Inactive Problem with the network

[Reidde]

I'm currently using Windows Vista Home Premium.
There is a problem with some of the internet programs

- IE. error :"Internet Explorer cannot display the webpage" (but I am fine with my Firefox.)

- Windows Live Messenger, Error code: 80072ee7

- Unable to ping to domain names but able to ping to IP addresses. (Ping request could not find host www.google.com. Please check the name and try again.)

- Unable to stream with asx


The computer just can't detect that I've connect to the internet.
These few problems seem to appears at the same time. ( It seems unrelated but the last changes I've done is turning off the User Control Account).

==========================================================
This is my first post so kindly tell me that if I have violated any rules

 

[Bobbye]

Welcome to TechSpot! Occasionally a first post gets held up and has to be approved by a moderator. In the meantime, the member who made the post, think it's hasn't gone through so starts a duplicate thread. That is your only 'sin' and it happens often. I have deleted the duplicate and we will keep everything on this thread.
========================================
The messenger error is Windows Live Messenger> error code 80072e, occurs when you are not connected to the internet. Possible causes:
1. The most likely cause for this problem is that your firewall does not allow Messenger to access the internet.
2. This might also occur if a proxy server is enabled in Messenger or Internet Explorer while you do not use one. Do the following to check this:

• Click the "Tools" menu> "Options..." at your Messenger main window.
• Click "Connection" in the list to the left.
• Click the "Advanced Settings..." button>. You can try and uncheck all checkboxes in this screen except the one labeled "TCP" to let Messenger connect through a direct connection.

========================================
Everything that you mention can be due to system problems. It can also be due to malware.
If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Since the internet access is the problem, you will need to download these scans on to a flash drive, then run them on the problem computer. They should be run in Normal mode if possible. When you do the download, please accept any offers for the program to update as you won't be able to update with the problem computer.

 

[Reidde]

Thanks for the reply.

Firstly, I was unable to update the Anti-Malware. The following is the error message:

An error has occured. Please report this error code to our support team.

PROGRAM_ERROR_UPDATING (11003, 0, DNS error)

A non-recoverable error occured durign a database lookup.

Malwarebytes Anti-Malware log file

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

6/20/2011 9:45:25 PM
mbam-log-2011-06-20 (21-45-21).txt

Scan type: Quick scan
Objects scanned: 144480
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\thunder network\Thunder\ComDlls\xunleibho_now.dll (Trojan.BHO) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{802F530B-A8F6-4631-AE49-6BACAAC6373E} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\XunLeiBHO.XDownloadManager.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\XunLeiBHO.XDownloadManager (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{802F530B-A8F6-4631-AE49-6BACAAC6373E} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\XunLeiBHO.ThunderIEHelper.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\XunLeiBHO.ThunderIEHelper (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\thunder network\Thunder\ComDlls\xunleibho_now.dll (Trojan.BHO) -> No action taken.

GMER log file

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-20 22:49:42
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1
Running: qx5dpswm.exe; Driver: C:\Users\R\AppData\Local\Temp\ugddrpog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

DDS.txt file

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by R at 22:54:25 on 2011-06-20
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
F:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.asus.com
mDefault_Page_URL = hxxp://www.asus.com
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=4c3bc37b000000000000002243a3aa5a&tlver=1.4.19.19&affID=17159
uURLSearchHooks: H - No File
BHO: ThunderAtOnce Class: {01443aec-0fd1-40fd-9c87-e93d1494c233} - c:\program files\thunder network\thunder\comdlls\TDAtOnce_Now.dll
BHO: IE2EMBHO Class: {0a0ddbd3-6641-40b9-873f-bbdd26d6c14e} - c:\program files\easymule\modules\IE2EM.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "f:\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download by easyMule - c:\program files\easymule\IE2EM.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: 使用迅雷下载 - c:\program files\thunder network\thunder\program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files\thunder network\thunder\program\GetAllUrl.htm
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\thunder network\thunder\Thunder.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AEF87839-50E4-4219-94B5-5621AFCCCA93} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F8F9132C-DF43-41DB-86C0-3AF5A7D0A150} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\system32\KuGoo3DownXControl.ocx
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\system32\KuGoo3DownXControl.ocx
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\r\appdata\roaming\mozilla\firefox\profiles\zqu9h4gy.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=4c3bc37b000000000000002243a3aa5a&tlver=1.4.19.19&instlRef=sst&affID=17159&q=
FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrlFirefox.2.0.5901.12.(297).dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows media player\np-mswmp.dll
FF - plugin: c:\users\r\appdata\roaming\mozilla\firefox\profiles\zqu9h4gy.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-12-21 41336]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;f:\malwarebytes' anti-malware\mbamservice.exe [2011-6-20 366640]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-26 35088]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\drivers\etDevice.sys [2011-5-11 474624]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [2011-5-11 206336]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-20 22712]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-6-9 43040]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [2011-5-11 6656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-5-11 29736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-20 13:39:02 -------- d-----w- c:\users\r\appdata\roaming\Malwarebytes
2011-06-20 13:38:39 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-20 13:38:28 -------- d-----w- c:\programdata\Malwarebytes
2011-06-20 13:38:23 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 14:11:37 -------- d-----w- c:\windows\pss
2011-06-19 13:56:49 -------- d-----w- c:\program files\WinPcap
2011-06-19 13:55:58 389120 ----a-w- c:\windows\system32\actskn43.ocx
2011-06-19 13:55:58 -------- d-----w- c:\program files\netcut
2011-06-19 12:54:55 -------- d-----w- c:\users\r\Cisco Packet Tracer 5.3.1
2011-06-19 12:54:09 -------- d-----w- c:\program files\Cisco Packet Tracer 5.3.1
2011-06-19 12:33:02 -------- d-----w- c:\program files\TeamViewer
2011-06-19 12:25:02 919552 ----a-w- c:\windows\system32\drivers\athr.sys
2011-06-19 10:05:23 299008 ----a-w- c:\windows\system32\msdbrptr.dll
2011-06-19 10:03:22 77824 ----a-w- c:\windows\system32\msbind.dll
2011-06-17 07:16:55 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8e7db9d0-5f91-4323-aaa6-b88136396adf}\mpengine.dll
2011-06-15 15:26:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 15:26:13 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-15 15:26:13 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-15 14:35:52 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-06-15 14:20:22 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 14:20:18 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 14:20:18 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 14:20:18 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 14:19:59 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 14:19:53 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 14:19:52 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 14:19:52 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 14:19:51 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-12 09:44:55 286720 ------w- c:\windows\Setup1.exe
2011-06-12 09:16:15 469256 ----a-w- c:\program files\common files\windows live\.cache\6049dda51cc28e112\InstallManager_WLE_WLE.exe
2011-06-12 09:15:57 15712 ----a-w- c:\program files\common files\windows live\.cache\56e8be251cc28e106\MeshBetaRemover.exe
2011-06-10 09:47:26 -------- d-----w- c:\program files\Free Window Registry Repair
2011-06-05 12:24:40 103424 ----a-w- c:\windows\system32\uxtheme.manifest
2011-06-05 05:26:24 -------- d-----w- c:\users\r\appdata\local\Garena
2011-06-04 05:48:07 33540 ----a-w- c:\windows\system32\CoreFLACDecoder-uninstall.exe
2011-05-27 18:06:18 -------- d-----w- c:\program files\PPStream
2011-05-24 18:46:46 -------- d-----w- C:\TDDOWNLOAD
2011-05-23 13:34:51 -------- d-----w- c:\users\r\appdata\roaming\PPStream
2011-05-22 12:24:03 -------- d-----w- c:\users\r\appdata\local\Activision
2011-05-22 12:23:14 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-05-22 12:19:15 -------- d-----w- c:\program files\SpeedFan
2011-05-21 16:05:22 -------- d-----w- c:\users\r\appdata\roaming\kingsoft
2011-05-21 16:03:02 -------- d-----w- c:\program files\Kingsoft
.
==================== Find3M ====================
.
2011-05-21 08:51:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-16 05:55:42 557440 ----a-w- c:\windows\system32\KuGoo3DownXControl.ocx
2011-05-11 09:37:30 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-05-11 09:37:16 315392 ----a-w- c:\windows\HideWin.exe
1998-06-17 16:00:00 140800 ----a-w- c:\program files\setup.exe
2007-04-12 18:22:40 106496 --sha-r- c:\windows\configsetroot\recycler\INFO.exe
2006-09-05 18:18:16 20992 --sha-r- c:\windows\configsetroot\recycler\recycler\autorun.exe
.
============= FINISH: 22:54:52.79 ===============

Attach.txt file

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
.
Motherboard: ASUSTeK Computer Inc. | | M50Vm
Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz | Socket 478 | 2534/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 187.69 GiB free.
D: is FIXED (NTFS) - 186 GiB total, 156.691 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Fingerprint Sensor
Device ID: USB\VID_08FF&PID_1600\5&2425058A&0&2
Manufacturer:
Name: Fingerprint Sensor
PNP Device ID: USB\VID_08FF&PID_1600\5&2425058A&0&2
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Agere Systems HDA Modem
Atheros Client Installation Program
Atheros Driver Installation Program
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
BitTorrent
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco Packet Tracer 5.3.1
Cisco PEAP Module
CoreFLAC Audio Decoder+Source Filter (remove only)
Dev-C++ 5 beta 9 release (4.9.9.2)
Dolby Control Center
easyMule
ESET Smart Security
foobar2000 v1.1.6
GOM Player
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware version 1.51.0.1200
Messenger Plus! 5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Minilyrics(remove only)
Mozilla Firefox 4.0.1 (x86 en-US)
MPEG2 Codec(libmpeg2/mad)
MSVCRT
NetCut 2.0.9
NVIDIA Drivers
PPS影音 V2.7.0.1248 正式版
Real Alternative 2.0.2
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SpeedFan (remove only)
Synaptics Pointing Device Driver
The KMPlayer (remove only)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
USB2.0 1.3M UVC WebCam
WIDCOMM Bluetooth Software
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinFlash
WinPcap 4.1.2
WinRAR archiver
Wireless Console 2
词霸2011
迅雷5
酷狗音乐2011(正式版)
.
==== Event Viewer Messages From Past Week ========
.
6/20/2011 10:48:49 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
6/20/2011 10:45:48 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/20/2011 10:44:13 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/20/2011 10:44:13 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: An invalid argument was supplied.
6/20/2011 10:43:28 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80070032
6/20/2011 10:42:39 PM, Error: EventLog [6008] - The previous system shutdown at 22:41:13 on 2011/6/20 was unexpected.
6/19/2011 9:23:51 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 0015AFDD85A5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/19/2011 9:11:25 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0015AFDD85A5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/19/2011 7:36:23 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0015AFDD85A5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/19/2011 7:11:05 AM, Error: EventLog [6008] - The previous system shutdown at 7:06:10 on 2011/6/19 was unexpected.
6/16/2011 9:03:41 PM, Error: EventLog [6008] - The previous system shutdown at 19:46:50 on 2011/6/16 was unexpected.
6/15/2011 11:31:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
6/15/2011 11:31:40 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2011 11:22:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================

 

[Bobbye]

Please don't put the logs in quotes. While it makes them display nicely, it also cuts down on the real estate available.

About Malwarebytes: You downloaded it from a flash drive, right? But there is a more current database. You will have to scan again because this wasn't checked:
[*] Be sure that everything is checked, and click Remove Selected.
Entries were found, none were removed. All say No Action Taken.

IF you can manage it, uninstall this copy of Mbam, download new copy and let it update to the flash drive. Then run on problem system being sure to check line mentioned.

Note: Much of the malware has been found on entries from the ThunderNetwork. I recommend that you remove this from the system
==================================
Where to set Error Checking up

Windows Explorer:
Right click on Start> Explore> My Computer> Right click on Local Drive (usually C)> Properties> Tools> Error Check> check both boxes on the screen that comes up> Apply> Close the message and reboot for the Error Checking to start.

You have nothing else to do except wait for the system to reboot after the Error Checking has finished.

 

[Reidde]

I've done removing Thunder and scanning error for my drive but I'm still have the problem.

 

[Bobbye]

(but I am fine with my Firefox.)

Is there any reason why you can't access the internet through Firefox to download and update these scans?
======================================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=================================
Note the instructions for using Firefox to run the following scan:

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
  [*] For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

 

[Reidde]

This is the combo fix log
ComboFix 11-06-29.06 - R 0/2011 Thu 21:29:38.1.2 - x86
执行位置: c:\users\R\Desktop\1\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 防毒软件还在运行中
.
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
c:\windows\ST6UNST.000
c:\windows\system32\CoreFLACDecoder-uninstall.exe
.
.
((((((((((((((((((((((((( 2011-05-28 至 2011-06-30 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-06-30 13:26 . 2011-06-30 13:26 -------- d-----w- C:\32788R22FWJFW
2011-06-20 13:39 . 2011-06-20 13:39 -------- d-----w- c:\users\R\AppData\Roaming\Malwarebytes
2011-06-20 13:38 . 2011-05-29 01:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-20 13:38 . 2011-06-20 13:38 -------- d-----w- c:\programdata\Malwarebytes
2011-06-20 13:38 . 2011-05-29 01:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 13:56 . 2011-06-19 13:56 -------- d-----w- c:\program files\WinPcap
2011-06-19 13:55 . 2011-06-19 13:56 -------- d-----w- c:\program files\netcut
2011-06-19 13:55 . 2006-09-21 05:59 389120 ----a-w- c:\windows\system32\actskn43.ocx
2011-06-19 12:54 . 2011-06-19 12:55 -------- d-----w- c:\users\R\Cisco Packet Tracer 5.3.1
2011-06-19 12:54 . 2011-06-19 12:54 -------- d-----w- c:\program files\Cisco Packet Tracer 5.3.1
2011-06-19 12:33 . 2011-06-19 12:33 -------- d-----w- c:\program files\TeamViewer
2011-06-19 12:25 . 2008-07-28 07:53 919552 ----a-w- c:\windows\system32\drivers\athr.sys
2011-06-19 12:24 . 2011-06-19 12:24 -------- d-----w- c:\users\R\AppData\Roaming\InstallShield
2011-06-19 10:05 . 1998-06-18 03:58 299008 ----a-w- c:\windows\system32\msdbrptr.dll
2011-06-19 10:03 . 1998-06-17 17:00 77824 ----a-w- c:\windows\system32\msbind.dll
2011-06-17 07:16 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E7DB9D0-5F91-4323-AAA6-B88136396ADF}\mpengine.dll
2011-06-15 15:26 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 15:26 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-15 15:26 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-15 14:35 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-15 14:20 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 14:20 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 14:20 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 14:20 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 14:19 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 14:19 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 14:19 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 14:19 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 14:19 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-12 09:44 . 2011-06-12 09:44 286720 ------w- c:\windows\Setup1.exe
2011-06-12 09:16 . 2011-06-12 09:16 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\6049dda51cc28e112\InstallManager_WLE_WLE.exe
2011-06-12 09:15 . 2011-06-12 09:15 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\56e8be251cc28e106\MeshBetaRemover.exe
2011-06-10 09:47 . 2011-06-10 11:04 -------- d-----w- c:\program files\Free Window Registry Repair
2011-06-05 12:24 . 2011-06-05 12:24 103424 ----a-w- c:\windows\system32\uxtheme.manifest
2011-06-05 05:26 . 2011-06-05 05:26 -------- d-----w- c:\users\R\AppData\Local\Garena
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-21 08:51 . 2011-05-21 08:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-16 05:55 . 2011-05-18 11:13 557440 ----a-w- c:\windows\system32\KuGoo3DownXControl.ocx
2011-05-12 10:52 . 2011-05-12 10:52 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-12 10:52 . 2011-05-12 10:52 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-12 10:52 . 2011-05-12 10:52 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-12 10:52 . 2011-05-12 10:52 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-12 10:52 . 2011-05-12 10:52 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-12 10:52 . 2011-05-12 10:52 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-12 10:52 . 2011-05-12 10:52 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-12 10:52 . 2011-05-12 10:52 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-12 10:52 . 2011-05-12 10:52 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-12 10:52 . 2011-05-12 10:52 367104 ----a-w- c:\windows\system32\html.iec
2011-05-12 10:52 . 2011-05-12 10:52 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-12 10:52 . 2011-05-12 10:52 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-12 10:52 . 2011-05-12 10:52 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-12 10:52 . 2011-05-12 10:52 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-12 10:52 . 2011-05-12 10:52 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-12 10:52 . 2011-05-12 10:52 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-12 10:52 . 2011-05-12 10:52 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-12 10:52 . 2011-05-12 10:52 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-12 10:52 . 2011-05-12 10:52 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-11 09:37 . 2011-05-11 09:37 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-05-11 09:37 . 2011-05-11 09:37 315392 ----a-w- c:\windows\HideWin.exe
2011-04-14 16:26 . 2011-05-11 05:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
2011-01-26 04:04 180696 ----a-w- c:\program files\easyMule\modules\IE2EM.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"PPS Accelerator"="c:\progra~1\PPStream\ppsap.exe" [2010-02-24 214408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-01 13789728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ST6UNST Uninstaller.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ST6UNST Uninstaller.LNK
backup=c:\windows\pss\ST6UNST Uninstaller.LNK.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPS Accelerator]
2010-02-24 03:25 214408 ----a-w- c:\progra~1\PPStream\PPSAP.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;f:\malwarebytes' anti-malware\mbamservice.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 GGSAFERDriver;GGSAFER Driver;f:\garena\safedrv.sys [x]
R3 tcphoc;tcphoc;c:\program files\Thunder Network\Thunder\Program\tcphoc.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 41336]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2007-10-15 206336]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-03-08 62496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-08 43040]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2007-09-06 6656]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- 而外的扫描 -------
.
uStart Page = about:blank
IE: Download by easyMule - c:\program files\easyMule\IE2EM.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
TCP: DhcpNameServer = 192.168.1.1
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\System32\KuGoo3DownXControl.ocx
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\System32\KuGoo3DownXControl.ocx
FF - ProfilePath - c:\users\R\AppData\Roaming\Mozilla\Firefox\Profiles\zqu9h4gy.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=4c3bc37b000000000000002243a3aa5a&tlver=1.4.19.19&instlRef=sst&affID=17159&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Malwarebytes' Anti-Malware - f:\malwarebytes' anti-malware\mbamgui.exe
MSConfigStartUp-antinetcut2 - c:\program files\Anti Netcut\Anti NetCut.exe
AddRemove-CoreFLAC Audio Decoder+Source Filter - c:\windows\system32\CoreFLACDecoder-uninstall.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - f:\malwarebytes' anti-malware\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-30 21:37
Windows 6.0.6002 Service Pack 2 NTFS
.
扫描被隐藏的进程 。。。
.
扫描被隐藏的启动组 。。。
.
扫描被隐藏的文件 。。。
.
扫描完成
被隐藏的档案: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
完成时间: 2011-06-30 21:40:41
ComboFix-quarantined-files.txt 2011-06-30 13:40
.
Pre-Run: 203,380,785,152 bytes free
Post-Run: 203,952,525,312 bytes free
.
- - End Of File - - 4739BEC838255EC1503AE4536562E448





=============Line of separation==============================

I could not get the update for the ESET　Online Scanner.
It's shown that : Can not get update. Is proxy configured?

 

[Bobbye]

Did you rescan with Malwarebytes and check for removal of the entries found? 1st log showed ub]No Action Taken.[/u]

There is a second language on the system- yes? PPS影音 V2.7.0.1248 正式版

About the Eset scan> did you disable the Nod32 you have on the system before trying to run the online scan?
=============================================================
I suggest that you not use the file sharing easyMule for the downloads.
P2P or 'file sharing' Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall Bittorrent and easy Mule for the following reasons:

• As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
• Malware writers use these program to include malicious content.
• File sharing is usually unmonitored and there is a danger that your private files might be accessed.
• The 'sharing' also includes malware that the shared system has on it.
• Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.
==========================================
Basic Troubleshooting the Error "Internet Explorer cannot display the webpage" when viewing a website in Internet Explorer in IE9:
1. Close all programs.
2. Click Start, and then click Control Panel.
3. Under System and Security, click Find and fix problems.
4. On the task pane on the left, click View All.
5. Click Internet Explorer Performance or Internet Connections. This opens a new window.
6. Click Next.
7. The troubleshooter will run and fix all identified issues automatically. Click Close.
After the troubleshooter has successfully run, try to browse to the Internet again.
------------------------------------
If the above wasn't successful, proceed with the following:
1: See whether you can view another Web page
2: Run the Network Diagnostics tool in Internet Explorer
3: Reset the modem or the router
4: Delete your Browsing History
5: Use Internet Explorer in No Add-ons mode
6: Reset Internet Explorer configuration Settings
[o] Start Internet Explorer, click Tools, and then click Internet Options.
[o] Click the Advanced tab, and then click Reset.
[o] In the Internet Explorer Default Settings dialog box, click Reset.
[o]. In the Reset Internet Explorer Settings dialog box, click Reset. In Internet Explorer 6, click Restore Defaults , and then click OK .
[o] When the settings have been reset, click Close, and then click OK to restart Internet Explorer.
(Note: This will remove the add ons)
Steps with help from Microsoft.
============================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
DDS::
uURLSearchHooks: H - No File
BHO: ThunderAtOnce Class: {01443aec-0fd1-40fd-9c87-e93d1494c233} - c:\program files\thunder network\thunder\comdlls\TDAtOnce_Now.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
IE: 使用迅雷下载 - c:\program files\thunder network\thunder\program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files\thunder network\thunder\program\GetAllUrl.htm
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\thunder network\thunder\Thunder.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\system32\KuGoo3DownXControl.ocx
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\system32\KuGoo3DownXControl.ocx

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
The Recycler is the system folder where the Recycle Bin sends entries that have been deleted. It is a hidden folder, but it can be emptied. The following entries was put there several years ago:
2007-04-12 18:22:40 106496 --sha-r- c:\windows\configsetroot\recycler\INFO.exe
2006-09-05 18:18:16 20992 --sha-r- c:\windows\configsetroot\recycler\recycler\autorun.exe
Do you know why these haven't been overwritten yet?