Programs just freeze randomly

[_Lynn_]

When I turned on the laptop today, programs seem to just freeze up for around 10 seconds randomly. This is guaranteed to happen whenever I try to open any folders in Windows Explorer (folder view), and sometimes happen if I try to type something or open a new tab in Firefox, and randomly happens in other programs. The loading light (not sure what it's called ^^) on the laptop would light up, however CPU usage is still very normal (like ~10-20% but fluctuates a lot). I did a search for the windows explorer freezing and it had something to do with codecs. I can know for sure right now it's not that, as I didn't install any, and the freezing only started happening today.
The only thing I can think of is I might have accidentally deleted some needed system files/registries when I was doing registry cleanup two days ago. I guessed this because upon startup of my laptop iTunes would give an error saying "iTunes was not installed properly, please reinstall", and the system would detect no Quicktime (even though it was installed along with iTunes) whenever I try to play music that uses Quicktime, so it must be missing some important files.
Does anyone have any theories on this? I didn't do anything (other than surf web) from the time I used registry cleaner and the startup today. Should I do system restore to two days ago? Will that bring back those important system files/registries I might have accidentally deleted?
Thanks in advance~

 

[johnb35]

Never go into the registry and manual delete stuff unless you really know what you are doing. You could have made your system unbootable. I would try doing a system restore back to before you made any changes and start over without doing anything in the registry. Do you run any virus or malware programs and ran scans lately?

 

[_Lynn_]

Never go into the registry and manual delete stuff unless you really know what you are doing. You could have made your system unbootable. I would try doing a system restore back to before you made any changes and start over without doing anything in the registry. Do you run any virus or malware programs and ran scans lately?

I didn't really delete manually, I used software for it (it's a popular Chinese system cleaner software called Magic Set). I installed a very very old music composing software a week ago, and I wasn't able to uninstall it (uninstaller only works in Windows 98 apparently), so I had to just delete the program folder and then use registry cleaner to clean leftover files in C:, and during that process some important files might have been picked up by the software as trash files.
I can still startup/shut down/hibernate normally the laptop though.
So you mean doing restore with restore point to a few days ago should solve it? I heard that these kinds of restores are not recommended though and might create new problems, and rarely solve any system-related errors... =/
I have Symantec enterprise edition auto-scan turned on, and didn't pick up anything these few days. I didn't do a manual scan with any program, except the occasional automatic McAfee internet security free scan (I think this came along with some other software I installed, could be an update to Firefox or IE) which seem to happen randomly. Also I upgraded to Windows XP Service Pack 3 around a day before I used the registry cleaner.
Thanks.

 

[johnb35]

After restoring back to a previous date, try running this procedure to see if you are infected at all.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

 

[_Lynn_]

I tried restoring to this Monday, and after restart it gave me this error: "unable to restore to previous date"... =/
Still freezes for 10 seconds or so (loading light on laptop turns on) whenever I try to open anything in explorer, but Firefox seems to be a tiny bit better now (not freezing as often).
I downloaded Malwarebyte, should I run that without restore?

 

[johnb35]

You can try and see if it finds anything.

 

[_Lynn_]

Malwarebyte ran for around an hour and a half and then froze and won't respond anymore. The loading light on the laptop is permanently on, but task manager shows normal CPU usage. Now all programs are lagging + freezing much more often than just after restart.

 

[lubolat]

Reboot into Safe Mode and repeat the scan with Malwarebytes. Do a Quick Scan from the options. Most times it'll work. Then post the report for John.

 

[_Lynn_]

I restarted computer and ran Malwarebytes again, and froze again, however this time i decided to let it run while frozen, and it actually worked. Maybe it's supposed to freeze often while scanning? Anyways it completed in around 3 hours. Here is the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4401

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-8-7 17:50:51
mbam-log-2010-08-07 (17-50-51).txt

Scan type: Quick scan
Objects scanned: 142774
Time elapsed: 2 hour(s), 28 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{988934a4-064b-11d3-bb80-00104b35e7f9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a1dd29ed-2598-48e9-9793-64a9cd08ac94} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87ca3845-37fe-414c-81cf-e08a7d0f6779} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{802f530b-a8f6-4631-ae49-6bacaac6373e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{889d2feb-5411-4565-8998-1dd2c5261283} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{889d2feb-5411-4565-8998-1dd2c5261283} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{889d2feb-5411-4565-8998-1dd2c5261283} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889d2feb-5411-4565-8998-1dd2c5261283} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Thunder (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
E:\document\files\迅雷\ComDlls\xunleiBHO_Now.dll (Trojan.BHO) -> Quarantined and deleted successfully.

It deleted all 10 infections successfully (didn't restart computer yet though). Should I continue to HijackThis?
Computer runs faster now, however the moment I open explorer and try to open folders it still freezes (but does not freeze if I click the "+" collapse button to the left of the folder name, only freezes if I click folder name to open folders), but Firefox freezes less now.
Thanks!

Edit: after deleting infections some .exe like msn now can't run properly... says "this application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem". =/

 

[johnb35]

You may have to reinstall your applications. Yes, please post the hijackthis log.

 

[_Lynn_]

I had to install HijackThis in safe mode. Normal mode just got 10x worse, now absolutely no programs would open, the moment I try to open them the laptop just freezes (cursor would still move though, loading light permanently stays on, CPU usage is like 0%). I got error when I tried to do system scan (I believe last time I used HijackThis I also got the same error, never had it work right before):

"Please help us improve HijackThis by reporting this error
Click 'Yes' to submit
Error Details:
An unexpected error has occurred at procedure: modMain_StartScan()
Error #5 - Invalid procedure call or argument

Windows version: Windows NT 5.01.2600
MSIE version: 8.0.6001.18702
HijackThis version: 2.0.2

Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:57, on 2010-8-8
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\document\files\hijackthis\HijackThis.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
E:\document\files\java\bin\jqsnotify.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - E:\document\files\迅雷\ComDlls\TDMediaDetector5.9.23.1488.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XLLiteView BrowserHelper Object - {2D90D33C-DE76-42D0-9040-E4466DDC24AC} - E:\document\files\迅雷\Program\EmbedDetectNow.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\document\files\java\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\document\files\java\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Google Pinyin 2 Autoupdater] "C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 使用迅雷下载 - E:\document\files\迅雷\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - E:\document\files\迅雷\Program\GetAllUrl.htm
O8 - Extra context menu item: 使用迅雷查看图片 - E:\document\files\迅雷\Program\repairimage.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - E:\document\files\迅雷\Program\repairimage.htm
O9 - Extra 'Tools' menuitem: 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - E:\document\files\迅雷\Program\repairimage.htm
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Joyo - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ZDNet - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278803891593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\document\files\java\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

--
End of file - 9600 bytes

 

[johnb35]

I don't see anything else in the log however, lets go a little deeper into your system. Please do the following.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

 

[_Lynn_]

I launched Combofix, and it caused my computer to restart (supposed to do that right?) after cutting off the internet. After restart and logging in, (internet still cut off), it asked me to install this recovery tool since it can't detect it, when I clicked yes it said "computer not connected to internet"... well of course it isn't, it cut it off! So it didn't install that. But other than that everything else went without errors. Here's the super-long log:
(My computer language is not set to English, so I included translations to major headlines)

##Log is in next post... too long for forum limit##

 

[_Lynn_]

ComboFix 10-08-09.01 - Lynn -08-09 Monday 18:25:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2039.1460 [GMT -4:00]
Location: c:\documents and settings\Lynn\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

注意 - 这台电脑没有安装恢复控制台 ！！ ##Translation: Warning - this computer did not install recovery control panel
.

((((((((((((((((((((((((( 2010-07-09 至 2010-08-09 的新的档案 )))))))))))))))))))))))))))))))
.

2010-08-08 18:24 . 2010-08-08 18:24 -------- d-----w- C:\0b54666e141bbdde8035ce14
2010-08-08 17:57 . 2010-08-08 17:57 -------- d-----w- C:\dc7562714f23716c68d7ca9962
2010-08-07 01:48 . 2010-08-07 01:48 -------- d-----w- c:\documents and settings\Lynn\Application Data\Malwarebytes
2010-08-07 01:48 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-07 01:48 . 2010-08-07 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-07 01:48 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-04 22:29 . 2010-08-04 22:29 -------- d-----w- c:\windows\Sun
2010-08-02 22:22 . 2010-08-02 22:22 -------- d-----w- c:\program files\Common Files\Java
2010-08-02 22:21 . 2010-08-02 22:21 503808 ----a-w- c:\documents and settings\Lynn\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-78fb876a-n\msvcp71.dll
2010-08-02 22:21 . 2010-08-02 22:21 499712 ----a-w- c:\documents and settings\Lynn\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-78fb876a-n\jmc.dll
2010-08-02 22:21 . 2010-08-02 22:21 348160 ----a-w- c:\documents and settings\Lynn\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-78fb876a-n\msvcr71.dll
2010-08-02 22:21 . 2010-08-02 22:21 61440 ----a-w- c:\documents and settings\Lynn\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-28186f61-n\decora-sse.dll
2010-08-02 22:21 . 2010-08-02 22:21 12800 ----a-w- c:\documents and settings\Lynn\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-28186f61-n\decora-d3d.dll
2010-08-02 22:21 . 2010-08-02 22:21 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-02 02:49 . 2010-08-02 02:49 -------- d-----w- c:\windows\system32\scripting
2010-08-02 02:49 . 2010-08-02 02:49 -------- d-----w- c:\windows\l2schemas
2010-08-02 02:49 . 2010-08-02 02:49 -------- d-----w- c:\windows\system32\en
2010-08-02 02:49 . 2010-08-02 02:49 -------- d-----w- c:\windows\system32\bits
2010-08-02 01:53 . 2010-08-02 01:54 -------- d-----w- c:\documents and settings\Lynn\Application Data\SrDownLoader
2010-08-02 01:53 . 2010-08-02 01:54 -------- d-----w- c:\documents and settings\Lynn\Application Data\Super Rabbit
2010-08-01 15:34 . 2010-08-01 15:34 -------- d--h--r- c:\documents and settings\Lynn\Application Data\SecuROM
2010-07-31 21:50 . 2010-07-31 21:51 249856 ------w- c:\windows\Setup1.exe
2010-07-31 21:50 . 2010-07-31 21:51 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-07-31 21:01 . 2010-07-31 21:01 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2010-07-31 21:01 . 2010-07-31 21:01 17212 ----a-w- c:\windows\system32\SIntf32.dll
2010-07-31 21:01 . 2010-07-31 21:01 12067 ----a-w- c:\windows\system32\SIntf16.dll
2010-07-31 20:52 . 2010-07-31 21:02 42633 ----a-w- c:\windows\DIIUnin.dat
2010-07-31 20:52 . 2010-07-31 20:52 94208 ----a-w- c:\windows\DIIUnin.exe
2010-07-31 20:52 . 2010-07-31 20:52 2829 ----a-w- c:\windows\DIIUnin.pif
2010-07-30 00:57 . 2010-07-30 00:57 4096 ----a-w- c:\windows\d3dx.dat
2010-07-30 00:53 . 2010-07-30 00:53 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-29 18:45 . 2010-07-29 18:45 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-29 18:44 . 2010-07-29 19:27 -------- d-----w- c:\documents and settings\Lynn\Application Data\DAEMON Tools Lite
2010-07-29 18:44 . 2010-07-29 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-07-28 02:11 . 2010-07-28 02:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-07-26 02:10 . 2010-07-26 02:10 -------- d-----w- c:\documents and settings\Lynn\Local Settings\Application Data\AlienShooter2 Reloaded
2010-07-25 01:08 . 2010-07-25 01:13 -------- d-----w- c:\documents and settings\Lynn\Application Data\calibre
2010-07-25 01:07 . 2010-07-25 01:07 -------- d-----w- c:\program files\Calibre2
2010-07-24 23:33 . 2010-07-24 23:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-24 23:32 . 2010-07-24 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-24 23:32 . 2010-07-24 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-07-24 23:32 . 2010-07-28 02:11 -------- d-----w- c:\program files\McAfee Security Scan
2010-07-24 23:32 . 2010-07-24 23:32 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-07-24 23:32 . 2010-07-24 23:32 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-07-24 23:31 . 2010-07-28 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-24 03:43 . 2010-07-31 00:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\SogouPY
2010-07-21 21:26 . 2010-07-21 21:26 -------- d-----w- c:\program files\WinSCP
2010-07-20 21:02 . 2010-07-20 21:02 -------- d-----w- c:\documents and settings\Lynn\Application Data\AdobeUM
2010-07-19 21:55 . 2010-07-19 21:55 -------- d-sh--w- c:\documents and settings\Lynn\PrivacIE
2010-07-18 00:37 . 2010-07-18 18:28 -------- d-----w- c:\documents and settings\Lynn\Application Data\FOG Downloader
2010-07-16 02:43 . 2010-07-16 02:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\SogouPY.users
2010-07-16 02:33 . 2010-07-16 02:33 -------- d-----w- c:\documents and settings\Lynn\Application Data\Geniesoft
2010-07-16 02:33 . 2010-07-16 02:33 -------- d-----w- c:\program files\VSTPlugins
2010-07-14 03:13 . 2010-07-14 03:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-07-14 01:20 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 03:04 . 2010-07-13 03:04 1078 ----a-r- c:\documents and settings\Lynn\Application Data\Microsoft\Installer\{5ECF5FF9-6427-4062-907B-A6E7BC95503A}\_f3e99.exe
2010-07-13 03:04 . 2010-07-13 03:04 1078 ----a-r- c:\documents and settings\Lynn\Application Data\Microsoft\Installer\{5ECF5FF9-6427-4062-907B-A6E7BC95503A}\_bb32ea6.exe
2010-07-13 03:04 . 2010-07-13 03:04 1078 ----a-r- c:\documents and settings\Lynn\Application Data\Microsoft\Installer\{5ECF5FF9-6427-4062-907B-A6E7BC95503A}\_7e87390c.exe
2010-07-13 03:04 . 2010-07-13 03:04 1078 ----a-r- c:\documents and settings\Lynn\Application Data\Microsoft\Installer\{5ECF5FF9-6427-4062-907B-A6E7BC95503A}\_4d064db7.exe
2010-07-13 03:04 . 2010-07-13 03:04 1078 ----a-r- c:\documents and settings\Lynn\Application Data\Microsoft\Installer\{5ECF5FF9-6427-4062-907B-A6E7BC95503A}\_440d491c.exe
2010-07-13 03:04 . 2010-07-13 03:04 1078 ----a-r- c:\documents and settings\Lynn\Application Data\Microsoft\Installer\{5ECF5FF9-6427-4062-907B-A6E7BC95503A}\_154754de.exe
2010-07-13 03:04 . 2010-07-13 03:04 1078 ----a-r- c:\documents and settings\Lynn\Application Data\Microsoft\Installer\{5ECF5FF9-6427-4062-907B-A6E7BC95503A}\_12db153c.exe
2010-07-13 03:04 . 2010-07-13 03:04 1078 ----a-r- c:\documents and settings\Lynn\Application Data\Microsoft\Installer\{5ECF5FF9-6427-4062-907B-A6E7BC95503A}\_124305e.exe
2010-07-13 01:32 . 2010-07-13 01:32 -------- d-----w- c:\documents and settings\Lynn\Local Settings\Application Data\Tencent
2010-07-12 21:09 . 2010-07-12 21:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-12 21:05 . 2010-07-12 21:05 -------- d-sh--w- c:\documents and settings\Lynn\IETldCache
2010-07-12 21:04 . 2010-07-12 21:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\Tencent
2010-07-12 03:57 . 2010-07-12 03:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-12 03:57 . 2010-08-09 00:45 -------- d-----w- c:\documents and settings\Lynn\Application Data\skypePM
2010-07-12 03:33 . 2010-08-06 20:41 -------- d-----w- c:\program files\QuickTime
2010-07-12 03:32 . 2010-08-09 21:29 -------- d-----w- c:\documents and settings\Lynn\Application Data\Skype
2010-07-12 03:28 . 2010-07-12 03:28 -------- d-----w- c:\program files\Bonjour
2010-07-12 03:19 . 2010-07-13 11:28 -------- d-----w- c:\windows\ie8updates
2010-07-12 03:16 . 2010-07-12 03:18 -------- dc-h--w- c:\windows\ie8
2010-07-11 22:30 . 2010-07-11 22:30 -------- d-----w- c:\documents and settings\Lynn\Application Data\dvdcss
2010-07-11 22:07 . 2010-07-11 22:07 -------- d-----w- c:\documents and settings\Lynn\.dvdcss
2010-07-11 22:07 . 2010-07-11 22:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-11 22:07 . 2010-07-11 22:35 -------- d-----w- c:\documents and settings\Lynn\Application Data\Clone2Go DVD Ripper
2010-07-11 20:07 . 2010-07-11 20:07 -------- d-----w- c:\documents and settings\Lynn\Application Data\Leawo
2010-07-11 20:05 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2010-07-11 20:05 . 2010-07-11 20:05 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-11 16:35 . 2010-07-11 16:35 -------- d-----w- c:\documents and settings\Lynn\Local Settings\Application Data\Thunder Network
2010-07-11 16:28 . 2010-07-02 01:47 71472 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.30\member_stat.dll
2010-07-11 16:28 . 2010-07-02 01:47 65840 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.30\xlpfmc.dll
2010-07-11 16:28 . 2010-07-02 01:47 431920 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.30\xldcsubtask.dll
2010-07-11 16:28 . 2010-07-02 01:47 386864 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.30\xldcagent.dll
2010-07-11 16:28 . 2010-07-02 01:47 153392 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.30\xl_mole.dll
2010-07-11 16:28 . 2010-07-02 01:47 153392 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.30\sl.dll
2010-07-11 16:28 . 2010-07-02 01:47 137008 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.30\xldc.dll
2010-07-11 16:28 . 2010-07-02 01:47 124720 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.30\xl_stat.dll
2010-07-11 16:28 . 2010-07-02 01:47 218928 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.30\dphubt.dll
2010-07-11 16:28 . 2010-07-02 01:47 132912 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.30\bd.dll
2010-07-11 16:28 . 2010-07-02 01:47 116528 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.30\emule_id.dll
2010-07-11 16:20 . 2010-07-11 16:20 20 ----a-w- c:\windows\system32\pub_store.dat
2010-07-11 16:20 . 2010-07-11 16:20 -------- d-----w- c:\documents and settings\All Users\Real
2010-07-11 16:20 . 2010-07-11 16:20 -------- d-----w- c:\program files\Common Files\Thunder Network
2010-07-11 16:20 . 2010-07-11 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Thunder Network
2010-07-11 16:01 . 2010-07-30 01:04 40448 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-11 15:56 . 2010-07-11 15:56 18718 ----a-r- c:\documents and settings\Lynn\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2010-07-11 15:56 . 2010-07-11 15:56 18718 ----a-r- c:\documents and settings\Lynn\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe
2010-07-11 15:56 . 2010-07-11 15:56 106496 ----a-r- c:\documents and settings\Lynn\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2010-07-11 15:56 . 2010-07-11 15:56 106496 ----a-r- c:\documents and settings\Lynn\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2010-07-11 15:56 . 2010-07-11 15:56 106496 ----a-r- c:\documents and settings\Lynn\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2010-07-11 15:56 . 2010-07-11 15:56 -------- d-----w- c:\program files\Common Files\Tencent
2010-07-11 15:55 . 2010-07-11 15:55 652616 ----a-w- c:\documents and settings\Lynn\Application Data\Tencent\QQ\STemp\QQpinyinDL~0\QQPinyinDownload\QQDownload.dll
2010-07-11 15:55 . 2010-07-11 15:55 210248 ----a-w- c:\documents and settings\Lynn\Application Data\Tencent\QQ\STemp\QQpinyinDL~0\QQPinyinDownload\QQPinyinDownload.exe
2010-07-11 15:55 . 2010-07-11 15:55 31096 ------w- c:\documents and settings\Lynn\Application Data\Tencent\QQ\SafeBase\QQSafeUD.exe
2010-07-11 15:54 . 2010-07-13 01:19 -------- d-----w- c:\documents and settings\Lynn\Application Data\Tencent
2010-07-11 15:54 . 2010-07-11 15:54 -------- d-----w- c:\program files\Common Files\Skype
2010-07-11 15:54 . 2010-07-11 15:54 -------- d-----r- c:\program files\Skype
2010-07-11 15:53 . 2010-07-11 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-11 15:37 . 2010-07-11 15:37 -------- d-----w- c:\program files\Windows Journal Viewer
2010-07-11 07:21 . 2010-07-11 07:21 -------- d-----w- c:\program files\MSXML 6.0
2010-07-11 07:02 . 2010-07-11 07:02 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-11 06:50 . 2010-08-06 05:14 -------- d-----w- c:\program files\Common Files\Apple
2010-07-11 06:29 . 2010-07-11 06:41 -------- d-----w- c:\windows\SxsCaPendDel
2010-07-11 05:21 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-07-11 05:21 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-11 05:21 . 2004-08-04 04:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-07-11 04:25 . 2004-08-04 02:29 63488 ------w- c:\windows\system32\drivers\atinxsxx.sys
2010-07-11 03:50 . 2010-08-06 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-11 03:34 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-11 03:34 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-11 03:32 . 2010-08-09 21:41 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SogouPY

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))) ##files changed within 3 months
.
2010-08-09 22:32 . 2010-07-10 22:03 -------- d-----w- c:\documents and settings\Lynn\Application Data\SogouPY
2010-08-09 21:59 . 2010-07-10 19:21 -------- d-----w- c:\program files\Symantec AntiVirus
2010-08-08 18:24 . 2010-07-10 22:28 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SogouPY
2010-08-02 21:37 . 2006-10-20 13:40 42536 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-02 02:53 . 2006-10-20 12:02 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-24 23:37 . 2006-10-20 12:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-18 02:37 . 2010-07-10 21:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-11 22:14 . 2010-07-10 22:07 -------- d-----w- c:\documents and settings\Lynn\Application Data\SGPPLog
2010-07-11 07:25 . 2010-07-11 07:25 -------- d-----w- c:\program files\MSBuild
2010-07-11 07:25 . 2010-07-11 07:25 -------- d-----w- c:\program files\Reference Assemblies
2010-07-11 05:22 . 2010-07-10 21:30 -------- d-----w- c:\documents and settings\Lynn\Application Data\Apple Computer
2010-07-10 22:56 . 2006-10-20 12:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-10 22:33 . 2006-10-20 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-07-10 22:27 . 2010-07-10 22:27 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SogouPY.users
2010-07-10 22:04 . 2010-07-10 22:04 -------- d-----w- c:\documents and settings\Lynn\Application Data\SogouPY.users
2010-07-10 21:54 . 2010-07-10 21:54 -------- d-----w- c:\program files\Google
2010-07-10 21:29 . 2010-07-10 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-10 21:25 . 2010-07-10 21:17 -------- d-----w- c:\program files\Microsoft
2010-07-10 21:25 . 2010-07-10 21:17 -------- d-----w- c:\program files\Windows Live
2010-07-10 21:20 . 2010-07-10 21:20 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-07-10 21:19 . 2010-07-10 21:19 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-07-10 21:17 . 2010-07-10 21:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-07-10 21:08 . 2010-07-10 21:08 -------- d-----w- c:\program files\Common Files\Windows Live
2010-07-10 19:22 . 2006-12-15 22:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 19:22 . 2006-12-15 23:49 -------- d-----w- c:\program files\Symantec
2010-07-10 19:21 . 2006-12-15 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-14 14:31 . 2006-10-20 12:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2006-12-15 22:13 . 2006-12-15 22:13 32 --sha-w- c:\windows\{DFD4543E-B8A4-4F79-B792-C5C88AA20EBB}.dat
2006-12-15 22:13 . 2006-12-15 22:13 32 --sha-w- c:\windows\system32\{DBB7007D-54CD-4B15-A3D6-C5E49E0BDA61}.dat
.

((((((((((((((((((((((((((((((((((((( 重要登入点 )))))))))))))))))))))))))))))))))))))))))))))))))) ##Highlights
.
.
*注意* 空白与合法缺省登录将不会被显示 ##Warning: blank or illegal registries not displayed
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D90D33C-DE76-42D0-9040-E4466DDC24AC}]
2010-07-01 07:50 227024 ----a-w- e:\document\files\迅雷\Program\EmbedDetectNow.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AGRSMMSG"="AGRSMMSG.exe" [2005-09-09 88203]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-29 32768]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 1122304]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"Google Pinyin 2 Autoupdater"="c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe" [2010-07-10 1214520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Lynn\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\document\\files\\SogouInput\\5.0.1.4192\\PinyinUp.exe"=
"e:\\document\\files\\千千静听\\TTPlayer.exe"=
"e:\\document\\files\\QQSoftMgr\\1.0.375.203\\QQSoftMgr.exe"=
"e:\\document\\files\\QQSoftMgr\\1.0.375.203\\QQSoftMgrUpdater.exe"=
"e:\\document\\files\\QQSoftMgr\\1.0.375.203\\TencentUpdateSvc.exe"=
"e:\\document\\files\\QQ\\Bin\\QQ.exe"=
"e:\\document\\files\\迅雷\\Program\\Thunder.exe"=
"e:\\document\\files\\迅雷\\Program\\ThunderLiveUD.exe"=
"e:\\document\\files\\迅雷\\Program\\XMPBoot.exe"=
"e:\\document\\files\\迅雷\\Program\\FileLink\\XLFileLink.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.78\\ThunderService.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.78\\ThunderLiveUD.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.78\\XLBugReport.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\document\\files\\java\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-2-27 3:00 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-2-20 4:01 29056]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 4:33 138780]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 5:13 46779]
R2 TSUSVC;Tencent Software Update Service;e:\document\files\QQSoftMgr\1.0.375.203\TencentUpdateSvc.exe [2010-6-7 22:25 132472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-7-10 15:26 102448]
S3 cpuz131;cpuz131;\??\c:\docume~1\LynnD~1\LOCALS~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\LynnD~1\LOCALS~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 8:49 227232]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-9-27 20:33 116464]
S3 SM_ml1600_FUService;ML-2010 Status Monitor Service;"c:\program files\Samsung ML-2010 Series\CommonSM\ssmsrvc /Service --> c:\program files\Samsung ML-2010 Series\CommonSM\ssmsrvc [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-7-29 14:45 691696]
.
‘计划任务’ 文件夹 里的内容 #"Planned tasks" contents within folders

2010-08-07 c:\windows\Tasks\SogouImeMgr.job
- e:\document\files\SOGOUI~1\501~1.419\SGTool.exe [2010-06-28 03:31]
.
.
------- 而外的扫描 ------- #Extra scanning
.
uStart Page = hxxp://www.hotmail.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: 使用迅雷下载 - e:\document\files\迅雷\Program\GetUrl.htm
IE: 使用迅雷下载全部链接 - e:\document\files\迅雷\Program\GetAllUrl.htm
IE: 使用迅雷查看图片 - e:\document\files\迅雷\Program\repairimage.htm
IE: {{548BF84E-9665-47f9-B635-7380F8943E90} - e:\document\files\迅雷\Program\repairimage.htm
IE: {{8DE0FCD4-5EB5-11D3-AD25-00002100131B} - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} -
IE: {{C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} -
FF - ProfilePath - c:\documents and settings\Lynn\Application Data\Mozilla\Firefox\Profiles\3tzuased.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(601).dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\program files\Windows Media Player\np-mswmp.dll
FF - plugin: e:\document\files\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: e:\document\files\java\bin\new_plugin\npjp2.dll

---- 火狐配置文件 ---- #Firefox plugins
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

##Continued in next post... too long##

 

[_Lynn_]

.
.
------- 文件类型 ------- #File types
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Microsoft .NET Framework 3.5 SP1 - c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 18:32
Windows 5.1.2600 Service Pack 3 NTFS

扫描被隐藏的进程 。。。 #Scanning hidden progress

扫描被隐藏的启动组 。。。 #Scanning hidden system processes

扫描被隐藏的文件 。。。 #Scanning hidden files

扫描完成 #Scanning complete
被隐藏的档案: 0 #Hidden items: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SM_ml1600_FUService]
"ImagePath"="\"c:\program files\Samsung ML-2010 Series\CommonSM\ssmsrvc /Service"
.
--------------------- 运行进程下的动态链接库 --------------------- #Running in progress dynamic links

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\WININET.dll
c:\windows\system32\SOGOUPY.IME
.
完成时间: 2010-08-09 18:36:29 #Finishing time
ComboFix-quarantined-files.txt 2010-08-09 22:36

Pre-Run: 20,640,100,352 bytes free
Post-Run: 21,293,539,328 bytes free

- - End Of File - - 612B9E0E5FCD48A216E741A65464B1CB

Thanks!
Oh I didn't run Malwarebytes yet after running Combofix, I'll run it tomorrow.
Also should I manually install the recovery tool, and run Combofix again after that?

Oh and after running Combofix, the net is still cut off (didn't automatically reconnect), I had to restart the computer to reconnect. It restarted fine, however explorer still freezes whenever I do anything, but Firefox is much better, overall system is still kind of laggy (freezes often for a few seconds whenever I do anything like opening files). I think system performance sort of fluctuates, for example if I hibernate, then after turning it back on it will be extremely laggy for sure, but a fresh restart seem to make things a bit better. I'm not sure if it got better because of my restart or because Combofix did something.
Also it's interesting to note that if I view folders from another program (such as an installer, when it asks you to browse for install location), there is no lag at all when I open folders.

Edit: regarding the program I'm having with the "This application has failed to start because the application configuration is incorrect" error I keep getting ever since the Malwarebytes scan and clean, I uninstalled those programs, redownloaded their installers and re-installed, but it would still produce the same error. =/

 

[johnb35]

Please perform an online scan using kaspersky online scanner and follow the instructions here.

Post the scan results when done.

 

[_Lynn_]

It gave me an error saying "The program could not be started", had something to do with the error I keep getting "failed to start because application configuration is incorrect" for Java, and asked me to go to Kaspersky home page and restart scanner. I went to the home page, and it said the online scanner is currently unavailable, updating it or something.

Do you happen to know what this error is about? It occurs on a lot of system components and software ever since that Malwarebytes scan and clean.