Hi Tal,
thanks a zillion for your prompt reply. i'm indeed very grateful to you.
As instructed please find the logs
1. OTMoveIT
-------------
C:\PROGRA~1\CNRN moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05092008_003236
2. DSS Main.txt
-----------------
Deckard's System Scanner v20071014.68
Run by hp on 2008-05-09 00:33:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
31: 2008-05-08 16:33:16 UTC - RP62 - Deckard's System Scanner Restore Point
30: 2008-05-07 18:11:08 UTC - RP61 - 系统检查点
29: 2008-05-05 17:45:09 UTC - RP60 - 系统检查点
28: 2008-05-03 14:34:43 UTC - RP59 - 安装了 Windows XP KB888111WXPSP2。
27: 2008-05-03 11:17:37 UTC - RP58 - 系统检查点
-- First Restore Point --
1: 2008-03-16 04:51:08 UTC - RP32 - 系统检查点
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 0.33 GiB (less than 15%) free.-- HijackThis (run as hp.exe) --------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:35:13, on 2008-5-9
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CNRN\RNMain.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Adobe Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\StormII\stormliv.exe
C:\Program Files\CMBCHINA\WebProtect\WPService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\hp\桌面\dss.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
D:\HIJACK~1\hp.exe
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\SSPlus\SAddr.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: WebProtect.IEHlpObj - {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} - C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: IE - {D7B21266-AA85-44b8-B516-3B1A69827400} - C:\PROGRA~1\CNRN\RNEvent.dll (file missing)
O2 - BHO: Video Speedy - {E74B0A8E-68C0-4866-8288-53EFF8ECBC28} - C:\Program Files\VideoSpeedy\VSpeed.dll
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [stup.exe] Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll,Rundll32 R
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Adobe Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [CNRN] C:\PROGRA~1\CNRN\RNMain.exe C:\PROGRA~1\CNRN\CNRN.dll,Rundll32
O4 - HKLM\..\Run: [CNRNRNHelper.dll] C:\PROGRA~1\CNRN\RNMain.exe C:\PROGRA~1\CNRN\RNHelper.dll,Rundll32
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O8 - Extra context menu item: 添加到反广告条 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {110F6354-E9E3-4f8c-95DD-8487ED86C73D} -
http://cn.zs.yahoo.c...c...s&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理 上网记录 - {110F6354-E9E3-4f8c-95DD-8487ED86C73D} -
http://cn.zs.yahoo.c...c...s&btn=clean (file missing)
O9 - Extra button: Web 反病毒统计 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: 名品 折扣 - {30778C27-54C7-437e-946A-F04CBB8C460F} -
http://adtaobao.ally...?allyesPara=816 (file missing)
O9 - Extra button: Yahoo 3.5G 电邮 - {4C4A96EA-D26D-4ab1-9D7C-BEA7D3312B6F} -
http://cn.zs.yahoo.c...p;btn=yahoomail (file missing)
O9 - Extra button: (no name) - {4D985980-695A-4b42-8B11-34D8D3385676} -
http://cn.zs.yahoo.c...c...&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复 浏览器 - {4D985980-695A-4b42-8B11-34D8D3385676} -
http://cn.zs.yahoo.c...c...&btn=repair (file missing)
O9 - Extra button: 雅虎 WIDGET - {6C32C266-E0C3-447c-B1A1-650640D550D0} -
http://cn.widget.yah....htm?source=Cns (file missing)
O9 - Extra button: 情景 聊天 - {7035F492-7EAE-4213-A159-7C4E1E216C12} -
http://cn.zs.yahoo.c...mp;btn=yahoomsg (file missing)
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: 雅虎 助手 - {BF69897E-F9B4-4c1a-9D81-59822096081F} -
http://cn.zs.yahoo.c...amp;btn=yassist (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [!CNRN] 中文上网2007
O15 - ESC Trusted Zone:
http://*.update.microsoft.comO18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: 卡巴斯基互联网安全套装 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - C:\Program Files\StormII\stormliv.exe
O23 - Service: Cmb WebProtect Support (CMBWPS) - China Merchants Bank - C:\Program Files\CMBCHINA\WebProtect\WPService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7507 bytes
-- HijackThis Fixed Entries (D:\HIJACK~1\backups\) -----------------------------
backup-20080508-235339-137 O2 - BHO: QQToolbar - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll
backup-20080508-235339-158 O3 - Toolbar: QQToolbar - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll
backup-20080508-235339-344 O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll
backup-20080508-235339-717 O11 - Options group: [TBH] 中文搜搜
backup-20080508-235339-762 O2 - BHO: IE - {D7B21266-AA85-44b8-B516-3B1A69827400} - C:\PROGRA~1\CNRN\RNEvent.dll
backup-20080508-235339-794 O11 - Options group: [!CNRN] 中文上网2007
backup-20080508-235339-972 O4 - HKLM\..\Run: [CNRN] C:\PROGRA~1\CNRN\RNMain.exe C:\PROGRA~1\CNRN\CNRN.dll,Rundll32
-- File Associations -----------------------------------------------------------
.chm - chm.file - shell\open\command - "hh.exe" %1.ini - inifile - shell\open\command - C:\WINDOWS\System32\NOTEPAD.EXE %1.txt - txtfile - shell\open\command - C:\WINDOWS\notepad.exe %1-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 lqsgipq - c:\windows\system32\drivers\lqsgipq.sys
R3 HBtnKey - c:\windows\system32\drivers\cpqbttn.sys <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
S3 eabfiltr - c:\windows\system32\drivers\eabfiltr.sys <Not Verified; Hewlett-Packard Development Company, L.P.; HPQuick Launch Buttons>
S3 eabusb - c:\windows\system32\drivers\eabusb.sys <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ccosm (Contrl Center of Storm Media) - c:\program files\stormii\stormliv.exe /asservice <Not Verified; 北京暴风网际科技有限公司; 暴风影音媒体控制中心>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-04-09 and 2008-05-09 -----------------------------
2008-05-07 12:12:50 0 d-------- C:\Documents and Settings\hp\Application Data\Malwarebytes
2008-05-07 12:12:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-03 22:12:32 0 d-------- C:\Program Files\Intel
2008-05-03 10:28:14 1212 --a------ C:\WINDOWS\mozver.dat
2008-05-02 18:51:08 0 d-------- C:\Program Files\Synaptics
2008-05-02 18:46:44 102400 --a------ C:\WINDOWS\HPWebcam.exe <Not Verified; ; HPWebcam>
2008-05-02 18:46:43 53248 --a------ C:\WINDOWS\csnp2uvc.dll <Not Verified; ; InstallUtil>
2008-05-02 18:46:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-02 18:46:43 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-02 18:41:17 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-02 18:40:58 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-02 18:37:25 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-02 14:27:38 0 d-------- C:\WINDOWS\system32\zh-cn
2008-05-02 14:25:33 0 d-------- C:\WINDOWS\network diagnostic
2008-05-01 17:18:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-01 17:18:05 0 d-------- C:\Documents and Settings\hp\Application Data\Mozilla
2008-05-01 17:11:43 0 d-------- C:\Mozilla Firefox
2008-05-01 13:25:48 0 d-------- C:\Documents and Settings\hp\.housecall6.6
2008-04-30 17:57:48 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-04-30 17:57:46 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-30 17:57:46 0 d-------- C:\Documents and Settings\LocalService\Application Data\TENCENT
2008-04-30 16:35:29 20 -rah----- C:\WINDOWS\assist.dat
2008-04-30 14:06:29 12752 --a------ C:\WINDOWS\system32\drivers\lqsgipq.sys
2008-04-30 09:06:20 0 d-------- C:\Program Files\Yahoo!
2008-04-30 09:06:19 0 d-------- C:\Program Files\连连看简体中文精装版
2008-04-28 22:51:36 0 d-------- C:\Program Files\VideoSpeedy
2008-04-28 19:12:02 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-28 18:57:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-28 18:56:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-28 18:56:53 0 d-------- C:\Adobe Reader 8.0
2008-04-24 10:37:59 0 d-------- C:\Documents and Settings\hp\Application Data\Help
2008-04-16 19:54:39 0 d-------- C:\Program Files\SogouInput
2008-04-16 19:54:38 0 d-------- C:\Documents and Settings\hp\Application Data\SogouPY.users
2008-04-16 19:54:33 0 d-------- C:\Documents and Settings\hp\Application Data\SogouPY
-- Find3M Report ---------------------------------------------------------------
2008-05-09 00:02:07 205328 --a------ C:\WINDOWS\system32\prfh0804.dat
2008-05-09 00:02:07 141420 --a------ C:\WINDOWS\system32\prfc0804.dat
2008-05-08 23:55:37 0 d-------- C:\Program Files\PPStream
2008-05-08 12:09:53 18123 --a------ C:\WINDOWS\system32\cid_store.dat
2008-05-07 15:19:33 0 d-------- C:\Program Files\PPLive
2008-05-03 22:30:35 0 d-------- C:\Program Files\CONEXANT
2008-05-02 18:40:58 0 d-------- C:\Program Files\Common Files
2008-05-01 13:39:44 0 d-------- C:\Program Files\Qyule
2008-04-28 19:01:55 0 d-------- C:\Documents and Settings\hp\Application Data\Adobe
2008-04-16 00:20:22 0 d-------- C:\Documents and Settings\hp\Application Data\QQUpdate
2008-04-14 18:42:07 0 d-------- C:\Documents and Settings\hp\Application Data\QQ
2008-04-14 18:34:12 0 d-------- C:\Documents and Settings\hp\Application Data\Kingsoft
2008-03-20 11:56:09 0 d-------- C:\Program Files\Tencent
2008-03-20 11:56:09 0 d-------- C:\Documents and Settings\hp\Application Data\Tencent
2008-03-19 00:18:50 0 d-------- C:\Program Files\DopLive
2008-03-17 18:29:13 0 d-------- C:\Documents and Settings\hp\Application Data\ppstream
2008-03-17 12:17:56 0 d-------- C:\Program Files\PPS
2008-03-16 11:09:44 0 d-------- C:\Program Files\ipacc
2008-03-16 11:06:22 0 d-------- C:\Program Files\KuGou
2008-03-16 10:51:45 0 d-------- C:\Documents and Settings\hp\Application Data\PPLive
2008-03-09 09:22:15 0 d-------- C:\Program Files\StormII
2008-03-09 09:21:40 0 d-------- C:\Program Files\Wopti
2008-03-08 20:36:45 212992 --a------ C:\WINDOWS\TdxUnInstall.exe <Not Verified; ; TdxUnInstall 应用程序>
2008-03-08 20:34:41 20 --a------ C:\WINDOWS\system32\pub_store.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C7C23EF-A848-485B-873C-0ED954731014}]
2008-04-17 14:17 256832 --a------ C:\Program Files\TENCENT\SSPlus\SAddr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38928D50-8A48-44C2-945F-D2F23F771410}]
2007-12-14 21:40 175536 --a------ C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53763D1D-9CA8-4C7C-9756-A8E6B8FC063B}]
2007-08-20 16:15 341904 --a------ C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7B21266-AA85-44b8-B516-3B1A69827400}]
C:\PROGRA~1\CNRN\RNEvent.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E74B0A8E-68C0-4866-8288-53EFF8ECBC28}]
2008-04-22 20:42 167936 --a------ C:\Program Files\VideoSpeedy\VSpeed.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8}]
2007-12-14 21:39 77232 --a------ C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-17 15:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-17 15:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-17 15:00]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"stup.exe"="C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll" [2008-03-27 09:42]
"Adobe Reader Speed Launcher"="C:\Adobe Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"YLive.exe"="C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe" [2007-12-29 15:14]
"CNRN"="C:\PROGRA~1\CNRN\RNMain.exe" []
"CNRNRNHelper.dll"="C:\PROGRA~1\CNRN\RNMain.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-26 19:48]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 14:36]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:00]
"PPS Accelerator"="C:\Program Files\PPStream\ppsap.exe" [2008-01-17 14:48]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"=ctfmon.exe
C:\Documents and Settings\All Users\「开始」菜单\程序\启动\
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2008-5-2 下午 06:46:44]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D7B21266-AA85-44b8-B516-3B1A69827400}"= C:\PROGRA~1\CNRN\RNEvent.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
-- End of Deckard's System Scanner: finished at 2008-05-09 00:35:50 ------------
3. DSS Extra.txt
--------------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Chinese
CPU 0: Genuine Intel® CPU T2300 @ 1.66GHz
CPU 1: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 1022.04 MiB / 675.82 MiB
Pagefile Memory (total/avail): 2458.29 MiB / 2227.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.92 MiB
C: is Fixed (NTFS) - 9.77 GiB total, 0.33 GiB free.
D: is Fixed (NTFS) - 22.46 GiB total, 4.67 GiB free.
E: is Fixed (NTFS) - 23.66 GiB total, 9.09 GiB free.
F: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - FUJITSU MHV2060BH PL - 55.9 GiB - 3 partitions
\PARTITION0 (bootable) - 可安装文件系统 - 9.77 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 46.12 GiB - D: - E:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntivirusOverride is set.
FW: 卡巴斯基互联网安全套装 v7.0.0.125 (卡巴斯基试验室)
DisabledAV: 卡巴斯基互联网安全套装 v7.0.0.125 (卡巴斯基试验室)
Disabled[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"="D:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe:*:Enabled:Thunder"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPS网络电视"
"C:\\Program Files\\PPStream\\PPSAP.exe"="C:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled:PPS 网络加速器"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\hp\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HP-3A88CA1F13FE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\hp
LOGONSERVER=\\HP-3A88CA1F13FE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\hp\LOCALS~1\Temp
TMP=C:\DOCUME~1\hp\LOCALS~1\Temp
USERDOMAIN=HP-3A88CA1F13FE
USERNAME=hp
USERPROFILE=C:\Documents and Settings\hp
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
hp
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Chinese Simplified --> MsiExec.exe /I{AC76BA86-7AD7-2052-7B44-A81200000003}
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -Iwis30B2a.inf
DopLive 1.3.313.1 --> "C:\Program Files\DopLive\unins000.exe"
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_wis30B2m\HXFSETUP.EXE -U -Iwis30B2m.INF
HijackThis 2.0.2 --> "D:\HijackThis\HijackThis.exe" /uninstall
HP Pavilion Webcam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\Setup.exe" -l0x804 -u
Intel® PRO Network Connections Drivers --> Prounstl.exe
Mozilla Firefox (2.0.0.14) --> C:\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PPLive 1.9 --> C:\Program Files\PPLive\uninst.exe
PPS --> "C:\Program Files\PPS\unins000.exe"
PPS网络电视 --> C:\Program Files\PPStream\uninst.exe
QQ2008 贺岁版 --> C:\Program Files\Tencent\QQ\uninst.exe
QQ工具栏 --> RUNDLL32.EXE C:\PROGRA~1\Tencent\QQTOOL~1\IEBar.dll,UnInstall
QQ聊天室 --> "C:\Program Files\Tencent\QQChat\uninstall.exe"
QQ音乐7.1Beta09 --> C:\Program Files\Tencent\QQ\QQMusicUninst.exe
QQ游戏 --> C:\Program Files\Tencent\QQGame\Uninstall.EXE
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
VideoSpeedy Platform --> "C:\Program Files\VideoSpeedy\unins000.exe"
Windows XP (KB923689) 安全更新 -->
Windows XP (KB941569) 安全更新 --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB911562) -->
Windows XP 安全更新 (KB920213) -->
Windows XP 安全更新 (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB925454) -->
Windows XP 安全更新 (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB944338) --> "C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB947864) --> "C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Windows XP 更新 (KB898461) -->
Windows XP 更新 (KB900485) -->
Windows XP 更新 (KB908531) -->
Windows XP 更新 (KB916595) -->
Windows XP 更新 (KB920872) -->
Windows XP 更新 (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Windows XP 更新 (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Windows XP 更新 (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Windows XP 更新 (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Windows XP 更新 (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Windows XP 更新 (KB946627) --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Windows XP 修补程序 (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Windows XP 修补程序包 - KB885836 -->
Windows XP 修补程序包 - KB890859 -->
Windows XP 修补程序包 - KB891781 -->
WinRAR 压缩文件管理器 --> C:\Program Files\WinRAR\uninstall.exe
WPS Office 个人版 (6.3.0.1519) --> d:\Program Files\Kingsoft\WPS Office Personal\utility\uninst.exe
暴风影音 --> C:\Program Files\StormII\uninst.exe
超级旋风 1.8.170.201 --> C:\Program Files\Tencent\QQDownload\uninst.exe
大智慧v5.6 --> c:\dzh\unins000.exe
卡巴斯基互联网安全套装 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
卡巴斯基互联网安全套装 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
酷狗音乐2008(测试版) --> C:\PROGRA~1\KuGou\KUGOU2~1\UNWISE.EXE C:\PROGRA~1\KuGou\KUGOU2~1\INSTALL.LOG
连连看 v4.1 简体中文精装版 --> "C:\Program Files\连连看简体中文精装版\unins000.exe"
搜狗拼音输入法 3.2 正式版 (3.2.0.0605) --> "C:\Program Files\SogouInput\Uninstall.exe"
腾讯中文搜搜 --> Rundll32.exe C:\WINDOWS\system32\Scrax.dll,Uninstall
迅雷5 --> "d:\Program Files\Thunder Network\Thunder\unins000.exe"
一键GHOST v11.0 Build 070707 --> "c:\dosh\ghos\uninstall.exe" "/U:c:\dosh\ghos\uninstall.xml"
招商银行一网通网盾 --> C:\Program Files\CMBCHINA\WebProtect\Setup.exe UNINSTALL
招商证券全能版 --> C:\WINDOWS\TdxUnInstall.exe c:\new_zszq\
中文上网2007 --> C:\Program Files\CNRN\RNMain.exe C:\Program Files\CNRN\CNRN.dll,ControlPanel
-- Application Event Log -------------------------------------------------------
Event Record #/Type1627 / Error
Event Submitted/Written: 05/09/2008 00:02:07 AM
Event ID/Source: 3001 / LoadPerf
Event Description:
注册表中性能计数器名称字符串数值的格式不正确。
不正确的字符串是 7592,不正确的索引值是数据节中的第一个 DWORD 值,
最后的有效索引值是数据节中的第二个和第三个 DWORD 值。
Event Record #/Type1626 / Warning
Event Submitted/Written: 05/09/2008 00:02:06 AM
Event ID/Source: 2006 / LoadPerf
Event Description:
性能注册表的 LastCounter 和 LastHelp 值不正确,需要更新。
数据段中的第一个和第二个 DWORDs 是原始值,
第三个和第四个 DWORDs 是经过更新的新值。
Event Record #/Type1621 / Error
Event Submitted/Written: 05/08/2008 09:52:54 PM
Event ID/Source: 3001 / LoadPerf
Event Description:
注册表中性能计数器名称字符串数值的格式不正确。
不正确的字符串是 7592,不正确的索引值是数据节中的第一个 DWORD 值,
最后的有效索引值是数据节中的第二个和第三个 DWORD 值。
Event Record #/Type1620 / Warning
Event Submitted/Written: 05/08/2008 09:52:54 PM
Event ID/Source: 2006 / LoadPerf
Event Description:
性能注册表的 LastCounter 和 LastHelp 值不正确,需要更新。
数据段中的第一个和第二个 DWORDs 是原始值,
第三个和第四个 DWORDs 是经过更新的新值。
Event Record #/Type1615 / Error
Event Submitted/Written: 05/08/2008 03:21:51 PM
Event ID/Source: 3001 / LoadPerf
Event Description:
注册表中性能计数器名称字符串数值的格式不正确。
不正确的字符串是 7592,不正确的索引值是数据节中的第一个 DWORD 值,
最后的有效索引值是数据节中的第二个和第三个 DWORD 值。
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type7205 / Warning
Event Submitted/Written: 05/08/2008 00:12:49 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP 已经达到并发 TCP 连接尝试次数的安全限制。
Event Record #/Type7204 / Warning
Event Submitted/Written: 05/08/2008 10:13:26 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP 已经达到并发 TCP 连接尝试次数的安全限制。
Event Record #/Type7201 / Warning
Event Submitted/Written: 05/08/2008 09:19:13 AM
Event ID/Source: 1007 / Dhcp
Event Description:
计算机已自动配置网络地址为 0018DE0D06BF 的网卡的 IP 地址。
使用的 IP 地址是 169.254.153.238。
Event Record #/Type7197 / Warning
Event Submitted/Written: 05/08/2008 09:16:48 AM
Event ID/Source: 1007 / Dhcp
Event Description:
计算机已自动配置网络地址为 0018DE0D06BF 的网卡的 IP 地址。
使用的 IP 地址是 169.254.153.238。
Event Record #/Type7195 / Warning
Event Submitted/Written: 05/08/2008 08:45:05 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP 已经达到并发 TCP 连接尝试次数的安全限制。
-- End of Deckard's System Scanner: finished at 2008-05-09 00:35:50 ------------
Thanks, lazykitty