Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

OTLPEStd.exe don't work on my PC

Started by hkQQ2010 , Jul 16 2011 11:10 PM

  • This topic is locked This topic is locked

#1
hkQQ2010
Posted 16 July 2011 - 11:10 PM

hkQQ2010

    Member

  • Member
  • PipPip
  • 32 posts
Dear Geeks,

I am a newbie of this forum. I don't know wherher it is correct to post here. Pls correct me.

I read here knowing Geek mention about the tool, OTLPEStd.exe.
I get it and run it. But it freeze on "0% Extracting", no response even click "Cancel".
Is my PC something wrong or how to use "OTLPEStd.exe"?
I am using XP with NOD32 disabled. Do I need to completely delete NOD32?

Many thanks.
  • 0

Advertisements

#2
Essexboy
Posted 17 July 2011 - 04:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi may I ask why you are downloading this tool ?
  • 0

#3
hkQQ2010
Posted 17 July 2011 - 05:28 AM

hkQQ2010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Essexboy,

Thanks for your reply.

I had surf this forum yesterday and knowing one Geek suggested the user to use this tool to make a bootable CD.

I am wondering what is the bootable CD contained. Therefore, I get it for testing only.
I had often face an infected PC which can't boot. Some may be rectified by CHKDSK in Win Recovery Console, but other can't. So I want to take a look whether OTLPEStd Bootable CD contain any useful tools to deal with it.

Many thanks.
  • 0

#4
Essexboy
Posted 17 July 2011 - 05:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Here are the instructions for using OTLPE

Please print these instruction out so that you know what you are doing

Latest version: v3.1.46.0

OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB

  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#5
hkQQ2010
Posted 17 July 2011 - 05:52 AM

hkQQ2010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Essexboy,

Thanks a lot.

I had already tried it before as your above steps.
1. It appear a Window showing "Do you want to burn the CD"
2. After I press "Yes", it freeze hours at the Window showing "0% Extracting"

Anyway, I will download a fresh copy of OTLPENet.exe, and try again.

Many thanks
  • 0

#6
hkQQ2010
Posted 17 July 2011 - 05:57 AM

hkQQ2010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Essexboy,

Sorry Essexboy, I overlook.

Your recommandation is OTLPENet.exe, but not OTLPEStd.exe.

I am downloading it.

Many thanks in advance.
  • 0

#7
hkQQ2010
Posted 17 July 2011 - 07:24 AM

hkQQ2010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Essexboy,

Thanks a lot.

I can make the bootable CD with OTLPENet.exe.
Many thanks.

I had tried it, and found it is really fantastic. It had many tools I dreamed with bootable CD.
I need some times to go through each of them.

Really fantastic !!!

I had test OTLPE, and I will post otl.txt on next post.

Besides, I notice that the file size of OTLPENet.exe is 121MB, while OTLPEStd.exe is only 181K.
Is it because my download of OTLPEStd.exe is fail last time, so it can't extract itself.

Mnay ... Many thanks anyway for this great bootable CD.
  • 0

#8
hkQQ2010
Posted 17 July 2011 - 07:26 AM

hkQQ2010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
OTL log
=========



OTL logfile created on: 7/17/2011 10:06:06 PM - Run
OTLPE by OldTimer - Version 3.1.47.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

1,015.00 Mb Total Physical Memory | 809.00 Mb Available Physical Memory | 80.00% Memory free
903.00 Mb Paging File | 841.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): f:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 2.00 Gb Total Space | 0.52 Gb Free Space | 25.81% Space Free | Partition Type: FAT
Drive D: | 2.00 Gb Total Space | 1.37 Gb Free Space | 68.37% Space Free | Partition Type: FAT
Drive E: | 2.00 Gb Total Space | 0.98 Gb Free Space | 48.99% Space Free | Partition Type: FAT
Drive F: | 68.09 Gb Total Space | 20.54 Gb Free Space | 30.17% Space Free | Partition Type: NTFS
Drive G: | 79.30 Gb Total Space | 0.35 Gb Free Space | 0.44% Space Free | Partition Type: NTFS
Drive X: | 436.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (wuauserv)
SRV - [2011/06/10 06:39:36 | 000,078,512 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [Auto] -- F:\Program Files\Thunder Network\Thunder\Program\DctSer.dll -- (XLDoctor Service)
SRV - [2010/11/15 13:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/09/13 02:21:10 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/27 08:40:08 | 000,020,680 | ---- | M] (ESET) [On_Demand] -- F:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/27 08:37:40 | 000,731,840 | ---- | M] (ESET) [Auto] -- F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (rkhdrv40)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Boot] -- -- (dlbesy)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/11/09 02:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System] -- F:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/10/04 13:22:52 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- F:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2009/05/27 08:38:18 | 000,094,360 | ---- | M] (ESET) [Kernel | System] -- F:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/05/27 08:37:24 | 000,107,256 | ---- | M] (ESET) [Kernel | System] -- F:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/27 08:34:50 | 000,114,472 | ---- | M] (ESET) [File_System | Auto] -- F:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2006/11/24 23:43:04 | 000,067,584 | ---- | M] (EZB Systems, Inc.) [File_System | System] -- F:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2004/08/04 16:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System] -- F:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2003/10/09 03:21:08 | 000,051,333 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2003/10/09 03:20:44 | 001,086,677 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2003/10/09 03:19:58 | 000,618,089 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2003/10/09 03:19:26 | 000,031,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Johnny_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.jobs.gov...rm/Default.aspx
IE - HKU\Johnny_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Johnny_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\systemprofile_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: F:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/07/04 16:04:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2011/07/05 03:58:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2011/07/04 23:51:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: F:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/09/04 02:31:17 | 000,000,000 | ---D | M]

[2011/07/04 16:06:07 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Johnny\Application Data\Mozilla\Extensions
[2011/07/04 16:07:44 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\i69bwuwo.default\extensions
[2011/07/04 16:07:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- F:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\i69bwuwo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/09 03:44:39 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions
[2011/07/09 03:44:39 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/07/04 16:04:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- F:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GOOGLE\TOOLBAR FOR FIREFOX\{3112CA9C-DE6D-4884-A869-9855DE68056C}
[2010/09/04 02:09:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- F:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/06/11 21:25:11 | 000,002,310 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\findbook-zh-TW.xml
[2010/06/11 21:25:11 | 000,001,222 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\wikipedia-zh-TW.xml
[2010/06/11 21:25:11 | 000,001,360 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\yahoo-answer-zh-TW.xml
[2010/06/11 21:25:11 | 000,000,843 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\yahoo-bid-zh-TW.xml
[2010/06/11 21:25:11 | 000,001,161 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\yahoo-zh-TW.xml

O1 HOSTS File: ([2011/07/17 03:38:38 | 000,000,027 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (捃濘狟婥盓厥) - {889D2FEB-5411-4565-8998-1DD2C5261283} - F:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.0.3076.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - F:\Documents and Settings\Johnny\Application Data\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O4 - HKLM..\Run: [IMEKRMIG6.1] F:\WINDOWS\ime\IMKR6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] F:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKU\Johnny_ON_F..\Run: [QvodTerminal] F:\Program Files\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_F\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Johnny_ON_F\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Johnny_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Johnny_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Johnny_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_F\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_F\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_F\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - F:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all by FlashGet3 - F:\Documents and Settings\Johnny\Application Data\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - F:\Documents and Settings\Johnny\Application Data\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Foxy 下載 - F:\Program Files\Foxy\Foxy.exe (Foxy, Inc.)
O8 - Extra context menu item: Foxy 搜尋 - F:\Program Files\Foxy\Foxy.exe (Foxy, Inc.)
O8 - Extra context menu item: 使用迅雷下載 - F:\Program Files\Thunder Network\Thunder\BHO\geturl.htm ()
O8 - Extra context menu item: 使用迅雷下載全部鏈接 - F:\Program Files\Thunder Network\Thunder\BHO\getAllurl.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1300209207703 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.186.94.242 203.186.94.20 203.186.94.22
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - Reg Error: Key error. File not found
O18 - Protocol\Handler\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - F:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - F:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (目前的首頁) - About:Home
O24 - Desktop WallPaper: F:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: F:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/14 15:38:30 | 000,003,212 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT ]
O32 - AutoRun File - [2005/08/28 13:16:32 | 000,000,657 | -H-- | M] () - D:\AUTOEXEC.BAT -- [ FAT ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/17 05:47:44 | 000,000,000 | ---D | C] -- F:\bd_logs
[2011/07/17 03:43:49 | 000,000,000 | -HSD | C] -- F:\RECYCLER
[2011/07/16 14:30:52 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/16 14:30:45 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2011/07/16 14:30:45 | 000,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware
[2011/07/15 02:32:37 | 000,000,000 | ---D | C] -- F:\_OTL
[2011/07/15 01:56:45 | 000,000,000 | ---D | C] -- F:\IBMTOOLS
[2011/07/14 15:25:53 | 000,000,000 | ---D | C] -- F:\Program Files\QvodPlayer
[2011/07/14 13:23:11 | 000,000,000 | ---D | C] -- F:\Program Files\ERUNT
[2011/07/14 08:35:11 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Johnny\Application Data\Autodesk
[2011/07/14 08:35:11 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Autodesk
[2011/07/14 06:41:49 | 000,000,000 | -HSD | C] -- F:\System Volume Information
[2011/07/06 12:52:32 | 000,098,392 | ---- | C] (Sunbelt Software) -- F:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/07/06 12:52:32 | 000,027,984 | ---- | C] (Sunbelt Software) -- F:\WINDOWS\System32\sbbd.exe
[2011/07/05 12:32:46 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wuauserv.dll
[2011/07/05 12:32:46 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\wuauserv.dd3
[2011/07/05 11:52:51 | 000,000,000 | ---D | C] -- F:\WINDOWS\ERDNT
[2011/07/04 16:05:51 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Johnny\Local Settings\Application Data\Mozilla
[2011/07/04 16:03:57 | 000,000,000 | ---D | C] -- F:\Program Files\Mozilla Firefox
[2011/07/04 16:03:50 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Google
[2011/07/03 21:52:19 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\PC Tools
[2011/07/02 03:43:53 | 000,000,000 | ---D | C] -- F:\Program Files\PC Tools Security
[2011/07/02 00:48:15 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft Works
[2011/07/02 00:46:15 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft.NET
[2011/07/02 00:41:58 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft Visual Studio 8
[2011/07/02 00:38:19 | 000,000,000 | R--D | C] -- F:\MSOCache
[2011/07/01 15:08:20 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Johnny\Local Settings\Application Data\Temp
[2011/07/01 10:12:26 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/01 10:05:03 | 000,000,000 | ---D | C] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/07/01 10:02:56 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Johnny\Application Data\Google
[2011/07/01 10:00:54 | 000,000,000 | ---D | C] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/07/01 09:59:48 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Johnny\Local Settings\Application Data\Google
[2011/07/01 09:59:18 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Google Updater
[2011/07/01 09:59:16 | 000,000,000 | ---D | C] -- F:\Program Files\Google
[2011/06/28 12:26:09 | 000,000,000 | ---D | C] -- g:\MYDOC\26 TV
[2011/06/25 08:53:25 | 000,000,000 | ---D | C] -- F:\MsOffice
[2011/06/25 08:30:27 | 000,016,128 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\modemcsa.sys
[2011/06/25 07:24:27 | 000,143,360 | ---- | C] (Intel Corporation) -- F:\WINDOWS\System32\igfxres.dll
[2011/06/25 07:16:42 | 000,017,664 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sermouse.sys

========== Files - Modified Within 30 Days ==========

[2011/07/17 08:48:25 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2011/07/17 03:38:38 | 000,000,027 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts
[2011/07/16 23:12:01 | 000,002,228 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2011/07/11 10:24:20 | 000,096,256 | ---- | M] () -- F:\Documents and Settings\Johnny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/11 09:09:19 | 000,000,116 | ---- | M] () -- F:\WINDOWS\NeroDigital.ini
[2011/07/11 04:05:25 | 000,000,000 | ---- | M] () -- F:\Documents and Settings\Johnny\Application Data\CoreAVC.ini
[2011/07/09 03:31:20 | 000,041,042 | ---- | M] () -- F:\aaaa
[2011/07/06 07:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 07:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2011/07/05 23:13:03 | 000,287,704 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/05 12:01:14 | 000,000,544 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/05 12:01:13 | 000,000,540 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/05 12:01:12 | 000,000,610 | ---- | M] () -- F:\WINDOWS\tasks\Google Software Updater.job
[2011/07/04 16:05:54 | 000,000,000 | ---- | M] () -- F:\WINDOWS\nsreg.dat
[2011/07/03 05:27:37 | 000,001,612 | ---- | M] () -- F:\WINDOWS\System32\secustat.dat
[2011/07/03 04:29:18 | 000,009,388 | ---- | M] () -- F:\WINDOWS\System32\secushr.dat
[2011/07/02 04:16:52 | 000,067,360 | -H-- | M] () -- F:\WINDOWS\System32\mlfcache.dat
[2011/07/01 10:13:19 | 000,572,046 | ---- | M] () -- F:\WINDOWS\System32\drivers\Cat.DB
[2011/06/25 08:41:58 | 000,000,171 | ---- | M] () -- F:\WINDOWS\WinDrvGhost.ini
[2011/06/25 08:31:17 | 000,435,688 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2011/06/25 08:31:17 | 000,383,994 | ---- | M] () -- F:\WINDOWS\System32\prfh0404.dat
[2011/06/25 08:31:17 | 000,214,742 | ---- | M] () -- F:\WINDOWS\System32\prfc0404.dat
[2011/06/25 08:31:17 | 000,068,584 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/07/11 04:05:25 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\Johnny\Application Data\CoreAVC.ini
[2011/07/09 03:31:20 | 000,041,042 | ---- | C] () -- F:\aaaa
[2011/07/04 16:05:54 | 000,000,000 | ---- | C] () -- F:\WINDOWS\nsreg.dat
[2011/07/01 10:13:07 | 000,572,046 | ---- | C] () -- F:\WINDOWS\System32\drivers\Cat.DB
[2011/07/01 10:01:05 | 000,067,360 | -H-- | C] () -- F:\WINDOWS\System32\mlfcache.dat
[2011/07/01 10:00:50 | 000,000,544 | ---- | C] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/01 10:00:50 | 000,000,540 | ---- | C] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/01 09:59:17 | 000,000,610 | ---- | C] () -- F:\WINDOWS\tasks\Google Software Updater.job
[2011/06/25 07:37:59 | 000,005,456 | R--- | C] () -- F:\WINDOWS\System32\e100b325.din
[2011/04/10 05:31:01 | 000,009,388 | ---- | C] () -- F:\WINDOWS\System32\secushr.dat
[2011/03/14 11:57:56 | 000,000,758 | ---- | C] () -- F:\WINDOWS\ProHelp99SE.INI
[2011/03/14 11:50:55 | 000,006,241 | ---- | C] () -- F:\WINDOWS\Client99SE.INI
[2011/03/14 11:50:55 | 000,003,664 | ---- | C] () -- F:\WINDOWS\AdvSch99SE.ini
[2011/03/14 11:50:55 | 000,000,369 | ---- | C] () -- F:\WINDOWS\HelpAdvisor99SE.ini
[2011/03/14 11:50:55 | 000,000,073 | ---- | C] () -- F:\WINDOWS\AdvSIM99SE.INI
[2011/03/02 06:21:41 | 000,000,138 | ---- | C] () -- F:\WINDOWS\Dlview32.INI
[2011/02/24 09:00:59 | 000,000,020 | ---- | C] () -- F:\WINDOWS\Epscan2.INI
[2011/02/23 14:18:36 | 000,000,600 | ---- | C] () -- F:\Documents and Settings\Johnny\PUTTY.RND
[2011/02/19 00:19:33 | 000,000,171 | ---- | C] () -- F:\WINDOWS\WinDrvGhost.ini
[2011/02/01 10:17:00 | 000,000,056 | ---- | C] () -- F:\Documents and Settings\Johnny\Application DataBITS.ini
[2010/10/26 10:05:03 | 000,000,012 | ---- | C] () -- F:\WINDOWS\System32\cid_store.dat
[2010/10/04 12:55:57 | 000,034,308 | ---- | C] () -- F:\WINDOWS\System32\BASSMOD.dll
[2010/09/08 05:29:46 | 000,000,085 | ---- | C] () -- F:\WINDOWS\is3004.ini
[2010/09/07 00:32:52 | 000,000,116 | ---- | C] () -- F:\WINDOWS\NeroDigital.ini
[2010/09/07 00:32:50 | 000,096,256 | ---- | C] () -- F:\Documents and Settings\Johnny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/06 04:24:53 | 000,000,063 | ---- | C] () -- F:\WINDOWS\TEXTware.ini
[2010/09/06 04:24:45 | 000,321,024 | ---- | C] () -- F:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
[2010/09/06 04:24:44 | 000,113,288 | ---- | C] () -- F:\WINDOWS\System32\bass.dll
[2010/09/06 04:24:43 | 000,147,456 | ---- | C] () -- F:\WINDOWS\System32\Twavbx32.dll
[2010/09/06 04:24:43 | 000,018,432 | ---- | C] () -- F:\WINDOWS\System32\TWAIED02.DLL
[2010/09/06 04:24:39 | 000,143,360 | ---- | C] () -- F:\WINDOWS\System32\ILXTBS.DLL
[2010/09/04 06:20:44 | 000,040,960 | ---- | C] () -- F:\Program Files\Uninstall_CDS.exe
[2010/09/04 06:17:58 | 000,001,612 | ---- | C] () -- F:\WINDOWS\System32\secustat.dat
[2010/09/04 06:15:56 | 000,000,025 | ---- | C] () -- F:\WINDOWS\libem.INI
[2010/09/04 03:30:33 | 000,000,379 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2010/09/04 02:27:33 | 000,000,020 | ---- | C] () -- F:\WINDOWS\System32\pub_store.dat
[2010/09/04 02:18:02 | 000,000,060 | ---- | C] () -- F:\WINDOWS\MediaList.ini
[2010/09/04 02:17:57 | 000,001,240 | ---- | C] () -- F:\WINDOWS\Powerlist.ini
[2010/09/04 02:17:56 | 000,000,870 | ---- | C] () -- F:\WINDOWS\powerplayer.ini
[2010/09/04 02:17:05 | 000,001,250 | ---- | C] () -- F:\WINDOWS\psnetwork.ini
[2010/09/04 01:45:48 | 000,004,012 | ---- | C] () -- F:\WINDOWS\System32\d3d9caps.dat
[2010/09/04 01:32:37 | 000,126,976 | ---- | C] () -- F:\WINDOWS\System32\e1000msg.dll
[2010/09/04 01:16:33 | 000,002,048 | --S- | C] () -- F:\WINDOWS\bootstat.dat
[2010/09/04 01:07:24 | 000,022,556 | ---- | C] () -- F:\WINDOWS\System32\emptyregdb.dat
[2010/09/04 01:01:21 | 000,004,205 | ---- | C] () -- F:\WINDOWS\ODBCINST.INI
[2010/09/04 00:58:03 | 000,287,704 | ---- | C] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 18:20:00 | 000,001,804 | ---- | C] () -- F:\WINDOWS\System32\Dcache.bin
[2006/12/31 03:57:08 | 000,004,569 | ---- | C] () -- F:\WINDOWS\System32\secupd.dat
[2004/08/04 16:00:00 | 013,107,200 | ---- | C] () -- F:\WINDOWS\System32\oembios.bin
[2004/08/04 16:00:00 | 000,673,088 | ---- | C] () -- F:\WINDOWS\System32\mlang.dat
[2004/08/04 16:00:00 | 000,272,128 | ---- | C] () -- F:\WINDOWS\System32\perfi009.dat
[2004/08/04 16:00:00 | 000,261,056 | ---- | C] () -- F:\WINDOWS\winhelp.exe
[2004/08/04 16:00:00 | 000,218,003 | ---- | C] () -- F:\WINDOWS\System32\dssec.dat
[2004/08/04 16:00:00 | 000,112,200 | ---- | C] () -- F:\WINDOWS\System32\prfi0404.dat
[2004/08/04 16:00:00 | 000,046,258 | ---- | C] () -- F:\WINDOWS\System32\mib.bin
[2004/08/04 16:00:00 | 000,028,626 | ---- | C] () -- F:\WINDOWS\System32\prfd0404.dat
[2004/08/04 16:00:00 | 000,028,626 | ---- | C] () -- F:\WINDOWS\System32\perfd009.dat
[2004/08/04 16:00:00 | 000,004,463 | ---- | C] () -- F:\WINDOWS\System32\oembios.dat
[2002/03/21 03:39:02 | 000,073,728 | ---- | C] () -- F:\WINDOWS\System32\UNACEV2.DLL
[2001/09/16 20:00:00 | 000,435,688 | ---- | C] () -- F:\WINDOWS\System32\perfh009.dat
[2001/09/16 20:00:00 | 000,383,994 | ---- | C] () -- F:\WINDOWS\System32\prfh0404.dat
[2001/09/16 20:00:00 | 000,214,742 | ---- | C] () -- F:\WINDOWS\System32\prfc0404.dat
[2001/09/16 20:00:00 | 000,068,584 | ---- | C] () -- F:\WINDOWS\System32\perfc009.dat
[2001/09/16 20:00:00 | 000,000,741 | ---- | C] () -- F:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/07/14 08:35:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Johnny\Application Data\Autodesk
[2011/07/03 05:59:16 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Johnny\Application Data\BITS
[2010/09/06 04:25:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Johnny\Application Data\Cambridge
[2010/09/04 06:15:44 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Johnny\Application Data\FlashGet
[2010/12/13 10:45:10 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Johnny\Application Data\FlashGetBHO
[2010/11/03 04:02:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Johnny\Application Data\FlashgetSetup
[2010/09/04 02:04:36 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Johnny\Application Data\Foxy
[2011/05/24 07:07:44 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Johnny\Application Data\GetRightToGo
[2011/01/15 12:36:02 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Johnny\Application Data\NesterSoft
[2011/05/13 02:20:40 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Johnny\Application Data\Nitro PDF
[2010/09/04 02:23:40 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Johnny\Application Data\Octoshape
[2011/02/11 09:51:18 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Johnny\Application Data\OpenCandy
[2010/09/14 02:07:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Johnny\Application Data\ppstream
[2011/02/03 13:14:26 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Johnny\Application Data\qvodaddr
[2010/09/04 06:06:09 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Johnny\Application Data\Tencent
[2011/02/23 07:01:38 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Johnny\Application Data\WebCatcher
[2011/03/15 14:36:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Johnny\Application Data\Windows Live Writer
[2011/07/14 08:35:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Autodesk
[2010/09/04 02:31:16 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\ESET
[2011/07/03 14:26:38 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\GVODPlayer
[2011/02/03 13:22:01 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\KuaiWan
[2011/02/11 09:52:24 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/07/03 22:25:37 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/11 04:06:26 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Thunder Network
[2011/07/07 03:11:51 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TSLOG
[2010/11/14 13:51:23 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Xunlei

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/07/17 03:55:20 | 000,000,000 | ---D | M](F:\Documents and Settings\Johnny\??) -- F:\Documents and Settings\Johnny\桌面
[2011/07/17 03:55:20 | 000,000,000 | ---D | M](F:\Documents and Settings\Johnny\??) -- F:\Documents and Settings\Johnny\桌面
[2011/07/17 02:20:52 | 001,739,400 | ---- | M] (Secunia)(F:\Documents and Settings\Johnny\??\PSISetup.exe) -- F:\Documents and Settings\Johnny\桌面\PSISetup.exe
[2011/07/17 02:20:44 | 001,739,400 | ---- | C] (Secunia)(F:\Documents and Settings\Johnny\??\PSISetup.exe) -- F:\Documents and Settings\Johnny\桌面\PSISetup.exe
[2011/07/17 00:42:35 | 005,592,880 | ---- | M] (Uniblue Systems Ltd )(F:\Documents and Settings\Johnny\??\speedupmypc3plc.exe) -- F:\Documents and Settings\Johnny\桌面\speedupmypc3plc.exe
[2011/07/17 00:42:35 | 005,592,880 | ---- | C] (Uniblue Systems Ltd )(F:\Documents and Settings\Johnny\??\speedupmypc3plc.exe) -- F:\Documents and Settings\Johnny\桌面\speedupmypc3plc.exe
[2011/07/17 00:25:53 | 000,000,000 | ---D | M](F:\Documents and Settings\All Users\??) -- F:\Documents and Settings\All Users\桌面
[2011/07/16 23:52:29 | 000,000,000 | ---D | M](F:\Documents and Settings\Johnny\??\AV Tools) -- F:\Documents and Settings\Johnny\桌面\AV Tools
[2011/07/16 14:30:52 | 000,000,000 | ---D | M](F:\Documents and Settings\All Users\???????\???\Malwarebytes' Anti-Malware) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\Malwarebytes' Anti-Malware
[2011/07/16 14:30:52 | 000,000,000 | ---D | C](F:\Documents and Settings\All Users\???????\???\Malwarebytes' Anti-Malware) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\Malwarebytes' Anti-Malware
[2011/07/16 05:50:21 | 001,669,303 | ---- | M] (Igor Pavlov)(F:\Documents and Settings\Johnny\??\UltraVNC_1.0.9.5_azo.exe) -- F:\Documents and Settings\Johnny\桌面\UltraVNC_1.0.9.5_azo.exe
[2011/07/16 05:49:59 | 001,669,303 | ---- | C] (Igor Pavlov)(F:\Documents and Settings\Johnny\??\UltraVNC_1.0.9.5_azo.exe) -- F:\Documents and Settings\Johnny\桌面\UltraVNC_1.0.9.5_azo.exe
[2011/07/15 07:39:38 | 000,119,600 | ---- | M] (Microsoft Corporation)(F:\Documents and Settings\Johnny\??\File Checksum Integrity Verifier.exe) -- F:\Documents and Settings\Johnny\桌面\File Checksum Integrity Verifier.exe
[2011/07/15 07:39:38 | 000,119,600 | ---- | C] (Microsoft Corporation)(F:\Documents and Settings\Johnny\??\File Checksum Integrity Verifier.exe) -- F:\Documents and Settings\Johnny\桌面\File Checksum Integrity Verifier.exe
[2011/07/14 13:31:08 | 000,000,000 | ---D | M](F:\Documents and Settings\All Users\???????\???\Util) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\Util
[2011/07/08 14:09:58 | 000,000,208 | ---- | M] ()(F:\Documents and Settings\Johnny\??\Adobe - Adobe Flash Player.url) -- F:\Documents and Settings\Johnny\桌面\Adobe - Adobe Flash Player.url
[2011/07/05 11:42:29 | 000,000,238 | ---- | M] ()(F:\Documents and Settings\Johnny\??\Set Google as my search engine Customize your experience - Web Search Help.url) -- F:\Documents and Settings\Johnny\桌面\Set Google as my search engine Customize your experience - Web Search Help.url
[2011/07/04 23:51:44 | 000,001,804 | ---- | M] ()(F:\Documents and Settings\All Users\???????\???\Adobe Reader X.lnk) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\Adobe Reader X.lnk
[2011/07/04 23:51:44 | 000,001,804 | ---- | C] ()(F:\Documents and Settings\All Users\???????\???\Adobe Reader X.lnk) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\Adobe Reader X.lnk
[2011/07/04 22:56:34 | 000,000,208 | ---- | C] ()(F:\Documents and Settings\Johnny\??\Adobe - Adobe Flash Player.url) -- F:\Documents and Settings\Johnny\桌面\Adobe - Adobe Flash Player.url
[2011/07/04 22:11:56 | 000,000,000 | ---D | C](F:\Documents and Settings\Johnny\??\AV Tools) -- F:\Documents and Settings\Johnny\桌面\AV Tools
[2011/07/04 16:09:57 | 000,000,238 | ---- | C] ()(F:\Documents and Settings\Johnny\??\Set Google as my search engine Customize your experience - Web Search Help.url) -- F:\Documents and Settings\Johnny\桌面\Set Google as my search engine Customize your experience - Web Search Help.url
[2011/07/04 14:31:01 | 000,073,615 | ---- | M] ()(F:\Documents and Settings\Johnny\??\PendMoves1.zip) -- F:\Documents and Settings\Johnny\桌面\PendMoves1.zip
[2011/07/04 14:31:01 | 000,073,615 | ---- | C] ()(F:\Documents and Settings\Johnny\??\PendMoves1.zip) -- F:\Documents and Settings\Johnny\桌面\PendMoves1.zip
[2011/07/04 14:30:47 | 000,073,615 | ---- | M] ()(F:\Documents and Settings\Johnny\??\PendMoves.zip) -- F:\Documents and Settings\Johnny\桌面\PendMoves.zip
[2011/07/04 14:30:47 | 000,073,615 | ---- | C] ()(F:\Documents and Settings\Johnny\??\PendMoves.zip) -- F:\Documents and Settings\Johnny\桌面\PendMoves.zip
[2011/07/02 12:39:50 | 000,000,000 | ---D | M](F:\Documents and Settings\All Users\???????\???\Google) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\Google
[2011/07/01 13:01:16 | 000,000,000 | R--D | M](F:\Documents and Settings\All Users\???????\???\??) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\啟動
[2011/07/01 12:42:36 | 000,000,000 | ---D | C](F:\Documents and Settings\All Users\???????\???\Google) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\Google
[2011/07/01 12:41:35 | 000,000,000 | ---D | M](F:\Documents and Settings\All Users\???????\???\Adobe) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\Adobe
[2011/05/25 06:27:50 | 000,000,000 | ---D | M](g:\MYDOC\OneNote ???) -- g:\MYDOC\OneNote 筆記本
[2011/04/15 23:40:08 | 000,003,540 | ---- | M] ()(g:\MYDOC\???.txt) -- g:\MYDOC\紅樹林.txt
[2011/04/15 23:40:08 | 000,003,540 | ---- | C] ()(g:\MYDOC\???.txt) -- g:\MYDOC\紅樹林.txt
[2011/04/15 23:08:48 | 000,007,841 | ---- | M] ()(g:\MYDOC\??????.txt) -- g:\MYDOC\中國常識點滳.txt
[2011/04/15 23:08:48 | 000,007,841 | ---- | C] ()(g:\MYDOC\??????.txt) -- g:\MYDOC\中國常識點滳.txt
[2011/04/08 20:51:00 | 000,000,000 | ---D | M](F:\Documents and Settings\Johnny\??\AV) -- F:\Documents and Settings\Johnny\桌面\AV
[2011/04/04 05:35:37 | 000,000,000 | R--D | M](F:\Documents and Settings\Johnny\???????) -- F:\Documents and Settings\Johnny\「開始」功能表
[2011/04/04 05:35:37 | 000,000,000 | R--D | M](F:\Documents and Settings\Johnny\???????) -- F:\Documents and Settings\Johnny\「開始」功能表
[2011/04/02 02:31:29 | 000,000,000 | ---D | M](g:\MYDOC\????) -- g:\MYDOC\電器維修
[2011/03/16 04:01:33 | 000,000,000 | R--D | M](F:\Documents and Settings\All Users\???????) -- F:\Documents and Settings\All Users\「開始」功能表
[2011/03/15 13:11:35 | 000,000,817 | ---- | M] ()(F:\Documents and Settings\Johnny\Application Data\Microsoft\Internet Explorer\Quick Launch\?? Internet Explorer ???.lnk) -- F:\Documents and Settings\Johnny\Application Data\Microsoft\Internet Explorer\Quick Launch\啟動 Internet Explorer 瀏覽器.lnk
[2011/03/15 12:26:48 | 000,000,084 | -HS- | M] ()(F:\Documents and Settings\All Users\???????\???\??\desktop.ini) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\desktop.ini
[2011/03/11 03:11:08 | 000,000,000 | ---D | M](g:\MYDOC\????) -- g:\MYDOC\電腦疑難
[2011/03/05 07:53:56 | 000,000,000 | ---D | C](g:\MYDOC\????) -- g:\MYDOC\電腦疑難
[2011/02/18 01:14:14 | 000,000,000 | ---D | C](g:\MYDOC\OneNote ???) -- g:\MYDOC\OneNote 筆記本
[2011/02/12 14:40:11 | 000,000,000 | ---D | C](g:\MYDOC\????) -- g:\MYDOC\電器維修
[2010/10/25 12:51:58 | 000,000,000 | ---D | M](g:\MYDOC\???????) -- g:\MYDOC\我已接收的檔案
[2010/09/21 10:42:01 | 000,000,000 | ---D | M](F:\Program Files\????) -- F:\Program Files\繁簡互換
[2010/09/21 10:42:01 | 000,000,000 | ---D | M](F:\Program Files\????) -- F:\Program Files\繁簡互換
[2010/09/04 09:43:04 | 000,000,000 | ---D | M](F:\Documents and Settings\All Users\????) -- F:\Documents and Settings\All Users\「開始」
[2010/09/04 02:57:38 | 000,000,000 | ---D | M](F:\Documents and Settings\Administrator\??) -- F:\Documents and Settings\Administrator\桌面
[2010/09/04 02:57:38 | 000,000,000 | ---D | M](F:\Documents and Settings\Administrator\??) -- F:\Documents and Settings\Administrator\桌面
[2010/09/04 02:34:13 | 000,000,000 | ---D | C](F:\Documents and Settings\Johnny\??\AV) -- F:\Documents and Settings\Johnny\桌面\AV
[2010/09/04 01:50:17 | 000,000,079 | ---- | M] ()(F:\Documents and Settings\Johnny\Application Data\Microsoft\Internet Explorer\Quick Launch\????.scf) -- F:\Documents and Settings\Johnny\Application Data\Microsoft\Internet Explorer\Quick Launch\顯示桌面.scf
[2010/09/04 01:50:17 | 000,000,079 | ---- | C] ()(F:\Documents and Settings\Johnny\Application Data\Microsoft\Internet Explorer\Quick Launch\????.scf) -- F:\Documents and Settings\Johnny\Application Data\Microsoft\Internet Explorer\Quick Launch\顯示桌面.scf
[2010/09/04 01:50:09 | 000,000,817 | ---- | C] ()(F:\Documents and Settings\Johnny\Application Data\Microsoft\Internet Explorer\Quick Launch\?? Internet Explorer ???.lnk) -- F:\Documents and Settings\Johnny\Application Data\Microsoft\Internet Explorer\Quick Launch\啟動 Internet Explorer 瀏覽器.lnk
[2010/09/04 01:18:04 | 000,000,781 | ---- | M] ()(F:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\?? Internet Explorer ???.lnk) -- F:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\啟動 Internet Explorer 瀏覽器.lnk
[2010/09/04 01:18:03 | 000,000,079 | ---- | M] ()(F:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\????.scf) -- F:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\顯示桌面.scf
[2010/09/04 01:18:03 | 000,000,079 | ---- | C] ()(F:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\????.scf) -- F:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\顯示桌面.scf
[2010/09/04 01:17:52 | 000,000,781 | ---- | C] ()(F:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\?? Internet Explorer ???.lnk) -- F:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\啟動 Internet Explorer 瀏覽器.lnk
[2010/09/04 01:17:43 | 000,000,084 | -HS- | C] ()(F:\Documents and Settings\Administrator\???????\???\??\desktop.ini) -- F:\Documents and Settings\Administrator\「開始」功能表\程式集\啟動\desktop.ini
[2010/09/04 01:16:27 | 000,000,084 | -HS- | C] ()(F:\WINDOWS\system32\config\systemprofile\???????\???\??\desktop.ini) -- F:\WINDOWS\system32\config\systemprofile\「開始」功能表\程式集\啟動\desktop.ini
[2010/09/04 01:11:24 | 000,000,084 | -HS- | M] ()(F:\WINDOWS\system32\config\systemprofile\???????\???\??\desktop.ini) -- F:\WINDOWS\system32\config\systemprofile\「開始」功能表\程式集\啟動\desktop.ini
[2010/09/04 01:11:24 | 000,000,084 | -HS- | M] ()(F:\Documents and Settings\Administrator\???????\???\??\desktop.ini) -- F:\Documents and Settings\Administrator\「開始」功能表\程式集\啟動\desktop.ini
[2010/09/04 00:58:54 | 000,000,084 | -HS- | C] ()(F:\Documents and Settings\All Users\???????\???\??\desktop.ini) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\desktop.ini
[2010/09/04 00:58:54 | 000,000,000 | R--D | M](F:\Documents and Settings\Administrator\???????) -- F:\Documents and Settings\Administrator\「開始」功能表
[2010/09/04 00:58:54 | 000,000,000 | R--D | M](F:\Documents and Settings\Administrator\???????) -- F:\Documents and Settings\Administrator\「開始」功能表
[2010/09/02 11:25:48 | 000,000,788 | ---- | M] ()(g:\MYDOC\???????.lnk) -- g:\MYDOC\我的共用資料夾.lnk
[2010/08/15 09:14:53 | 000,000,000 | ---D | M](g:\MYDOC\??) -- g:\MYDOC\傳真
[2010/08/15 09:14:53 | 000,000,000 | ---D | C](g:\MYDOC\??) -- g:\MYDOC\傳真
[2008/10/16 23:39:13 | 000,000,000 | --SD | M](g:\MYDOC\??????) -- g:\MYDOC\我的資料來源
[2008/10/16 23:39:13 | 000,000,000 | --SD | C](g:\MYDOC\??????) -- g:\MYDOC\我的資料來源
[2008/08/02 09:48:26 | 000,000,000 | ---D | M](g:\MYDOC\??) -- g:\MYDOC\先裕
[2008/06/12 05:58:22 | 000,000,000 | ---D | C](g:\MYDOC\??) -- g:\MYDOC\先裕
[2008/04/23 01:53:15 | 000,000,000 | ---D | C](g:\MYDOC\???????) -- g:\MYDOC\我已接收的檔案
[2007/06/13 00:30:19 | 000,000,788 | ---- | C] ()(g:\MYDOC\???????.lnk) -- g:\MYDOC\我的共用資料夾.lnk
[2004/08/04 16:00:00 | 000,000,075 | ---- | M] ()(F:\WINDOWS\System32\????.scf) -- F:\WINDOWS\System32\檢視頻道.scf
[2004/08/04 16:00:00 | 000,000,075 | ---- | C] ()(F:\WINDOWS\System32\????.scf) -- F:\WINDOWS\System32\檢視頻道.scf
(F:\WINDOWS\system32\config\systemprofile\???????\???\??????) -- F:\WINDOWS\system32\config\systemprofile\「開始」功能表\程式集\附屬應用程式
(F:\WINDOWS\system32\config\systemprofile\???????\???\??) -- F:\WINDOWS\system32\config\systemprofile\「開始」功能表\程式集\啟動
(F:\Program Files\????) -- F:\Program Files\繁簡互換
(F:\Documents and Settings\Johnny\???????) -- F:\Documents and Settings\Johnny\「開始」功能表
(F:\Documents and Settings\Johnny\??) -- F:\Documents and Settings\Johnny\桌面
(F:\Documents and Settings\All Users\???????\???\Util) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\Util
(F:\Documents and Settings\All Users\???????\???\MS) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\MS
(F:\Documents and Settings\All Users\???????\???\Adobe) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\Adobe
(F:\Documents and Settings\All Users\???????\???\??????) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\附屬應用程式
(F:\Documents and Settings\All Users\???????\???\??????) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\系統管理工具
(F:\Documents and Settings\All Users\???????\???\???) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\遊樂場
(F:\Documents and Settings\All Users\???????\???\??) -- F:\Documents and Settings\All Users\「開始」功能表\程式集\啟動
(F:\Documents and Settings\All Users\???????) -- F:\Documents and Settings\All Users\「開始」功能表
(F:\Documents and Settings\All Users\????) -- F:\Documents and Settings\All Users\「開始」
(F:\Documents and Settings\All Users\??) -- F:\Documents and Settings\All Users\桌面
(F:\Documents and Settings\Administrator\???????\???\??????) -- F:\Documents and Settings\Administrator\「開始」功能表\程式集\附屬應用程式
(F:\Documents and Settings\Administrator\???????\???\??) -- F:\Documents and Settings\Administrator\「開始」功能表\程式集\啟動
(F:\Documents and Settings\Administrator\???????) -- F:\Documents and Settings\Administrator\「開始」功能表
(F:\Documents and Settings\Administrator\??) -- F:\Documents and Settings\Administrator\桌面

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

#9
Essexboy
Posted 17 July 2011 - 07:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Besides, I notice that the file size of OTLPENet.exe is 121MB, while OTLPEStd.exe is only 181K.
Is it because my download of OTLPEStd.exe is fail last time, so it can't extract itself.

Defibnitely a corrupt download as the OTLPEStd is on a few MB smaller than the net version

You will be pleased to know that I can see no apparent malware, although your Java is out of date :)
  • 0

#10
hkQQ2010
Posted 17 July 2011 - 10:46 AM

hkQQ2010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Essexboy

Besides, I notice that the file size of OTLPENet.exe is 121MB, while OTLPEStd.exe is only 181K.
Is it because my download of OTLPEStd.exe is fail last time, so it can't extract itself.

Defibnitely a corrupt download as the OTLPEStd is on a few MB smaller than the net version

Thanks for your info. I will try to download OTLPEStd.exe again, just for interest.

You will be pleased to know that I can see no apparent malware, although your Java is out of date :)

Thanks for your advice, I will delete Java and install the new one.


Besides, I notice that the followings are not showed in OTL.log I take 3 days before.

========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (wuauserv)


========== Driver Services (SafeList) ==========
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)


========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

Are they normal?
Especially for "@Alternate Data Stream" item, I am not familiar with it. I recall that someone in the Net said that it is originally designed for compatible with Old MAC File System, and seldom used by legitimate Win software. Do I need to delete it?

And I really can't recall when did I install "the Sunbelt Software" in the recent 3 days, althought I had tested many tools which introduced by the Geeks here.

Finally, I have no idea about "Purity Check" and "LOP Check". What are them? Where can I find the details of them. Do I need to take care of them when they appear in OTL log?

Tooooo... many questions ...
Sorry ....
  • 0

Advertisements

#11
Essexboy
Posted 17 July 2011 - 10:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
http://www.geekstogo...ldtimer-listit/ see here for the answers

They are all normal - if you have uninstalled sunbelt then that is an uninstalled remnant
  • 0

#12
hkQQ2010
Posted 17 July 2011 - 11:44 AM

hkQQ2010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

http://www.geekstogo.com/forum/topic/277391-otl-tutorial-how-to-use-oldtimer-listit/ see here for the answers

Yes, I had read it several times before.
But, strangely, with your current advice, I revise it again. I suddenly feel that I grasp some hints of them.
Sorry, my English is not so well, some times I need to revise more ....

They are all normal - if you have uninstalled sunbelt then that is an uninstalled remnant

I see .... Thanks a lot.

Once again, thanks for your time, your lenient and your perseverance
  • 0

#13
hkQQ2010
Posted 17 July 2011 - 01:48 PM

hkQQ2010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Defibnitely a corrupt download as the OTLPEStd is on a few MB smaller than the net version

Thanks for your info. I will try to download OTLPEStd.exe again, just for interest.

FYI, I had finally download OTLPEStd.exe successfully. It is about 93.5MB.
I first failed once again, but with "Xunlei" (program similar to FlashGet), I eventually succeeded to get it.

Once again, thanks for your valauble help. ... :) ... :yes: ... :unsure:
  • 0

#14
Essexboy
Posted 17 July 2011 - 02:22 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem if you wish to learn you could join GeekU
  • 0

#15
hkQQ2010
Posted 17 July 2011 - 02:32 PM

hkQQ2010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

No problem if you wish to learn you could join GeekU

Thanks for your advice.
I am seriously considering it.
But I want to learn more here firstly.

Besides, I am afraid I have not enough time to devote for servicing here after learning from GeekU.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP