 64.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHIUS-NEC
Current User Name: Chius
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
"29101:TCP" = 29101:TCP:*:Enabled:???? ??

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\kickass92\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\kickass92\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Documents and Settings\Chius\桌面\vbaserver\vbalink.exe" = C:\Documents and Settings\Chius\桌面\vbaserver\vbalink.exe:*:Enabled:vbalink -- File not found
"C:\Program Files\AeriaGames\Project Torque\ProjectTorque.bin" = C:\Program Files\AeriaGames\Project Torque\ProjectTorque.bin:*:Enabled:Game -- File not found
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"$INSTDIR\FlvDetector.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector -- File not found
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found
"C:\Program Files\AKInteractive\Great Merchant\run.exe" = C:\Program Files\AKInteractive\Great Merchant\run.exe:*:Enabled:AutoPatch_Gersang MFC ?? ???? -- File not found
"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0C9B0475-F65F-45AB-8D88-2AE7C195E907}" = Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 21
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java™ SE Development Kit 6 Update 14
"{350C97B6-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5aa47dba-b584-4d47-a626-76e53fc2987d}" = JavaFX™ 1.2 SDK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB8DE25-3B31-4D63-829E-CAE431992CF9}" = TIxx21
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Garena" = Garena
"ie8" = Windows Internet Explorer 8
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Notepad++" = Notepad++
"SafeConnect" = SafeConnect
"Steam App 10" = Counter-Strike
"Ultravnc2_is1" = UltraVNC 1.0.6.5
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/3/2010 12:18:32 | Computer Name = CHIUS-NEC | Source = LoadPerf | ID = 3001
Description =

[ System Events ]
Error - 24/8/2010 21:39:28 | Computer Name = CHIUS-NEC | Source = Disk | ID = 262151
Description = 裝置 \Device\Harddisk0\D 有損壞區塊。

Error - 24/8/2010 21:39:33 | Computer Name = CHIUS-NEC | Source = Disk | ID = 262151
Description = 裝置 \Device\Harddisk0\D 有損壞區塊。

Error - 24/8/2010 21:44:20 | Computer Name = CHIUS-NEC | Source = Disk | ID = 262151
Description = 裝置 \Device\Harddisk0\D 有損壞區塊。

Error - 24/8/2010 21:44:25 | Computer Name = CHIUS-NEC | Source = Disk | ID = 262151
Description = 裝置 \Device\Harddisk0\D 有損壞區塊。

Error - 24/8/2010 21:44:29 | Computer Name = CHIUS-NEC | Source = Disk | ID = 262151
Description = 裝置 \Device\Harddisk0\D 有損壞區塊。

Error - 24/8/2010 21:44:33 | Computer Name = CHIUS-NEC | Source = Disk | ID = 262151
Description = 裝置 \Device\Harddisk0\D 有損壞區塊。

Error - 24/8/2010 21:44:37 | Computer Name = CHIUS-NEC | Source = Disk | ID = 262151
Description = 裝置 \Device\Harddisk0\D 有損壞區塊。

Error - 24/8/2010 21:44:41 | Computer Name = CHIUS-NEC | Source = Disk | ID = 262151
Description = 裝置 \Device\Harddisk0\D 有損壞區塊。

Error - 24/8/2010 21:44:46 | Computer Name = CHIUS-NEC | Source = Disk | ID = 262151
Description = 裝置 \Device\Harddisk0\D 有損壞區塊。

Error - 24/8/2010 21:44:50 | Computer Name = CHIUS-NEC | Source = Disk | ID = 262151
Description = 裝置 \Device\Harddisk0\D 有損壞區塊。


< End of report >


And I apologize for the Chinese symbols..

Edited by ._., 24 August 2010 - 08:59 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 AM

Posted 24 August 2010 - 09:06 PM

Nope, There :thumbsup:
Virus, Trojan, Spyware, and Malware Removal Logs

Include this.
My computer has been running kinda slow ever since Saturday. It's taking like 20 mins to log on and start-up. And two minutes to open programs (Start menu, My Document, Firefox, IE etc.). I've ran Kaspersky, MalwareBytes, Windows Defender, One-Care online scanner, and found nothing. I've also tried doing defragment, didnt help...
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 ._.

._.
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 24 August 2010 - 09:11 PM

Oh okay.
Um.. Do l have to wait 2-3 days before someone reply me on my new post? I kinda need this computer for my college class...

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 AM

Posted 24 August 2010 - 09:18 PM

Unfortunately yes. :thumbsup:
Only a wipe and reinstall is quicker.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 ._.

._.
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 24 August 2010 - 09:19 PM

Aw.. If I reinstall, I would lose all my softwares..
I don't have the software CDs with me :thumbsup:

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:42 AM

Posted 24 August 2010 - 09:51 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic342637.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users