Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

how to make my windowsXP faster? [CLOSED]

Started by wen9x88 , Aug 24 2007 05:30 AM

  • This topic is locked This topic is locked

#1
wen9x88
Posted 24 August 2007 - 05:30 AM

wen9x88

    Member

  • Member
  • PipPip
  • 71 posts
how to make my windowsXP faster?
this is my brother laptop,and he never do defragmenter or scan his computer.
now his computer very and i try to help him to make his windowsXP faster.
i run combofix,Fixwareout,Hijackthis,spybot-search & destroy,AVG,SUPERAntispywarePro,ATF_cleaner.
the most helpful tool is JkDefragGUI,after i defragmenter i feel my pc faster than before.
any tips for make windowsXP faster?






Logfile of HijackThis v1.99.1
Scan saved at 19:29, on 8/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\JkDefragGUI\JkDefragGUI.exe
C:\Program Files\JkDefragGUI\Programs\JkDefrag.exe
C:\Documents and Settings\Candy\My Documents\bo zai.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {C1626E66-C26B-C628-E1DF-CDACCFA26EE1} - C:\Program Files\Common Files\goskdl.dll
O4 - HKLM\..\Run: [asgfdjs2] C:\WINDOWS\system32\vbsdaas2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O20 - AppInit_DLLs: wgfpri.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Remote Web Connection Manager (Rasweb) - Unknown owner - C:\WINDOWS\system32\Com\web (file missing)
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
  • 0

Advertisements

#2
wen9x88
Posted 29 August 2007 - 08:27 PM

wen9x88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
6days and no people answer my question
  • 0

#3
MoNsTeReNeRgY22
Posted 29 August 2007 - 08:28 PM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Hello,

Sorry for the dealy.

Could you please post a fresh HJT log since it has been a few days.

MoNsTeReNeRgY22
  • 0

#4
wen9x88
Posted 30 August 2007 - 12:30 AM

wen9x88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
thank for help


Logfile of HijackThis v1.99.1
Scan saved at 14:30:41, on 30/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\explorer.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O20 - Winlogon Notify: WBSrv - D:\WINDOW~1\wbsrv.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe






and this is what i get after panda scan

Incident Status Location

Adware:Adware/Sohu Not disinfected D:\Program Files\Sogou PXP\vodsvr.dll
Potentially unwanted tool:Application/CloseApp Not disinfected D:\WINDOWS\system32\CloseApp.exe
Virus:Trj/Lineage.FCT Disinfected D:\WINDOWS\system32\mydoor0.dll
Potentially unwanted tool:Application/NirCmd.A Not disinfected F:\ComboFix.exe[nircmd.exe]
Virus:Trj/QQPass.AKU Disinfected F:\PegeFile.pif
Virus:Trj/Lineage.FCT Disinfected F:\Ghost.pif

Edited by wen9x88, 30 August 2007 - 02:11 AM.

  • 0

#5
MoNsTeReNeRgY22
Posted 30 August 2007 - 09:14 AM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Hello again wen9x88,

Well lets make sure there is no malware before we make the computer faster.

Step 1
Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Step 2
Download Deckard's System Scanner (DSS) to your Desktop.
  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Step 3
Post the following in your next reply
  • GMER Results
  • DSS Log

  • 0

#6
wen9x88
Posted 30 August 2007 - 10:42 PM

wen9x88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
the GMER Results and DSS Log is too long,so i upload it at here.

Attached Files

  • Attached File  gmer.txt   384.72KB   267 downloads
  • Attached File  main.txt   40.59KB   278 downloads
  • Attached File  extra.txt   8.83KB   346 downloads

Edited by wen9x88, 30 August 2007 - 10:50 PM.

  • 0

#7
wen9x88
Posted 30 August 2007 - 10:51 PM

wen9x88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
DSS LOG
Main.txt
Deckard's System Scanner v20070826.66
Run by weng on 2007-08-31 12:36:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-08-31 04:36:57 UTC - RP100 - Deckard's System Scanner Restore Point
1: 2007-08-30 23:30:54 UTC - RP99 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive D: has 1.49 GiB (less than 15%) free.


-- HijackThis (run as weng.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-31 12:37:39
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
D:\WINDOWS\system32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\weng.WENG-126DB86A18\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: WBSrv - D:\WindowBlinds5GE\WbSrv.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - D:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - D:\WINDOWS\system32\shell32.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - D:\WINDOWS\system32\stobject.dll



-- HijackThis Fixed Entries (D:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20000822-112028-154 O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
backup-20000822-112028-285 O4 - HKLM\..\Run: [Storm2Set] D:\WINDOWS\system32\rundll32.exe "D:\PROGRA~1\StormII\StormSet.dll",CheckEnv
backup-20000822-112028-346 O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\BitTorrent_DNA\dna.exe"
backup-20000822-112028-368 O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
backup-20000822-112028-374 O9 - Extra button: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
backup-20000822-112028-403 O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
backup-20000822-112028-421 O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
backup-20000822-112028-424 O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
backup-20000822-112028-495 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20000822-112028-531 O4 - HKLM\..\Run: [Thunder] "D:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
backup-20000822-112028-537 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
backup-20000822-112028-580 O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
backup-20000822-112028-652 O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm
backup-20000822-112028-670 O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
backup-20000822-112028-781 O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
backup-20000822-112028-851 O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
backup-20000822-112028-864 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20000822-112028-869 O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
backup-20000822-112028-890 O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
backup-20000822-112028-898 O4 - HKLM\..\Run: [RAVDHMON] D:\Program Files\Internet Explorer\RAVDHMON.exe
backup-20000822-112029-396 O9 - Extra 'Tools' menuitem: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
backup-20000822-112029-438 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
backup-20000822-112029-808 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
backup-20000822-112029-880 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.2.100.cab
backup-20000822-112030-232 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
backup-20000822-112030-293 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
backup-20000822-112030-325 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
backup-20000822-112034-751 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
backup-20000822-112034-975 O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
backup-20000822-112035-203 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
backup-20000822-112035-230 O23 - Service: SDService - Max Secure Software - D:\Program Files\Max PC Secure\MaxSpyDetector\SDService.exe
backup-20000822-112035-330 O23 - Service: NMIndexingService - Unknown owner - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
backup-20070826-231141-235 O2 - BHO: (no name) - {C1626E66-C26B-C628-E1DF-CDACCFA26EE1} - D:\Program Files\Common Files\goskdl.dll
backup-20070826-231141-371 O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
backup-20070826-231141-465 O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
backup-20070826-231141-529 O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
backup-20070826-231141-600 O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
backup-20070826-231141-732 O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
backup-20070826-231141-931 O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm
backup-20070826-231146-141 O20 - Winlogon Notify: WBSrv - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
backup-20070826-231146-162 O23 - Service: 1111111 - Unknown owner - D:\WINDOWS\system32\wnipsvr.exe (file missing)
backup-20070826-231146-226 O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
backup-20070826-231146-305 O23 - Service: PDAgent - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
backup-20070826-231146-497 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
backup-20070826-231146-803 O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
backup-20070829-110641-224 O4 - HKLM\..\RunOnce: [Rav] "D:\Program Files\Rising\Rav\Update\setup.exe" /UNINSTALL /S /ONCE
backup-20070829-110641-290 O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
backup-20070829-110641-297 O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm
backup-20070829-110641-317 O2 - BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
backup-20070829-110641-402 O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
backup-20070829-110641-491 O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
backup-20070829-110641-602 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20070829-110641-628 O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
backup-20070829-110641-650 O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
backup-20070829-110641-685 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070829-110641-781 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
backup-20070829-110642-310 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
backup-20070829-110642-824 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://wengsun1988.s...ad/MsnPUpld.cab
backup-20070829-110643-108 O23 - Service: 1111111 - - (no file)
backup-20070829-110643-110 O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
backup-20070829-110643-189 O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
backup-20070829-110643-281 O20 - Winlogon Notify: WBSrv - d:\NEWFOL~1\wbsrv.dll
backup-20070829-110643-443 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
backup-20070829-110643-458 O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
backup-20070829-110643-687 O23 - Service: PDAgent - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
backup-20070829-110643-821 O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - D:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - D:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - D:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - D:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - d:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - d:\program files\superantispyware\saskutil.sys
R3 SASENUM - d:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R4 kl1 - d:\windows\system32\drivers\kl1.sys (file missing)
R4 klif - d:\windows\system32\drivers\klif.sys (file missing)

S0 RsAntiSpyware - d:\windows\system32\drivers\rsboot.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - d:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - d:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - d:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
S3 ahaaha1 - d:\documents and settings\weng.weng-126db86a18\desktop\new folder (2)\ahaaha.sys (file missing)
S3 bandieng1 - d:\documents and settings\weng.weng-126db86a18\desktop\new folder (2)\bandieng.sys (file missing)
S3 catchme - d:\docume~1\weng~1.wen\locals~1\temp\catchme.sys (file missing)
S3 DADriv1 - d:\documents and settings\weng.weng-126db86a18\desktop\new folder\dak32.sys (file missing)
S3 IlvMoneyDRIVER53 - d:\documents and settings\weng.weng-126db86a18\desktop\moonlight engine lite 1055\ilvmoney1055.sys (file missing)
S3 NPF (Netgroup Packet Filter) - d:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 SockHook - d:\windows\system32\drivers\sockhook.sys <Not Verified; ; SOCKHOOK Driver>
S3 TdiPbk - d:\windows\system32\drivers\tdipbk.sys <Not Verified; Vnn Networks Inc; TDIPBK Firewall>
S3 XDva008 - d:\windows\system32\xdva008.sys (file missing)
S3 zenos1 - d:\documents and settings\weng.weng-126db86a18\desktop\new folder (2)\sora.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 1111111 -
S4 NMIndexingService -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-08-28 14:12:10 388 --a------ D:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2007-07-31 and 2007-08-31 -----------------------------

2007-08-30 16:32:35 0 d-------- D:\Program Files\DiskTrix
2007-08-30 16:25:33 0 d-------- D:\Program Files\UltraDefrag
2007-08-30 14:38:51 0 dr-h----- D:\Documents and Settings\weng.WENG-126DB86A18\Recent
2007-08-30 14:37:07 0 d-------- D:\WINDOWS\system32\ActiveScan
2007-08-29 22:04:47 0 d-------- D:\Program Files\Stardock
2007-08-29 18:31:11 0 d-------- D:\WINDOWS\LastGood
2007-08-29 11:36:47 0 d-------- D:\WindowBlinds5GE
2007-08-29 11:16:53 0 d-------- D:\Program Files\Advanced StartUp Manager
2007-08-29 09:03:42 106496 -----n--- D:\WINDOWS\system32\RavExt.dll <Not Verified; Beijing Rising Technology Co., Ltd.; Rising Antivirus Software>
2007-08-29 09:02:18 65536 -----n--- D:\WINDOWS\system32\shlhook.dll <Not Verified; Beijing Rising Technology Co., Ltd.; ??????????4.0>
2007-08-29 09:02:16 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Rising
2007-08-29 08:13:04 0 d-------- D:\Program Files\CCleaner
2007-08-28 16:04:32 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\AntiVir PersonalEdition Classic
2007-08-28 15:47:03 0 d-------- D:\Program Files\Kaspersky Lab
2007-08-28 15:47:03 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2007-08-28 15:46:47 3670016 --a------ D:\Documents and Settings\weng.WENG-126DB86A18\ntuser.dat
2007-08-28 15:46:47 229376 --a------ D:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat
2007-08-28 14:37:06 151641 --a------ D:\WINDOWS\system32\xpsf1.exe
2007-08-28 14:37:06 208987 --a------ D:\WINDOWS\system32\xpsf.exe
2007-08-28 14:37:06 151634 --a------ D:\WINDOWS\system32\sson.exe
2007-08-28 14:37:06 20480 --a------ D:\WINDOWS\system32\psf.exe
2007-08-28 14:37:06 24576 --a------ D:\WINDOWS\system32\mvistasf.exe
2007-08-28 13:23:08 11138 --a------ D:\WINDOWS\msvrc20.dll
2007-08-28 13:11:55 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\RegistrySmart
2007-08-28 10:00:25 0 d-------- D:\Program Files\dp
2007-08-27 16:12:46 90112 --a------ D:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2007-08-27 11:21:51 233472 --a------ D:\WINDOWS\system32\wpcap.dll <Not Verified; CACE Technologies; WinPcap high level library>
2007-08-27 11:21:51 61440 --a------ D:\WINDOWS\system32\WanPacket.dll <Not Verified; CACE Technologies; WinPcap low level NetMon wrapper library>
2007-08-27 11:21:51 81920 --a------ D:\WINDOWS\system32\Packet.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2007-08-27 11:21:51 32512 --a------ D:\WINDOWS\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2007-08-27 10:55:32 2251904 --a------ D:\WINDOWS\system32\ntoskvs1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-26 23:48:03 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Visual Styler
2007-08-26 23:46:35 0 d-------- D:\WINDOWS\Icons
2007-08-26 22:37:25 81920 --a------ D:\WINDOWS\system32\CloseApp.exe <Not Verified; Noël Danjou; CloseApp>
2007-08-26 15:35:26 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\TuneUp Software
2007-08-26 15:34:52 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
2007-08-24 13:03:56 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Raxco
2007-08-24 13:03:18 0 d-------- D:\Program Files\Raxco
2007-08-20 20:18:15 63 --a------ D:\WINDOWS\system\SysMPS.dll
2007-08-20 20:15:21 1019904 --a------ D:\WINDOWS\system32\VchReg.dll <Not Verified; Max Secure Software; Voucher Registration>
2007-08-20 20:15:20 839680 --a------ D:\WINDOWS\system32\Evidence Killer Server.dll <Not Verified; ; Evidence Killer Server Module>
2007-08-20 20:15:18 413696 --a------ D:\WINDOWS\system32\Eraser.dll <Not Verified; -; Eraser>
2007-08-20 20:15:15 0 d-------- D:\Program Files\Max PC Secure
2007-08-20 19:58:48 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\SpywareRemover
2007-08-20 19:50:47 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-08-20 18:54:28 53 --a------ D:\WINDOWS\system32\ztkini.dll
2007-08-20 18:05:30 0 d-------- D:\Program Files\Common Files\Wise Installation Wizard
2007-08-16 18:34:53 60 --a------ D:\WINDOWS\system32\qhcini.dll
2007-08-16 09:59:12 50 --a------ D:\WINDOWS\system32\jhaini.dll
2007-08-14 18:35:06 54 --a------ D:\WINDOWS\system32\xyhini.dll
2007-08-14 07:26:45 53 --a------ D:\WINDOWS\system32\wlfini.dll
2007-08-14 07:26:39 48 --a------ D:\WINDOWS\system32\wdcini.dll
2007-08-12 20:17:28 53 --a------ D:\WINDOWS\system32\jzgini.dll
2007-08-12 20:16:46 94 --a------ D:\WINDOWS\system32\dhdini.dll
2007-08-12 17:09:47 106496 --a------ D:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-08-12 17:09:45 364544 -----n--- D:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2007-08-12 17:09:45 471040 -----n--- D:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-08-12 17:09:45 262144 -----n--- D:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-08-12 17:09:44 1568768 -----n--- D:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-08-12 17:09:43 38912 -----n--- D:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2007-08-12 17:09:38 155648 --a------ D:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-08-12 17:09:38 0 d-------- D:\Program Files\Common Files\Ahead
2007-08-12 17:09:33 0 d-------- D:\Program Files\Ahead
2007-08-11 09:35:50 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Outspark
2007-08-11 09:33:07 0 d-------- D:\Program Files\BitTorrent_DNA
2007-08-11 09:33:07 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\BitTorrent DNA
2007-08-10 10:55:39 4682 --a------ D:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2007-08-09 18:05:09 76037 --a------ D:\WINDOWS\War3Unin.dat
2007-08-09 18:05:08 2829 --a------ D:\WINDOWS\War3Unin.pif
2007-08-09 18:05:08 139264 --a------ D:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2007-08-09 18:00:34 0 d-------- D:\Program Files\Warcraft III
2007-08-08 21:56:49 118784 --a------ D:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-08-08 21:36:36 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\Apple Computer
2007-08-08 21:36:19 204800 --a------ D:\WINDOWS\system32\lsvxdec.dll <Not Verified; Espre Solutions Inc; Espre Video Codec>
2007-08-08 21:36:19 150016 --a------ D:\WINDOWS\system32\ativcr2.dll <Not Verified; ATI Technologies, Inc.; Xpression TV>
2007-08-08 21:36:18 307200 --a------ D:\WINDOWS\system32\icmw_32.dll <Not Verified; Aware Inc.; MotionWavelets by Aware>
2007-08-08 21:36:18 88464 --a------ D:\WINDOWS\system32\DECVW_32.DLL <Not Verified; VDOnet Corp.; Decvw_32.dll>
2007-08-08 21:36:17 76800 --a------ D:\WINDOWS\system32\VDODEC32.dll <Not Verified; VDOnet Corp.; Vdodec32.dll>
2007-08-08 21:36:17 155648 --a------ D:\WINDOWS\system32\avidavicodec.dll <Not Verified; Avid Technology, Inc; Avid AVI Codec Version 2.0d2>
2007-08-08 21:36:17 92672 --a------ D:\WINDOWS\system32\asusasv2.dll
2007-08-08 21:36:17 71680 --a------ D:\WINDOWS\system32\asusasv1.dll
2007-08-08 21:36:15 163840 --a------ D:\WINDOWS\system32\vmnc.dll <Not Verified; VMware, Inc.; VMware Workstation>
2007-08-08 21:36:15 40960 --a------ D:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2007-08-08 21:36:15 135168 --a------ D:\WINDOWS\system32\clrviddd.dll <Not Verified; Iterated Systems, Inc.; ClearVideo>
2007-08-08 21:36:15 312832 --a------ D:\WINDOWS\system32\CLRVIDDC.DLL <Not Verified; eMajix.com, Inc.; ClearVideo Decoder DLL>
2007-08-08 21:36:15 24064 --a------ D:\WINDOWS\system32\aasc32.dll <Not Verified; Autodesk, Inc.; Autodesk Animation Studio>
2007-08-08 21:36:11 630784 --a------ D:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2007-08-08 21:36:10 438272 --a------ D:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-08-08 21:36:05 102400 --a------ D:\WINDOWS\system32\tsccvid.dll <Not Verified; TechSmith Corporation; TechSmith Screen Capture Codec>
2007-08-08 21:16:05 0 d-------- D:\WINDOWS\BurnQuick
2007-08-08 21:15:48 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\Triton Interactive
2007-08-08 20:11:28 75264 --a------ D:\WINDOWS\system32\MACDec.dll <Not Verified; Matthew T. Ashland; Monkey's Audio>
2007-08-08 18:57:27 262144 --a------ D:\WINDOWS\system32\TomsMoComp_ff.dll
2007-08-08 18:57:27 395776 --a------ D:\WINDOWS\system32\libmplayer.dll
2007-08-08 18:57:27 112640 --a------ D:\WINDOWS\system32\libmpeg2_ff.dll
2007-08-08 18:57:26 2255360 --a------ D:\WINDOWS\system32\libavcodec.dll
2007-08-08 18:57:11 0 d-------- D:\Program Files\Common Files\Download Manager
2007-08-08 18:11:39 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\Ahead
2007-08-08 18:11:05 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2007-08-08 17:28:01 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\Real
2007-08-08 16:58:27 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\ppstream
2007-08-08 16:57:57 0 d-------- D:\Program Files\FlashGet
2007-08-08 16:57:38 480 --a------ D:\WINDOWS\system32\keys.dat
2007-08-08 16:57:31 0 d-------- D:\Program Files\Common Files\Real
2007-08-08 16:57:18 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Poco
2007-08-08 16:57:10 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\StromII
2007-08-08 16:56:34 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Storm
2007-08-08 16:56:31 0 d-------- D:\Program Files\StormII
2007-08-08 15:08:26 164 --a------ D:\install.dat
2007-08-08 15:08:01 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\Media Player Classic
2007-08-08 15:07:49 163840 --a------ D:\WINDOWS\system32\unrar.dll
2007-08-08 15:07:46 217088 --a------ D:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-08-08 15:07:45 180224 --a------ D:\WINDOWS\system32\xvidvfw.dll
2007-08-08 15:07:45 761856 --a------ D:\WINDOWS\system32\xvidcore.dll
2007-08-08 15:07:44 3596288 --a------ D:\WINDOWS\system32\qt-dx331.dll
2007-08-08 15:07:44 73728 --a------ D:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-08-08 15:07:44 740442 --a------ D:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2007-08-08 15:07:43 5120 --a------ D:\WINDOWS\system32\ff_vfw.dll
2007-08-08 15:07:40 0 d-------- D:\Program Files\K-Lite Codec Pack
2007-08-08 14:59:00 0 d-------- D:\WINDOWS\system32\URTTemp
2007-08-08 14:10:16 0 d-------- D:\WINDOWS\system32\VIRepair
2007-08-08 13:46:53 53248 --a----c- D:\WINDOWS\system32\ImageOle.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2007-08-08 13:46:38 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\InstallShield
2007-08-08 13:38:43 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2007-08-08 12:55:51 58 --a------ D:\WINDOWS\system32\wldini.dll
2007-08-08 12:55:48 58 --a------ D:\WINDOWS\system32\jzfini.dll
2007-08-08 12:55:46 58 --a------ D:\WINDOWS\system32\wgdini.dll
2007-08-08 12:55:45 45 --a------ D:\WINDOWS\system32\qjeini.dll
2007-08-08 12:55:42 104 --a------ D:\WINDOWS\system32\zxgini.dll
2007-08-08 12:55:30 58 --a------ D:\WINDOWS\system32\tlmini.dll
2007-08-08 12:55:29 57 --a------ D:\WINDOWS\system32\wdbini.dll
2007-08-08 12:55:27 55 --a------ D:\WINDOWS\system32\dhbini.dll
2007-08-08 12:55:22 130 --a------ D:\WINDOWS\system32\mydini.dll
2007-08-08 10:25:08 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\Smart PC Solutions
2007-08-08 10:25:07 0 d-a------ D:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-08-07 18:23:57 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\Hamachi
2007-08-06 15:28:38 0 d-------- D:\Program Files\IObit
2007-08-05 13:58:00 679936 --a------ D:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated for JEDI. www.delphi-jedi.org; D3DX81>
2007-08-05 02:01:44 49152 --a------ D:\WINDOWS\system32\ChCfg.exe
2007-08-05 02:01:10 315392 --a------ D:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2007-08-05 01:37:42 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\NJStar
2007-08-05 01:37:32 0 d-------- D:\Program Files\NJStar Communicator
2007-08-05 00:25:30 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2007-08-05 00:24:17 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\Talkback
2007-08-05 00:23:55 0 --a------ D:\WINDOWS\nsreg.dat
2007-08-05 00:23:52 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\Mozilla
2007-08-05 00:01:41 187392 --a------ D:\WINDOWS\system32\JPGUtils.dll
2007-08-04 23:20:26 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\WINDOWS
2007-08-04 20:04:42 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Protexis
2007-08-04 20:04:40 80 -r-hs---- D:\WINDOWS\system32\F6C29CB1CA.dll
2007-08-04 17:03:47 19456 --a------ D:\WINDOWS\system32\drivers\TdiPbk.SYS <Not Verified; Vnn Networks Inc; TDIPBK Firewall>
2007-08-04 17:03:46 4608 --a------ D:\WINDOWS\system32\drivers\SOCKHOOK.SYS <Not Verified; ; SOCKHOOK Driver>
2007-08-04 17:01:55 452608 --a------ D:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-04 17:01:39 0 d--h----- D:\Documents and Settings\Default User.WINDOWS\Templates
2007-08-04 17:01:39 0 dr------- D:\Documents and Settings\Default User.WINDOWS\Start Menu
2007-08-04 17:01:39 0 dr-h----- D:\Documents and Settings\Default User.WINDOWS\SendTo
2007-08-04 17:01:39 0 d--h----- D:\Documents and Settings\Default User.WINDOWS\Recent
2007-08-04 17:01:39 0 d--h----- D:\Documents and Settings\Default User.WINDOWS\PrintHood
2007-08-04 17:01:39 0 d--h----- D:\Documents and Settings\Default User.WINDOWS\NetHood
2007-08-04 17:01:39 0 d-------- D:\Documents and Settings\Default User.WINDOWS\My Documents
2007-08-04 17:01:39 0 dr-h----- D:\Documents and Settings\Default User.WINDOWS\Local Settings
2007-08-04 17:01:39 0 d-------- D:\Documents and Settings\Default User.WINDOWS\Favorites
2007-08-04 17:01:39 0 d-------- D:\Documents and Settings\Default User.WINDOWS\Desktop
2007-08-04 17:01:39 0 d---s---- D:\Documents and Settings\Default User.WINDOWS\Cookies
2007-08-04 17:01:39 0 d--h----- D:\Documents and Settings\All Users.WINDOWS\Templates
2007-08-04 17:01:39 0 dr------- D:\Documents and Settings\All Users.WINDOWS\Start Menu
2007-08-04 17:01:39 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Favorites
2007-08-04 17:01:39 0 dr------- D:\Documents and Settings\All Users.WINDOWS\Documents
2007-08-04 17:01:39 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Desktop
2007-08-04 16:59:39 0 dr-h----- D:\Documents and Settings\Default User.WINDOWS\Application Data
2007-08-04 16:59:39 0 d---s---- D:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
2007-08-04 16:59:39 0 dr-h----- D:\Documents and Settings\All Users.WINDOWS\Application Data
2007-08-04 16:59:39 0 d---s---- D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2007-08-04 16:06:12 0 d-------- D:\Program Files\MTV Networks
2007-08-04 16:05:24 0 d-------- D:\WINDOWS\Downloaded Installations
2007-08-04 14:22:13 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\Macromedia
2007-08-04 14:13:39 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\Uniblue
2007-08-04 13:37:43 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\vlc
2007-08-04 13:17:47 2560 --a------ D:\WINDOWS\_MSRSTRT.EXE
2007-08-04 12:58:47 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\WinRAR
2007-08-04 12:31:06 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2007-08-04 12:06:44 0 d-------- D:\Program Files\Common Files\Stardock
2007-08-04 11:15:19 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Contacts
2007-08-04 11:03:04 0 d---s---- D:\Documents and Settings\weng.WENG-126DB86A18\UserData
2007-08-04 10:33:00 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\ViStart
2007-08-04 10:14:19 111104 --a------ D:\WINDOWS\system32\uharc.exe
2007-08-04 10:14:19 19968 --a------ D:\WINDOWS\system32\reico.exe <Not Verified; Dead Knight; >
2007-08-04 10:14:19 8636 --a------ D:\WINDOWS\system32\modifype.exe
2007-08-04 09:41:50 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\Styler
2007-08-04 09:37:58 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\thunder_vod_cache
2007-08-04 09:37:57 1988 --a------ D:\WINDOWS\system32\cid_store.dat
2007-08-04 09:33:33 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\Identities
2007-08-04 09:33:12 0 d--h----- D:\Documents and Settings\weng.WENG-126DB86A18\Templates
2007-08-04 09:33:12 0 dr------- D:\Documents and Settings\weng.WENG-126DB86A18\Start Menu
2007-08-04 09:33:12 0 dr-h----- D:\Documents and Settings\weng.WENG-126DB86A18\SendTo
2007-08-04 09:33:12 0 d--h----- D:\Documents and Settings\weng.WENG-126DB86A18\PrintHood
2007-08-04 09:33:12 0 d--h----- D:\Documents and Settings\weng.WENG-126DB86A18\NetHood
2007-08-04 09:33:12 0 dr------- D:\Documents and Settings\weng.WENG-126DB86A18\My Documents
2007-08-04 09:33:12 0 d--h----- D:\Documents and Settings\weng.WENG-126DB86A18\Local Settings
2007-08-04 09:33:12 0 d---s---- D:\Documents and Settings\weng.WENG-126DB86A18\Favorites
2007-08-04 09:33:12 0 d-------- D:\Documents and Settings\weng.WENG-126DB86A18\Desktop
2007-08-04 09:33:12 0 d---s---- D:\Documents and Settings\weng.WENG-126DB86A18\Cookies
2007-08-04 09:33:12 0 dr-h----- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data
2007-08-04 09:32:42 0 d-------- D:\WINDOWS\system32\SoftwareDistribution
2007-08-04 09:30:54 0 d---s---- D:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
2007-08-04 09:30:54 0 d-------- D:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
2007-08-04 09:30:54 0 d---s---- D:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
2007-08-04 09:30:53 0 d--h----- D:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
2007-08-04 09:30:41 229376 --a------ D:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
2007-08-04 09:30:41 0 d--h----- D:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings
2007-08-04 09:30:41 0 d---s---- D:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
2007-08-04 09:30:41 0 d-------- D:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
2007-08-04 09:30:41 0 d---s---- D:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft
2007-08-04 09:24:49 262144 --ah----- D:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2007-08-04 09:22:25 0 d--hs---- D:\Documents and Settings\All Users.WINDOWS\DRM
2007-08-04 09:19:39 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat
2007-08-04 09:18:49 0 d-------- D:\Program Files\Messenger
2007-08-04 09:18:48 1232384 --a------ D:\WINDOWS\system32\write.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-04 09:18:43 152064 --a------ D:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-04 09:18:36 504832 --a------ D:\WINDOWS\system32\WINmine.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-04 09:18:36 441856 --a------ D:\WINDOWS\system32\sol.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-04 09:18:36 465408 --a------ D:\WINDOWS\system32\charmap.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-04 09:18:36 117760 --a------ D:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-04 09:18:35 512512 --a------ D:\WINDOWS\system32\mshearts.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-04 09:18:35 440320 --a------ D:\WINDOWS\system32\freecell.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-04 09:18:22 260096 --a------ D:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-04 09:18:22 726016 --a------ D:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-04 09:18:21 924672 --a------ D:\WINDOWS\system32\spider.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-04 09:18:20 215552 --a------ D:\WINDOWS\system32\termsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-03 19:37:28 22016 --a------ D:\WINDOWS\system32\drivers\ultradfg.sys <Not Verified; DASoft Development Team; UltraDefrag>
2007-08-03 19:20:48 0 dr-h----- D:\Documents and Settings\weng\Recent
2007-08-03 19:18:10 0 d-------- D:\Documents and Settings\weng\Application Data\WinPatrol
2007-08-03 19:02:17 0 d-------- D:\Program Files\Lavasoft
2007-08-03 19:02:16 0 d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-03 18:37:42 0 d-------- D:\WINDOWS\pss
2007-08-03 10:23:46 0 d-------- D:\Program Files\Ocean Technology
2007-08-01 22:27:18 0 d-------- D:\Program Files\Common Files\DirectX


-- Find3M Report ---------------------------------------------------------------

2007-08-30 19:23:23 0 d-------- D:\Program Files\Common Files
2007-08-30 17:06:58 0 d-------- D:\Program Files\SUPERAntiSpyware
2007-08-30 17:05:56 0 d-------- D:\Program Files\MSN Messenger
2007-08-30 17:04:42 0 d-------- D:\Program Files\JkDefragGUI
2007-08-29 22:01:11 0 d--h----- D:\Program Files\InstallShield Installation Information
2007-08-29 08:17:27 0 d-------- D:\Program Files\Yahoo!
2007-08-28 10:57:43 0 d-------- D:\Program Files\Iesnap
2007-08-26 18:37:10 0 d-------- D:\Program Files\BitComet
2007-08-09 14:09:46 0 d-------- D:\Program Files\Windows Media Connect 2
2007-08-09 14:09:42 0 d-------- D:\Program Files\Sogou PXP
2007-08-09 14:09:42 0 d-------- D:\Program Files\Realtek AC97
2007-08-09 14:09:33 0 d-------- D:\Program Files\Microsoft PowerToys
2007-08-09 14:09:27 0 d-------- D:\Program Files\Google
2007-08-05 00:09:43 9726464 --a------ D:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-04 17:01:39 62 --ahs---- D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\desktop.ini
2007-08-03 19:37:16 0 d-------- D:\Program Files\Common Files\InstallShield
2007-07-23 09:27:24 0 d-------- D:\Program Files\SnailWeb
2007-07-12 14:22:32 0 d-------- D:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [01/09/2004 08:00]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
D:\WINDOW~1\wbsrv.dll 22/12/2005 10:21 176128 D:\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6895fb8-4356-11dc-8135-000d8838a80a}]
Auto\command- F:\PegeFile.pif
AutoRun\command- D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PegeFile.pif

*Newly Created Service* - GMER
*Newly Created Service* - ULTRADFG



-- End of Deckard's System Scanner: finished at 2007-08-31 12:40:00 ------------
  • 0

#8
wen9x88
Posted 30 August 2007 - 10:53 PM

wen9x88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
and this is Extra.txt

Deckard's System Scanner v20070826.66
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ Processor
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 511.48 MiB / 249.93 MiB
Pagefile Memory (total/avail): 1250.08 MiB / 963.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904.13 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 38.09 GiB total, 1.42 GiB free.
D: is Fixed (NTFS) - 38.23 GiB total, 1.49 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080P0 - 76.33 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 38.09 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 38.23 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.


[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\\Program Files\\DiskTrix\\UltimateDefrag\\UDefrag.exe"="D:\\Program Files\\DiskTrix\\UltimateDefrag\\UDefrag.exe:*:Enabled:UltimateDefrag V1.61"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users.WINDOWS
APPDATA=D:\Documents and Settings\weng.WENG-126DB86A18\Application Data
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=WENG-126DB86A18
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\weng.WENG-126DB86A18
LOGONSERVER=\\WENG-126DB86A18
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0602
ProgramFiles=D:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\WENG~1.WEN\LOCALS~1\Temp
TMP=D:\DOCUME~1\WENG~1.WEN\LOCALS~1\Temp
USERDOMAIN=WENG-126DB86A18
USERNAME=weng
USERPROFILE=D:\Documents and Settings\weng.WENG-126DB86A18
windir=D:\WINDOWS


-- User Profiles ---------------------------------------------------------------

weng.WENG-126DB86A18 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
±©·çÓ°Òô2 --> D:\Program Files\StormII\uninst.exe
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Advanced WindowsCare 2.51 Personal --> "D:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
BitTorrent DNA --> "D:\Program Files\BitTorrent_DNA\dna.exe" /UNINSTALL
C-Media WDM Audio Driver --> D:\WINDOWS\system32\cmirmdrv.exe
CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe"
CleanUp! --> D:\Program Files\CleanUp!\uninstall.exe
ѸÀ×5 --> "D:\Program Files\Thunder Network\Thunder\unins000.exe"
DASoft Ultra Defragmenter --> "D:\Program Files\UltraDefrag\uninstall.exe"
GG E-Sports Platform --> D:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
Hijackthis 1.99.1 --> "D:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> D:\Program Files\Hijackthis\HijackThis.exe /uninstall
JkDefragGUI 0.91 --> D:\Program Files\JkDefragGUI\Uninstall.exe
K-Lite Codec Pack 3.3.0 Full --> "D:\Program Files\K-Lite Codec Pack\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
NJStar Communicator --> D:\Program Files\NJStar Communicator\uninst.exe
ObjectDock --> D:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE D:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
Panda ActiveScan --> D:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Realtek AC'97 Audio --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy 1.4 --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SystemBooster V2.0 --> D:\Program Files\DiskTrix\SystemBooster2\Uninstall.EXE /u:"SystemBooster V2.0"
UltimateDefrag --> D:\Program Files\DiskTrix\UltimateDefrag\Uninstall.EXE /u:"UltimateDefrag"
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Warcraft III: All Products --> D:\WINDOWS\War3Unin.exe D:\WINDOWS\War3Unin.dat
WindowBlinds5»Æ½ðÕä²Ø°æ --> D:\WINDOWS\unvise32.exe D:\WindowBlinds5GE\uninstal.log
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2223 / Error
Event Submitted/Written: 08/30/2007 11:48:52 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x007b0074.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type2222 / Error
Event Submitted/Written: 08/30/2007 10:50:53 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application storm.exe, version 2.7.8.27, faulting module xvid.ax, version 0.0.0.0, fault address 0x0003dd11.
Processing media-specific event for [storm.exe!ws!]

Event Record #/Type2221 / Error
Event Submitted/Written: 08/30/2007 10:49:02 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application storm.exe, version 2.7.8.27, faulting module xvid.ax, version 0.0.0.0, fault address 0x0003dd11.
Processing media-specific event for [storm.exe!ws!]

Event Record #/Type2219 / Error
Event Submitted/Written: 08/30/2007 10:47:08 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module xvid.ax, version 0.0.0.0, fault address 0x0003dd11.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type2217 / Error
Event Submitted/Written: 08/30/2007 10:45:19 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module xvid.ax, version 0.0.0.0, fault address 0x0003dd11.
Processing media-specific event for [explorer.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3502 / Error
Event Submitted/Written: 08/31/2007 02:32:53 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Event Record #/Type3501 / Error
Event Submitted/Written: 08/31/2007 02:32:23 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Background Intelligent Transfer Service service terminated with the following error:
%%126

Event Record #/Type3498 / Error
Event Submitted/Written: 08/31/2007 02:29:49 AM / 08/31/2007 02:29:50 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Event Record #/Type3497 / Error
Event Submitted/Written: 08/31/2007 02:29:23 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Background Intelligent Transfer Service service terminated with the following error:
%%126

Event Record #/Type3494 / Warning
Event Submitted/Written: 08/30/2007 07:07:56 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2007-08-31 12:40:00 ------------
  • 0

#9
wen9x88
Posted 31 August 2007 - 04:59 AM

wen9x88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
MoNsTeReNeRgY22 thank for your help,i will wait u here everyday.
  • 0

#10
MoNsTeReNeRgY22
Posted 31 August 2007 - 09:28 AM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Good morning,

Step 1
Please restore backups in HJT:
  • Open HiJackThis
  • Click on "View the list of Backups"
  • Place a check mark next to everything in that window
  • Click Restore
  • Click Yes
  • Reboot your computer
  • Run HiJackThis and post a new HiJackThis log for review.
Step 2
Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon. Read the disclaimer and click OK.
  • Click on the Scan button.
  • If it finds faulty file associations, they will appear in red beside a checkbox. If this occurs, just place a tick in the boxes in question.
  • Click the Fix button.
  • Re-scan and save a logfile. By default, it will save as daft.txt.

Post the contents of that logfile and a fresh HJT log with your next reply.
  • 0

Advertisements

#11
wen9x88
Posted 31 August 2007 - 10:12 AM

wen9x88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Logfile of HijackThis v1.99.1
Scan saved at 0:37:30, on 01/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\userinit.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\BitTorrent_DNA\dna.exe
D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll (file missing)
O2 - BHO: (no name) - {C1626E66-C26B-C628-E1DF-CDACCFA26EE1} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [RAVDHMON] D:\Program Files\Internet Explorer\RAVDHMON.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AAWTray] D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Thunder] "D:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll (file missing)
O20 - Winlogon Notify: WBSrv - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: 1111111 - - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: SDService - Max Secure Software - D:\Program Files\Max PC Secure\MaxSpyDetector\SDService.exe





DAFT Log saved on 2007-09-01 00:39:12
-----------------------------------------------------------------------
All associations okay!


Posted Image

Edited by wen9x88, 31 August 2007 - 10:39 AM.

  • 0

#12
MoNsTeReNeRgY22
Posted 31 August 2007 - 05:43 PM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Hello again,

1)Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {C1626E66-C26B-C628-E1DF-CDACCFA26EE1} - (no file)
O4 - HKLM\..\Run: [RAVDHMON] D:\Program Files\Internet Explorer\RAVDHMON.exe
O23 - Service: 1111111 - - (no file)

Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

2)Please copy (Ctrl C) and paste (Ctrl V) the following text in the code box to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.

@echo off
cls

echo Deleting bad services ...

sc stop 1111111 
sc delete 1111111 

echo Deleting bad files ...

DEL /A /F D:\Program Files\Internet Explorer\RAVDHMON.exe


echo DONE !

Double click Fix.bat. A window will open and close. This is normal.

3)First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

NOTE: if you are unable to update the definition files, you can perform manual update by going to the following site http://www.ewido.net...wnload/updates/

NOTE: if you are unable to run scan with AVG Anti-Spyware in Safe Mode, Click the next link http://fileserver.ew...ic.cgi?id=20990 and download AVG_Anti-Spyware_7.5.1.36_Safe_Mode_Registry_Patch.reg to your desktop. It should look like this -> Posted Image double click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

  • 0

#13
wen9x88
Posted 31 August 2007 - 11:28 PM

wen9x88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:24:03 01/09/2007

+ Scan result:



:mozilla.13:D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\Mozilla\Firefox\Profiles\vuba9cc5.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.7:D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\Mozilla\Firefox\Profiles\vuba9cc5.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.8:D:\Documents and Settings\weng.WENG-126DB86A18\Application Data\Mozilla\Firefox\Profiles\vuba9cc5.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
D:\Documents and Settings\weng.WENG-126DB86A18\Cookies\[email protected][2].txt -> TrackingCookie.Live : No action taken.
D:\Documents and Settings\weng.WENG-126DB86A18\Cookies\[email protected][1].txt -> TrackingCookie.Msn : No action taken.


::Report end
  • 0

#14
MoNsTeReNeRgY22
Posted 01 September 2007 - 01:14 AM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Nice job your log looks clean !
How is it running ?
Please use the following suggestion to help prevent reinfection.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following
  • Click Start, Settings, Control Panel
  • Double-click the System icon
  • Click the Performance tab, File System, Troubleshooting tab
  • Check "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore points
  • Then uncheck "Turn off System Restore" which will create a new System Restore point
  • Click OK
I highly recommend downloading the following programs, to keep malware of your computer to begin with.
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy - Very powerful tool which can search and annhilate malware that make it onto your system. Now with an Immunize section that will help prevent future infections.
**Tutorial on installing & using this product can be found HERE**

Ad-Aware 2007 Free - Another very powerful tool which searches and kills malware that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
**Tutorial on installing & using this product can be found HERE**

SpywareBlaster - Great prevention tool to keep malware from installing on your system.
**Tutorial on installing & using this product can be found HERE**

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
**Tutorial on installing & using this product can be found HERE**

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
**Tutorial on installing & using this product can be found HERE**

ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

AntiVirus Program An AntiVirus program is a must in today's digital world! I recommend avast! 4 Home Edition, AVG, or Anti-Vir.
DO NOT install more than one antivirus program. They will conflict, and provide less protection, not more.

Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Zone Alarm, or Outpost.
**Tutorial on Firewalls can be found HERE**

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by microsoft.

And finally a little Posted Image How did I get infected in the first place?(by Tony Klein)

Good luck and safe surfing :whistling:
  • 0

#15
wen9x88
Posted 01 September 2007 - 03:49 AM

wen9x88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
thank you very much,now my computer faster.
and can i have some free defragmenter software?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP