Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bad image error pop ups window XP


  • This topic is locked This topic is locked

#1
ade85

ade85

    New Member

  • Member
  • Pip
  • 2 posts
Hi geeks,

i had encounter alot of pop up error msgs for the past few days, error msg as follow: DLL C:\SYSTEM32.DLL IS NOT A VALID IMAGE. PLEASE CHECK INSTALLATION DISKETTE

i have yet to restore and i do not know what to do. any kind souls around can help me? these msgs really very irritating =(

Thanks alot
Ade


OTL logfile created on: 2011-11-1 1:04:34 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\yong kee\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000804 | Country: People's Republic of China | Language: CHS | Date Format: yyyy-M-d

1014.04 Mb Total Physical Memory | 231.99 Mb Available Physical Memory | 22.88% Memory free
2.38 Gb Paging File | 1.64 Gb Available in Paging File | 68.76% Paging File free
Paging file location(s): C:\pagefile.sys 1521 1521 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 3.05 Gb Free Space | 3.91% Space Free | Partition Type: NTFS
Drive E: | 154.75 Gb Total Space | 148.90 Gb Free Space | 96.22% Space Free | Partition Type: NTFS

Computer Name: YONG-9ED1016927 | User Name: yong kee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-11-01 01:03:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\yong kee\My Documents\Downloads\OTL.exe
PRC - [2011-09-02 09:56:36 | 001,479,408 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files\Funshion Online\Funshion\FunshionService.exe
PRC - [2011-03-24 01:49:21 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011-01-07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011-01-07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011-01-07 01:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011-01-06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010-12-05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010-12-05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010-10-22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2008-04-14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011-09-02 10:04:04 | 000,230,128 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\fptassrv.dll
MOD - [2011-09-02 10:04:02 | 000,140,016 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\fpsrv.dll
MOD - [2011-09-02 09:54:18 | 000,160,496 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\GetMACAddress.dll
MOD - [2011-09-02 09:54:02 | 000,299,760 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\Dump.dll
MOD - [2011-03-24 01:49:18 | 004,110,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\10.0.648.204\pdf.dll
MOD - [2011-03-24 01:48:08 | 000,251,448 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\10.0.648.204\Locales\en-US.dll
MOD - [2011-03-24 01:47:31 | 000,102,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\10.0.648.204\avutil-50.dll
MOD - [2011-03-24 01:47:29 | 000,194,632 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\10.0.648.204\avformat-52.dll
MOD - [2011-03-24 01:47:28 | 001,823,304 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\10.0.648.204\avcodec-52.dll
MOD - [2011-03-23 09:41:30 | 006,111,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\10.0.648.204\gcswf32.dll
MOD - [2010-06-03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010-02-06 02:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008-04-14 08:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008-04-14 08:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-06-08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011-03-18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2007-05-15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2010-12-08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010-11-12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010-09-13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010-09-07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010-09-07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010-08-03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010-08-03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010-08-03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010-04-19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009-02-17 20:34:34 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008-12-30 11:55:20 | 000,102,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008-12-13 11:26:38 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007-05-15 15:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007-05-15 15:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007-05-15 15:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007-03-22 15:59:46 | 000,625,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006-10-29 23:16:42 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005-12-23 09:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005-11-21 13:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005-11-17 12:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005-11-02 10:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005-08-23 08:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005-08-23 08:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005-08-23 08:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005-04-13 16:31:30 | 000,239,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2001-08-18 21:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C6 3E BD 06 52 B5 55 40 BE 01 72 62 F1 A4 55 14 [binary data]
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files\Kuaiwan\npKuaiWanGame.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011-02-12 03:56:48 | 000,000,000 | ---D | M]

[2010-01-07 03:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\yong kee\Application Data\Mozilla\Extensions
[2010-01-07 03:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\yong kee\Application Data\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\10.0.648.204\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\10.0.648.204\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\10.0.648.204\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: mozilla-qgame-kuaiwan-plugin (Enabled) = C:\Program Files\Kuaiwan\npKuaiWanGame.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2001-08-18 21:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {06BD3EC6-B552-4055-BE01-7262F1A45514} - No CLSID value found.
O2 - BHO: (0DCA3461-838F-0BC8-8F4B-37043296EC1E Class) - {0DCA3461-838F-0BC8-8F4B-37043296EC1E} - C:\Program Files\Funshion Online\Funshion\FunshionAddr\funshionAddr.dll ()
O2 - BHO: (no name) - {178D7712-6FA1-FC2A-DFB7-17B2AB1BFB6D} - No CLSID value found.
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (WebDetectorBHO Class) - {43BEAFD9-E005-483D-A367-146BA6C8A32E} - C:\Program Files\Tudou\飞速Tudou\tudouDetector.dll (土豆网)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O2 - BHO: (Poper Class) - {779322F5-6D5C-456e-9483-DF830D6BAFD5} - C:\Program Files\GVOD\bin\VAPoper_now.dll (ShenZhen PiaoYi Network Technology Co.,Ltd.)
O2 - BHO: (CTSWebSiteMon Class) - {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - C:\Program Files\Tencent\QQPCMgr\4.5.984.201\TSWebMon.dat File not found
O2 - BHO: (QvodGameExtend) - {94C3E4BB-A261-4A83-B437-EA6F7A28CA68} - C:\Program Files\Kuaiwan\QvodGameExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - {B690E49B-D211-7BFB-1A8F-71457217F9C5} - No CLSID value found.
O2 - BHO: (D5BB354B-EF3B-3117-B5F6-893DB9C32CD8 Class) - {D5BB354B-EF3B-3117-B5F6-893DB9C32CD8} - C:\Program Files\Funshion Online\Funshion\FunshionAddr\funshionAddr.dll ()
O2 - BHO: (D9681439-90D8-C745-FB80-E9D7AA9D767E Class) - {D9681439-90D8-C745-FB80-E9D7AA9D767E} - C:\Program Files\Funshion Online\Funshion\FunshionAddr\funshionAddr.dll ()
O2 - BHO: (no name) - {E2D1EDCF-70F8-6F25-725C-76DAECC78C55} - No CLSID value found.
O2 - BHO: (no name) - {E53A1A8E-BB2E-94B5-230A-699F9FC00BD7} - No CLSID value found.
O2 - BHO: (no name) - {EB7F4DEE-0815-92F9-A4BF-2330ECE68236} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Funshion] C:\Program Files\Funshion Online\Funshion\Funshion.exe (Funshion Online Technologies Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\QQDisabled: RTHDBPL = rem|C:\Documents and Settings\yong kee\Application Data\SystemProc\lsass.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\ikutm.dll (youku.com)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.1.58 202.156.1.48 218.186.1.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A78B324-13EE-4A01-932F-F3CFBF17577C}: DhcpNameServer = 218.186.1.58 202.156.1.48 218.186.1.88
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) -C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) -C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\dpvoice32.dll) -C:\WINDOWS\system32\DPVOICE32.DLL ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\b4f96202726: DllName - (C:\WINDOWS\System32\dpvoice32.dll) - C:\WINDOWS\system32\DPVOICE32.DLL ()
O24 - Desktop Components:0 () - http://m489.mail.qq....FsIE0gKlK0laUEM
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\yong kee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\yong kee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-08-23 13:47:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{20dc0334-8fc5-11de-bc8b-0016d31ab0ef}\Shell - "" = AutoRun
O33 - MountPoints2\{20dc0334-8fc5-11de-bc8b-0016d31ab0ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{20dc0334-8fc5-11de-bc8b-0016d31ab0ef}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{28a8bd85-8fb9-11de-bc85-0016d31ab0ef}\Shell\AutoRun\command - "" = j.cmd
O33 - MountPoints2\{28a8bd85-8fb9-11de-bc85-0016d31ab0ef}\Shell\explore\Command - "" = j.cmd
O33 - MountPoints2\{28a8bd85-8fb9-11de-bc85-0016d31ab0ef}\Shell\open\Command - "" = j.cmd
O33 - MountPoints2\{3e53047c-a3a4-11de-861f-0016d31ab0ef}\Shell - "" = AutoRun
O33 - MountPoints2\{3e53047c-a3a4-11de-861f-0016d31ab0ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e53047c-a3a4-11de-861f-0016d31ab0ef}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{3f19913d-40d3-11e0-8975-0016d31ab0ef}\Shell - "" = AutoRun
O33 - MountPoints2\{3f19913d-40d3-11e0-8975-0016d31ab0ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3f19913d-40d3-11e0-8975-0016d31ab0ef}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{3f19913e-40d3-11e0-8975-0016d31ab0ef}\Shell - "" = AutoRun
O33 - MountPoints2\{3f19913e-40d3-11e0-8975-0016d31ab0ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3f19913e-40d3-11e0-8975-0016d31ab0ef}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{4df7cbd6-e6c9-11de-8670-0016d31ab0ef}\Shell - "" = AutoRun
O33 - MountPoints2\{4df7cbd6-e6c9-11de-8670-0016d31ab0ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4df7cbd6-e6c9-11de-8670-0016d31ab0ef}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{b9345610-4005-11e0-8972-001a73046d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{b9345610-4005-11e0-8972-001a73046d4a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9345610-4005-11e0-8972-001a73046d4a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-11-01 00:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011-10-31 00:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yong kee\Start Menu\Programs\腾讯软件
[2009-11-30 16:31:13 | 006,096,968 | ---- | C] (Microsoft Corporation) -- C:\Program Files\office2003-KB953404-FullFile-ENU.exe
[2009-11-30 15:52:41 | 003,640,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\office2003-KB972688-FullFile-ENU.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-11-01 00:34:30 | 136,410,600 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-11-01 00:25:41 | 000,005,218 | ---- | M] () -- C:\Documents and Settings\yong kee\funshion.ini
[2011-11-01 00:24:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\yong kee\FunshionService.timestamp
[2011-11-01 00:19:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-11-01 00:17:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-10-30 23:31:52 | 136,322,485 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011-10-27 23:16:25 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\DPVOICE32.DLL
[2011-10-14 03:24:25 | 000,005,677 | ---- | M] () -- C:\Documents and Settings\yong kee\Desktop\photo.JPG
[2011-10-14 03:02:00 | 000,004,658 | ---- | M] () -- C:\Documents and Settings\yong kee\Desktop\zihui.jpg
[2011-10-14 02:54:35 | 000,003,506 | ---- | M] () -- C:\Documents and Settings\yong kee\Desktop\wilson.JPG
[2011-10-14 02:44:57 | 000,011,148 | ---- | M] () -- C:\Documents and Settings\yong kee\Desktop\wilson.png
[2011-10-13 19:46:40 | 000,282,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-10-13 08:52:16 | 000,661,060 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-10-13 08:52:16 | 000,161,854 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-10-13 08:46:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-10-27 23:16:25 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\DPVOICE32.DLL
[2011-10-14 03:24:25 | 000,005,677 | ---- | C] () -- C:\Documents and Settings\yong kee\Desktop\photo.JPG
[2011-10-14 02:59:00 | 000,004,658 | ---- | C] () -- C:\Documents and Settings\yong kee\Desktop\zihui.jpg
[2011-10-14 02:49:42 | 000,003,506 | ---- | C] () -- C:\Documents and Settings\yong kee\Desktop\wilson.JPG
[2011-10-14 02:44:57 | 000,011,148 | ---- | C] () -- C:\Documents and Settings\yong kee\Desktop\wilson.png
[2011-07-27 16:19:05 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\yong kee\Application Data\coreavc.ini
[2011-03-03 22:19:20 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011-02-25 18:11:41 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\pub_store.dat
[2010-09-13 03:18:03 | 000,000,170 | ---- | C] () -- C:\WINDOWS\Ku6Kss.ini
[2010-06-21 14:34:06 | 000,001,573 | ---- | C] () -- C:\WINDOWS\Ku6Ksw.dll
[2010-04-12 15:54:26 | 000,001,144 | ---- | C] () -- C:\WINDOWS\System32\funshion.ini
[2010-01-07 03:57:01 | 000,001,911 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2010-01-07 03:44:41 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2009-12-20 20:13:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009-09-22 16:48:41 | 000,063,424 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009-09-13 23:17:43 | 000,008,181 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2009-09-13 23:17:43 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2009-09-02 22:31:16 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-09-02 22:31:15 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\yong kee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-08-23 21:35:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-08-23 21:33:46 | 000,282,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-08-23 15:47:09 | 000,000,361 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009-08-23 15:31:17 | 000,000,224 | ---- | C] () -- C:\WINDOWS\HansWare.ini
[2009-08-23 15:29:59 | 000,059,936 | ---- | C] () -- C:\WINDOWS\System32\plm.exe
[2009-08-23 15:29:59 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\PjsHotKeySvr.exe
[2009-08-23 15:29:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PjsDlg32.dll
[2009-08-23 15:29:57 | 002,822,659 | ---- | C] () -- C:\WINDOWS\System32\eng2chn32.dll
[2009-08-23 15:29:51 | 000,000,073 | ---- | C] () -- C:\WINDOWS\hsvision.ini
[2009-08-23 15:28:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-08-23 13:50:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009-08-23 13:44:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009-04-13 17:18:46 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009-03-24 10:33:03 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2004-08-04 00:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003-01-08 04:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001-08-18 21:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-08-18 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-08-18 21:00:00 | 000,661,060 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-08-18 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-08-18 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-08-18 21:00:00 | 000,161,854 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-08-18 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-08-18 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-08-18 21:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-08-18 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011-02-23 21:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\61F
[2011-02-12 04:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011-02-12 04:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011-02-12 04:04:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010-10-16 04:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GVOD
[2011-07-22 23:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
[2011-01-26 03:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KuaiWan
[2009-09-18 00:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2011-02-11 04:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010-08-11 22:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2011-07-26 02:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2011-09-07 01:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011-07-26 01:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009-09-07 00:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011-10-30 23:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2011-03-08 16:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QQPet
[2011-03-29 09:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011-07-13 13:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tencent
[2010-08-13 13:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2011-10-22 20:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TSLOG
[2011-02-27 21:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010-04-08 04:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-01-28 15:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009-09-07 00:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010-10-13 17:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\0DCA3461-838F-0BC8-8F4B-37043296EC1E
[2010-09-18 04:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\178D7712-6FA1-FC2A-DFB7-17B2AB1BFB6D
[2010-06-21 03:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\360safe
[2010-06-21 03:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\360se
[2011-03-29 08:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\AVG
[2011-02-12 04:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\AVG10
[2010-08-09 14:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\B690E49B-D211-7BFB-1A8F-71457217F9C5
[2011-01-04 19:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\D5BB354B-EF3B-3117-B5F6-893DB9C32CD8
[2011-02-25 18:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\E2D1EDCF-70F8-6F25-725C-76DAECC78C55
[2010-09-22 02:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\E53A1A8E-BB2E-94B5-230A-699F9FC00BD7
[2010-10-10 15:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\EB7F4DEE-0815-92F9-A4BF-2330ECE68236
[2011-03-29 03:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\funshionAddr
[2011-02-22 07:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\imeshbandmltbpi
[2010-01-07 05:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\LimeWire
[2011-02-24 05:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\mediabarim
[2009-09-22 01:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\Memeo
[2011-07-26 02:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\PC Suite
[2010-01-28 16:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\QQMusicUpdate
[2011-05-11 04:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\SogouExplorer
[2010-01-09 04:14:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\yong kee\Application Data\SystemProc
[2011-10-31 23:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\Tencent
[2011-04-18 13:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\WindSolutions

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there - on completion of this run could you let me know if the errors persist. Also when you re-run OTL please ensure all users is selected

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C6 3E BD 06 52 B5 55 40 BE 01 72 62 F1 A4 55 14 [binary data]
    O2 - BHO: (no name) - {06BD3EC6-B552-4055-BE01-7262F1A45514} - No CLSID value found.
    O2 - BHO: (no name) - {178D7712-6FA1-FC2A-DFB7-17B2AB1BFB6D} - No CLSID value found.
    O2 - BHO: (no name) - {B690E49B-D211-7BFB-1A8F-71457217F9C5} - No CLSID value found.
    O2 - BHO: (no name) - {E2D1EDCF-70F8-6F25-725C-76DAECC78C55} - No CLSID value found.
    O2 - BHO: (no name) - {E53A1A8E-BB2E-94B5-230A-699F9FC00BD7} - No CLSID value found.
    O2 - BHO: (no name) - {EB7F4DEE-0815-92F9-A4BF-2330ECE68236} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\QQDisabled: RTHDBPL = rem|C:\Documents and Settings\yong kee\Application Data\SystemProc\lsass.exe
    O20 - AppInit_DLLs: (C:\WINDOWS\System32\dpvoice32.dll) -C:\WINDOWS\system32\DPVOICE32.DLL ()
    O20 - Winlogon\Notify\b4f96202726: DllName - (C:\WINDOWS\System32\dpvoice32.dll) - C:\WINDOWS\system32\DPVOICE32.DLL ()
    [2011-10-27 23:16:25 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\DPVOICE32.DLL

    :Reg
    [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\yong kee\Application Data\SystemProc\lsass.exe

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#3
ade85

ade85

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi Essexboy,

Thanks for the guideline ya, this forum rocks man... Now no more pops ups and the log it as follow:


OTL logfile created on: 2011-11-3 13:41:48 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\yong kee\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000804 | Country: People's Republic of China | Language: CHS | Date Format: yyyy-M-d

1014.04 Mb Total Physical Memory | 271.05 Mb Available Physical Memory | 26.73% Memory free
2.38 Gb Paging File | 1.64 Gb Available in Paging File | 68.84% Paging File free
Paging file location(s): C:\pagefile.sys 1521 1521 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 7.63 Gb Free Space | 9.77% Space Free | Partition Type: NTFS
Drive E: | 154.75 Gb Total Space | 148.90 Gb Free Space | 96.22% Space Free | Partition Type: NTFS

Computer Name: YONG-9ED1016927 | User Name: yong kee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-11-03 13:39:25 | 000,709,968 | ---- | M] () -- C:\Documents and Settings\yong kee\Local Settings\Temp\is-5KT3D.tmp\mbam-setup-1.51.2.1300.tmp
PRC - [2011-11-03 13:38:58 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\yong kee\My Documents\Downloads\mbam-setup-1.51.2.1300.exe
PRC - [2011-11-01 01:03:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\yong kee\My Documents\Downloads\OTL.exe
PRC - [2011-09-02 10:02:48 | 002,507,504 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files\Funshion Online\Funshion\Funshion.exe
PRC - [2011-09-02 09:56:36 | 001,479,408 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files\Funshion Online\Funshion\FunshionService.exe
PRC - [2011-03-24 01:49:21 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011-01-07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011-01-07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011-01-07 01:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011-01-06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010-12-05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010-12-05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010-10-22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2008-04-14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011-11-03 13:39:25 | 000,709,968 | ---- | M] () -- C:\Documents and Settings\yong kee\Local Settings\Temp\is-5KT3D.tmp\mbam-setup-1.51.2.1300.tmp
MOD - [2011-09-02 10:04:04 | 000,230,128 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\fptassrv.dll
MOD - [2011-09-02 10:04:02 | 000,140,016 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\fpsrv.dll
MOD - [2011-09-02 09:54:18 | 000,160,496 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\GetMACAddress.dll
MOD - [2011-09-02 09:54:02 | 000,299,760 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\Dump.dll
MOD - [2011-03-24 01:49:18 | 004,110,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\10.0.648.204\pdf.dll
MOD - [2011-03-24 01:48:08 | 000,251,448 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\10.0.648.204\Locales\en-US.dll
MOD - [2011-03-24 01:47:31 | 000,102,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\10.0.648.204\avutil-50.dll
MOD - [2011-03-24 01:47:29 | 000,194,632 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\10.0.648.204\avformat-52.dll
MOD - [2011-03-24 01:47:28 | 001,823,304 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\10.0.648.204\avcodec-52.dll
MOD - [2010-06-03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010-02-06 02:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008-04-14 08:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008-04-14 08:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-06-08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011-03-18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2007-05-15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2010-12-08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010-11-12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010-09-13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010-09-07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010-09-07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010-08-03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010-08-03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010-08-03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010-04-19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009-02-17 20:34:34 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008-12-30 11:55:20 | 000,102,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008-12-13 11:26:38 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007-05-15 15:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007-05-15 15:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007-05-15 15:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007-03-22 15:59:46 | 000,625,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006-10-29 23:16:42 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005-12-23 09:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005-11-21 13:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005-11-17 12:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005-11-02 10:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005-08-23 08:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005-08-23 08:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005-08-23 08:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005-04-13 16:31:30 | 000,239,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2001-08-18 21:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C6 3E BD 06 52 B5 55 40 BE 01 72 62 F1 A4 55 14 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C6 3E BD 06 52 B5 55 40 BE 01 72 62 F1 A4 55 14 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C6 3E BD 06 52 B5 55 40 BE 01 72 62 F1 A4 55 14 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C6 3E BD 06 52 B5 55 40 BE 01 72 62 F1 A4 55 14 [binary data]

IE - HKU\S-1-5-21-776561741-1757981266-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-776561741-1757981266-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-776561741-1757981266-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-776561741-1757981266-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
IE - HKU\S-1-5-21-776561741-1757981266-839522115-1003\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-776561741-1757981266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-776561741-1757981266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files\Kuaiwan\npKuaiWanGame.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011-02-12 03:56:48 | 000,000,000 | ---D | M]

[2010-01-07 03:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\yong kee\Application Data\Mozilla\Extensions
[2010-01-07 03:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\yong kee\Application Data\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\10.0.648.204\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\10.0.648.204\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\10.0.648.204\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: mozilla-qgame-kuaiwan-plugin (Enabled) = C:\Program Files\Kuaiwan\npKuaiWanGame.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011-11-03 13:31:55 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (0DCA3461-838F-0BC8-8F4B-37043296EC1E Class) - {0DCA3461-838F-0BC8-8F4B-37043296EC1E} - C:\Program Files\Funshion Online\Funshion\FunshionAddr\funshionAddr.dll ()
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (WebDetectorBHO Class) - {43BEAFD9-E005-483D-A367-146BA6C8A32E} - C:\Program Files\Tudou\飞速Tudou\tudouDetector.dll (土豆网)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O2 - BHO: (Poper Class) - {779322F5-6D5C-456e-9483-DF830D6BAFD5} - C:\Program Files\GVOD\bin\VAPoper_now.dll (ShenZhen PiaoYi Network Technology Co.,Ltd.)
O2 - BHO: (CTSWebSiteMon Class) - {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - C:\Program Files\Tencent\QQPCMgr\4.5.984.201\TSWebMon.dat File not found
O2 - BHO: (QvodGameExtend) - {94C3E4BB-A261-4A83-B437-EA6F7A28CA68} - C:\Program Files\Kuaiwan\QvodGameExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (D5BB354B-EF3B-3117-B5F6-893DB9C32CD8 Class) - {D5BB354B-EF3B-3117-B5F6-893DB9C32CD8} - C:\Program Files\Funshion Online\Funshion\FunshionAddr\funshionAddr.dll ()
O2 - BHO: (D9681439-90D8-C745-FB80-E9D7AA9D767E Class) - {D9681439-90D8-C745-FB80-E9D7AA9D767E} - C:\Program Files\Funshion Online\Funshion\FunshionAddr\funshionAddr.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-776561741-1757981266-839522115-1003\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-776561741-1757981266-839522115-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Funshion] C:\Program Files\Funshion Online\Funshion\Funshion.exe (Funshion Online Technologies Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-1757981266-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\ikutm.dll (youku.com)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.1.58 202.156.1.48 218.186.1.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A78B324-13EE-4A01-932F-F3CFBF17577C}: DhcpNameServer = 218.186.1.58 202.156.1.48 218.186.1.88
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (c:\progra~1\imesha~1\mediabar\datamngr\datamngr.dll) -c:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (c:\progra~1\imesha~1\mediabar\datamngr\iebho.dll) -c:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://m489.mail.qq....FsIE0gKlK0laUEM
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\yong kee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\yong kee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-08-23 13:47:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{20dc0334-8fc5-11de-bc8b-0016d31ab0ef}\Shell - "" = AutoRun
O33 - MountPoints2\{20dc0334-8fc5-11de-bc8b-0016d31ab0ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{20dc0334-8fc5-11de-bc8b-0016d31ab0ef}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{28a8bd85-8fb9-11de-bc85-0016d31ab0ef}\Shell\AutoRun\command - "" = j.cmd
O33 - MountPoints2\{28a8bd85-8fb9-11de-bc85-0016d31ab0ef}\Shell\explore\Command - "" = j.cmd
O33 - MountPoints2\{28a8bd85-8fb9-11de-bc85-0016d31ab0ef}\Shell\open\Command - "" = j.cmd
O33 - MountPoints2\{3e53047c-a3a4-11de-861f-0016d31ab0ef}\Shell - "" = AutoRun
O33 - MountPoints2\{3e53047c-a3a4-11de-861f-0016d31ab0ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e53047c-a3a4-11de-861f-0016d31ab0ef}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{3f19913d-40d3-11e0-8975-0016d31ab0ef}\Shell - "" = AutoRun
O33 - MountPoints2\{3f19913d-40d3-11e0-8975-0016d31ab0ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3f19913d-40d3-11e0-8975-0016d31ab0ef}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{3f19913e-40d3-11e0-8975-0016d31ab0ef}\Shell - "" = AutoRun
O33 - MountPoints2\{3f19913e-40d3-11e0-8975-0016d31ab0ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3f19913e-40d3-11e0-8975-0016d31ab0ef}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{4df7cbd6-e6c9-11de-8670-0016d31ab0ef}\Shell - "" = AutoRun
O33 - MountPoints2\{4df7cbd6-e6c9-11de-8670-0016d31ab0ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4df7cbd6-e6c9-11de-8670-0016d31ab0ef}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{b9345610-4005-11e0-8972-001a73046d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{b9345610-4005-11e0-8972-001a73046d4a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9345610-4005-11e0-8972-001a73046d4a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-11-03 13:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-11-03 13:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-11-03 13:40:12 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-11-03 13:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-11-03 13:31:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-11-01 00:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011-10-31 00:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yong kee\Start Menu\Programs\腾讯软件
[2009-11-30 16:31:13 | 006,096,968 | ---- | C] (Microsoft Corporation) -- C:\Program Files\office2003-KB953404-FullFile-ENU.exe
[2009-11-30 15:52:41 | 003,640,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\office2003-KB972688-FullFile-ENU.exe

========== Files - Modified Within 30 Days ==========

[2011-11-03 13:41:18 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\yong kee\Desktop\Shortcut to OTL.lnk
[2011-11-03 13:41:06 | 000,005,040 | ---- | M] () -- C:\Documents and Settings\yong kee\funshion.ini
[2011-11-03 13:40:17 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\yong kee\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011-11-03 13:36:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\yong kee\FunshionService.timestamp
[2011-11-03 13:36:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-11-03 13:35:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-11-03 13:31:55 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011-11-03 13:27:55 | 136,815,417 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-11-03 00:36:34 | 136,766,677 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011-10-14 03:24:25 | 000,005,677 | ---- | M] () -- C:\Documents and Settings\yong kee\Desktop\photo.JPG
[2011-10-14 03:02:00 | 000,004,658 | ---- | M] () -- C:\Documents and Settings\yong kee\Desktop\zihui.jpg
[2011-10-14 02:54:35 | 000,003,506 | ---- | M] () -- C:\Documents and Settings\yong kee\Desktop\wilson.JPG
[2011-10-14 02:44:57 | 000,011,148 | ---- | M] () -- C:\Documents and Settings\yong kee\Desktop\wilson.png
[2011-10-13 19:46:40 | 000,282,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-10-13 08:52:16 | 000,661,060 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-10-13 08:52:16 | 000,161,854 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-10-13 08:46:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011-11-03 13:41:18 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\yong kee\Desktop\Shortcut to OTL.lnk
[2011-11-03 13:40:17 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\yong kee\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011-10-14 03:24:25 | 000,005,677 | ---- | C] () -- C:\Documents and Settings\yong kee\Desktop\photo.JPG
[2011-10-14 02:59:00 | 000,004,658 | ---- | C] () -- C:\Documents and Settings\yong kee\Desktop\zihui.jpg
[2011-10-14 02:49:42 | 000,003,506 | ---- | C] () -- C:\Documents and Settings\yong kee\Desktop\wilson.JPG
[2011-10-14 02:44:57 | 000,011,148 | ---- | C] () -- C:\Documents and Settings\yong kee\Desktop\wilson.png
[2011-07-27 16:19:05 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\yong kee\Application Data\coreavc.ini
[2011-03-03 22:19:20 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011-02-25 18:11:41 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\pub_store.dat
[2010-09-13 03:18:03 | 000,000,170 | ---- | C] () -- C:\WINDOWS\Ku6Kss.ini
[2010-06-21 14:34:06 | 000,001,573 | ---- | C] () -- C:\WINDOWS\Ku6Ksw.dll
[2010-04-12 15:54:26 | 000,001,144 | ---- | C] () -- C:\WINDOWS\System32\funshion.ini
[2010-01-07 03:57:01 | 000,001,911 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2010-01-07 03:44:41 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2009-12-20 20:13:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009-09-22 16:48:41 | 000,063,424 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009-09-13 23:17:43 | 000,008,181 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2009-09-13 23:17:43 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2009-09-02 22:31:16 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-09-02 22:31:15 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\yong kee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-08-23 21:35:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-08-23 21:33:46 | 000,282,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-08-23 15:47:09 | 000,000,361 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009-08-23 15:31:17 | 000,000,224 | ---- | C] () -- C:\WINDOWS\HansWare.ini
[2009-08-23 15:29:59 | 000,059,936 | ---- | C] () -- C:\WINDOWS\System32\plm.exe
[2009-08-23 15:29:59 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\PjsHotKeySvr.exe
[2009-08-23 15:29:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PjsDlg32.dll
[2009-08-23 15:29:57 | 002,822,659 | ---- | C] () -- C:\WINDOWS\System32\eng2chn32.dll
[2009-08-23 15:29:51 | 000,000,073 | ---- | C] () -- C:\WINDOWS\hsvision.ini
[2009-08-23 15:28:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-08-23 13:50:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009-08-23 13:44:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009-04-13 17:18:46 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009-03-24 10:33:03 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2004-08-04 00:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003-01-08 04:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001-08-18 21:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-08-18 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-08-18 21:00:00 | 000,661,060 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-08-18 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-08-18 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-08-18 21:00:00 | 000,161,854 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-08-18 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-08-18 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-08-18 21:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-08-18 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011-02-23 21:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\61F
[2011-02-12 04:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011-02-12 04:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011-02-12 04:04:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010-10-16 04:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GVOD
[2011-07-22 23:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
[2011-01-26 03:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KuaiWan
[2009-09-18 00:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2011-02-11 04:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010-08-11 22:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2011-07-26 02:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2011-09-07 01:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011-07-26 01:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009-09-07 00:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011-10-30 23:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2011-03-08 16:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QQPet
[2011-03-29 09:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011-07-13 13:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tencent
[2010-08-13 13:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2011-10-22 20:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TSLOG
[2011-02-27 21:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010-04-08 04:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-01-28 15:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009-09-07 00:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011-03-03 23:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Tencent
[2010-10-13 17:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\0DCA3461-838F-0BC8-8F4B-37043296EC1E
[2010-09-18 04:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\178D7712-6FA1-FC2A-DFB7-17B2AB1BFB6D
[2010-06-21 03:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\360safe
[2010-06-21 03:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\360se
[2011-03-29 08:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\AVG
[2011-02-12 04:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\AVG10
[2010-08-09 14:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\B690E49B-D211-7BFB-1A8F-71457217F9C5
[2011-01-04 19:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\D5BB354B-EF3B-3117-B5F6-893DB9C32CD8
[2011-02-25 18:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\E2D1EDCF-70F8-6F25-725C-76DAECC78C55
[2010-09-22 02:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\E53A1A8E-BB2E-94B5-230A-699F9FC00BD7
[2010-10-10 15:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\EB7F4DEE-0815-92F9-A4BF-2330ECE68236
[2011-03-29 03:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\funshionAddr
[2011-02-22 07:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\imeshbandmltbpi
[2010-01-07 05:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\LimeWire
[2011-02-24 05:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\mediabarim
[2009-09-22 01:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\Memeo
[2011-07-26 02:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\PC Suite
[2010-01-28 16:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\QQMusicUpdate
[2011-05-11 04:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\SogouExplorer
[2010-01-09 04:14:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\yong kee\Application Data\SystemProc
[2011-10-31 23:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\Tencent
[2011-04-18 13:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yong kee\Application Data\WindSolutions

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4

< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now kill the rest so that they do not come back to haunt you :) On completion of these runs can you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C6 3E BD 06 52 B5 55 40 BE 01 72 62 F1 A4 55 14 [binary data]
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C6 3E BD 06 52 B5 55 40 BE 01 72 62 F1 A4 55 14 [binary data]
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C6 3E BD 06 52 B5 55 40 BE 01 72 62 F1 A4 55 14 [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C6 3E BD 06 52 B5 55 40 BE 01 72 62 F1 A4 55 14 [binary data]

    :Reg
    [HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP