uret463.exe [Solved]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

uret463.exe [Solved]

#1 kelvindou

Group: Member
Posts: 41
Joined: 29-September 05

Posted 23 August 2009 - 10:41 AM

Hi,

My norton antivirus said my pc was infected a Trojan with file "uret463.exe".

I used Malwarebytes' Anti-Malware and manually remove the entry in the registry however every time I restart the pc, that entry still remain in the registry.

Please help...

Thanks,
Kelvin

#2 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 24 August 2009 - 07:56 AM

Hello, kelvindou, and welcome to GeeksToGo! Before I can help you, please do the following:

Please follow the steps in this topic, and post back with the following logs if you are still having problems and I will look over the log for you:

Malwarebytes' Anti-Malware log
OTL.txt and Extras.txt
RootRepeal.txt

If something doesn't work, make a note of it, and move on to the next step. Tell me if anything doesn't work, but make sure you tried everything first.

#3 kelvindou

Group: Member
Posts: 41
Joined: 29-September 05

Posted 24 August 2009 - 11:52 AM

Hi,

Really thanks for your help. I did follow the steps and when I run Malwarebytes' an error occur when the "first" virus detected but when I click "ok" the program keep on running and generate the log.

The error message in the file "Malwarebytes_error.jpg"

Following are those logs.

Malwarebytes' Anti-Malware 1.40
Database version: 2688
Windows 5.1.2600 Service Pack 2

25/8/2009 1:23:46
mbam-log-2009-08-25 (01-23-46).txt

Scan type: Quick Scan
Objects scanned: 97315
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dorfgwe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 25/8/2009 1:36:56 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Win XP User\桌面
Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.55% Memory free
3.85 Gb Paging File | 3.39 Gb Available in Paging File | 88.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 28.67 Gb Free Space | 51.30% Space Free | Partition Type: NTFS
Drive D: | 93.15 Gb Total Space | 26.34 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 5.05 Gb Free Space | 3.39% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER3424-EEA723
Current User Name: Win XP User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/06/13 21:22:28 | 00,977,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/04/17 12:30:48 | 00,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/14 17:21:00 | 16,270,848 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/01/12 03:01:32 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2005/04/08 15:52:30 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/06/06 23:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2004/10/14 00:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/06/25 15:12:42 | 01,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2006/11/17 11:26:34 | 00,065,536 | ---- | M] (PenPower) -- C:\WINPENJR\WIN32\CustomNew.exe
PRC - [2007/03/22 14:02:12 | 00,512,000 | ---- | M] () -- C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe
PRC - [2006/10/27 12:28:36 | 00,065,536 | ---- | M] () -- C:\WINPENJR\WIN32\pphidpad.exe
PRC - [2006/09/08 10:17:50 | 00,045,056 | ---- | M] (PenPower) -- C:\WINPENJR\WIN32\Msnchk.exe
PRC - [2006/10/23 16:09:48 | 00,098,304 | ---- | M] () -- C:\WINPENJR\WIN32\PPHBUF.EXE
PRC - [2006/09/08 10:15:58 | 00,024,064 | ---- | M] () -- C:\WINPENJR\WIN32\DRAWOBJ.EXE
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/04/20 06:05:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/03/30 10:11:14 | 00,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/05/28 13:45:00 | 00,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/05/11 14:15:00 | 00,128,000 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009/08/25 00:02:35 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Win XP User\桌面\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2005/04/08 15:54:50 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/14 14:36:00 | 00,066,056 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2004/08/04 00:47:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/12/05 12:44:48 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2007/04/20 06:05:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/04/17 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2005/04/05 11:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2005/03/30 21:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2006/11/02 23:09:48 | 00,897,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hk.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://s4.travian.hk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/03 22:51:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/01 21:35:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/15 02:58:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/16 00:51:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/16 00:51:28 | 00,000,000 | ---D | M]

[2008/11/09 01:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\mozilla\Extensions
[2008/11/09 01:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/22 19:32:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\mozilla\Firefox\Profiles\z27rekds.default\extensions
[2009/08/24 01:16:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/16 00:51:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/03 22:51:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/01/03 00:53:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/27 08:21:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/16 00:51:18 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/16 00:51:18 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/16 00:51:23 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/14 14:36:36 | 00,032,456 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/08/16 00:51:24 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/16 00:51:24 | 00,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\findbook-zh-TW.xml
[2009/08/16 00:51:24 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/16 00:51:24 | 00,001,222 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-zh-TW.xml
[2009/08/16 00:51:24 | 00,001,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-answer-zh-TW.xml
[2009/08/16 00:51:24 | 00,000,843 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-bid-zh-TW.xml
[2009/08/16 00:51:24 | 00,000,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-zh-TW.xml

O1 HOSTS File: (303436 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 10468 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live 登入小幫手) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
O4 - HKCU..\Run: [CustMain.exe] C:\WINPENJR\WIN32\CustMain.EXE ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ｹqｸ｣ｺﾝｮM･.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\WL Utility.lnk = C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe ()
O4 - Startup: C:\Documents and Settings\Win XP User\「開始」功能表\程式集\啟動\netvigator.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} http://wifi.nintendo...k/usbaptest.cab (USBAPTester Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} http://txn02.hkjc.co...ect/eWinCtl.cab (DataStorage Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} http://txn01.hkjc.co...ect/eWinCtl.cab (DataStore Class)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (目前的首頁) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/11 20:46:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/25 01:10:22 | 00,000,051 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/08/25 01:10:22 | 00,000,051 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/08/25 01:10:22 | 00,000,051 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{03588e0b-1f3c-11dc-bd40-001a4d436499}\Shell - "" = AutoRun
O33 - MountPoints2\{464c08ea-e764-11dc-be9e-001a4d436499}\Shell - "" = AutoRun
O33 - MountPoints2\{464c08ea-e764-11dc-be9e-001a4d436499}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{475ea8c2-afed-11dc-be69-001a4d436499}\Shell\AutoRun\command - "" = H:\j0.exe -- File not found
O33 - MountPoints2\{475ea8c2-afed-11dc-be69-001a4d436499}\Shell\open\Command - "" = H:\j0.exe -- File not found
O33 - MountPoints2\{df69fc3a-fa84-11dd-80dc-001a4d436499}\Shell\AutoRun\command - "" = G:\j0.exe -- File not found
O33 - MountPoints2\{df69fc3a-fa84-11dd-80dc-001a4d436499}\Shell\open\Command - "" = G:\j0.exe -- File not found
O33 - MountPoints2\{eaa40ca0-9780-11dc-be3c-001a4d436499}\Shell - "" = AutoRun
O33 - MountPoints2\{eaa40ca0-9780-11dc-be3c-001a4d436499}\Shell\Auto\command - "" = H:\auto.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/25 01:36:19 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Win XP User\桌面\OTL.exe
[2009/08/25 01:17:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/25 01:16:39 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Win XP User\桌面\NTREGOPT.lnk
[2009/08/25 01:16:39 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Win XP User\桌面\ERUNT.lnk
[2009/08/25 01:16:38 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/25 00:00:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Win XP User\桌面\Geek
[2009/08/24 23:21:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/08/24 23:21:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/08/24 23:20:57 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/08/23 23:58:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Win XP User\Application Data\Malwarebytes
[2009/08/23 23:58:49 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2009/08/23 23:58:46 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/23 23:58:45 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/23 23:58:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/23 23:58:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/20 22:29:44 | 00,113,708 | RHS- | C] () -- C:\j0.exe
[2009/08/20 22:29:44 | 00,000,051 | RHS- | C] () -- C:\autorun.inf
[2009/08/20 22:25:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Win XP User\桌面\MP3
[2009/08/15 21:14:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/08/15 21:11:59 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/08/14 00:38:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles

========== Files - Modified Within 14 Days ==========

[2009/08/25 01:26:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/25 01:26:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/25 01:16:39 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Win XP User\桌面\NTREGOPT.lnk
[2009/08/25 01:16:39 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Win XP User\桌面\ERUNT.lnk
[2009/08/25 01:10:22 | 00,000,051 | RHS- | M] () -- C:\autorun.inf
[2009/08/25 00:04:07 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/25 00:02:35 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Win XP User\桌面\OTL.exe
[2009/08/24 22:36:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/24 22:17:57 | 00,055,464 | ---- | M] () -- C:\Documents and Settings\Win XP User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/23 23:58:49 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2009/08/23 23:31:08 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/15 21:14:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/15 09:58:54 | 00,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/15 03:00:39 | 01,132,916 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/15 03:00:39 | 00,453,656 | ---- | M] () -- C:\WINDOWS\System32\prfh0404.dat
[2009/08/15 03:00:39 | 00,443,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/15 03:00:39 | 00,173,122 | ---- | M] () -- C:\WINDOWS\System32\prfc0404.dat
[2009/08/15 03:00:39 | 00,071,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/15 02:54:12 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Win XP User\桌面\tra.xls
[2009/08/15 01:03:20 | 00,113,708 | RHS- | M] () -- C:\j0.exe

========== LOP Check ==========

[2009/08/23 23:58:45 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/22 21:48:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/05/11 21:23:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/07/01 21:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/08/06 22:53:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2007/08/06 20:16:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/08/23 23:58:50 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Win XP User\Application Data
[2007/05/11 21:11:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Ahead
[2007/05/28 02:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\CyberLink
[2007/07/14 04:10:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\dvdcss
[2007/08/08 01:02:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Flickr
[2009/07/24 00:50:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\gtk-2.0
[2009/08/23 15:25:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\ImgBurn
[2008/03/08 01:02:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Leadertech
[2008/06/16 02:03:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Nokia
[2008/06/16 02:07:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Nseries
[2009/06/20 01:41:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\PC Suite
[2008/08/14 19:38:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\ppstream
[2009/05/09 00:20:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Teleca
[2008/03/01 16:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\U3
[2008/05/02 03:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Xi
[2008/05/25 22:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\XLink Kai
[2009/08/24 22:36:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001/09/17 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/25 01:26:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2009/08/15 01:03:20 | 00,113,708 | RHS- | M] () -- C:\j0.exe

< %systemroot%\system32\eventlog.dll >
[2004/08/04 00:47:38 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2004/08/04 00:47:46 | 00,171,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Files - Unicode (All) ==========
[2008/06/16 01:55:07 | 00,001,844 | ---- | C] ()(C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ?q?????M?.lnk) -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ｹqｸ｣ｺﾝｮM･.lnk
[2008/06/16 01:55:07 | 00,001,844 | ---- | M] ()(C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ?q?????M?.lnk) -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ｹqｸ｣ｺﾝｮM･.lnk
< End of report >

OTL Extras logfile created on: 25/8/2009 1:36:56 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Win XP User\桌面
Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.55% Memory free
3.85 Gb Paging File | 3.39 Gb Available in Paging File | 88.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 28.67 Gb Free Space | 51.30% Space Free | Partition Type: NTFS
Drive D: | 93.15 Gb Total Space | 26.34 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 5.05 Gb Free Space | 3.39% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER3424-EEA723
Current User Name: Win XP User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"15336:TCP" = 15336:TCP:*:Enabled:BitComet 15336 TCP
"15336:UDP" = 15336:UDP:*:Enabled:BitComet 15336 UDP
"23672:TCP" = 23672:TCP:*:Enabled:BitComet 23672 TCP
"23672:UDP" = 23672:UDP:*:Enabled:BitComet 23672 UDP
"19528:TCP" = 19528:TCP:*:Enabled:Foxy (218.255.56.193:19528) 19528 TCP
"19528:UDP" = 19528:UDP:*:Enabled:Foxy (218.255.56.193:19528) 19528 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPStream -- File not found
"C:\Program Files\Foxy\Foxy.exe" = C:\Program Files\Foxy\Foxy.exe:*:Enabled:Foxy -- File not found
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\XLink Kai Evolution VII\kaiLaunch.exe" = C:\Program Files\XLink Kai Evolution VII\kaiLaunch.exe:*:Enabled:XLink Kai Evolution 7 Launcher -- File not found
"C:\Program Files\XLink Kai Evolution VII\kaiEngine.exe" = C:\Program Files\XLink Kai Evolution VII\kaiEngine.exe:*:Enabled:XLink Kai Evolution 7 Engine -- File not found
"C:\Program Files\Xi\NetXfer\NetTransport.exe" = C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager -- File not found
"C:\Program Files\XLink Kai\kaiEngine.exe" = C:\Program Files\XLink Kai\kaiEngine.exe:*:Enabled:XLink Kai Evolution 7 Engine -- (http://www.teamxlink.co.uk (Team XLink))
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B76561B-A254-44F2-B78D-E18705FBE9F0}" = Windows Presentation Foundation Language Pack (CHT)
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{10106AA7-38E7-4348-8396-9F535DF763EF}" = MSTPCRT
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live 上載工具
"{20FF019B-1346-453F-B3BB-95795FA2E085}" = Windows Communication Foundation Language Pack - CHT
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 13
"{2CBE25E7-BB9A-4FD3-BED2-496110D50BA9}" = Nokia NSeries System Utilities
"{2F10F540-4126-45B5-B14C-9B8D119205E6}" = Windows Workflow Foundation ZH-CHT Language Pack
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B6-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39C1989E-E086-4AB7-BB19-8AB97006DE77}" = Nokia NSeries Application Installer
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4E4F8EE0-43EC-4AB9-9A04-702F2AE7E229}" = Windows Live 登入小幫手
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{581CE7EA-A30D-0000-1211-088635773309}" = WIFI LINK IEEE 802.11 b+g Wireless LAN - USB
"{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec AntiVirus
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BD5BA64-404E-4D4C-80D1-70EF72EC3D6D}" = Microsoft .NET Framework 3.0 Traditional Chinese Language Pack
"{7148F0A8-6813-11D6-A77B-00B0D0142140}" = Java 2 Runtime Environment, SE v1.4.2_14
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7FB3F08E-0959-4C27-B22C-C0C9C1871028}" = Nero 7 Essentials
"{87C24822-389C-45AA-9E75-0757B8F1A892}" = XLink Kai
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A60F05F-7DD5-4F50-86A1-C1227E049C8C}" = Nokia NSeries One Touch Access
"{90110404-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9465CD4C-1CE3-47EB-896C-C17C02BEA48C}" = Windows Live Call
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1028-7B44-A91000000001}" = Adobe Reader 9.1.3 - Chinese Traditional
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE156750-B9B5-4063-84F7-22FF638AF350}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3EB9E6A-9237-4057-908D-E9E586A28413}" = Nokia NSeries Music Manager
"{D6EA782B-EE50-4916-AD66-3CCD50A850A8}" = Nokia NSeries Content Copier
"{DD4C0A88-E905-44CC-A558-5BBE656DEDC8}" = Altiris Philips SmartManage Agent
"{DE7ED7D4-B603-4678-8CFD-09BD55C2A736}" = Windows Live 程式集
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7D53B02-2C51-4CF5-9A51-F7A6D658EA5A}" = 小蒙恬
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows 驅動程式封裝 - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows 驅動程式封裝 - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Allok RM RMVB to AVI MPEG DVD Converter_is1" = Allok RM RMVB to AVI MPEG DVD Converter 2.2.0807
"Allok Video to DVD Burner_is1" = Allok Video to DVD Burner 2.2.0429
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows 驅動程式封裝 - Nokia Modem (02/15/2007 3.1)
"BitComet" = BitComet 0.70
"CCleaner" = CCleaner (remove only)
"Defraggler" = Defraggler (remove only)
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows 驅動程式封裝 - Nokia Modem (06/01/2009 4.1)
"ERUNT_is1" = ERUNT 1.1j
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows 驅動程式封裝 - Nokia Modem (06/01/2009 7.01.0.3)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 2.2.0
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0 Traditional Chinese Language Pack" = Reg Error: Invalid data type.
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia NSeries Application Installer" = Nokia NSeries Application Installer 6.84.2112
"Nokia NSeries Content Copier" = Nokia NSeries Content Copier 6.84.2112
"Nokia NSeries Music Manager" = Nokia NSeries Music Manager 6.84.2112
"Nokia NSeries One Touch Access" = Nokia NSeries One Touch Access 6.84.2112
"Nokia NSeries System Utilities" = Nokia NSeries System Utilities 6.84.2112
"Nokia PC Suite" = Nokia 電腦端套件
"NVIDIA Drivers" = NVIDIA Drivers
"Panda ActiveScan" = Panda ActiveScan
"PrimoPDF3.1" = PrimoPDF
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Super Card_is1" = SC Ver 2.66
"Unlocker" = Unlocker 1.8.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live 程式集
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/8/2009 13:24:18 | Computer Name = USER3424-EEA723 | Source = Application Error | ID = 1000
Description = 失敗的應用程式 wlcomm.exe，版本 14.0.8064.206，失敗的模組 lhgjyit0.dll，版本 0.0.0.0，錯誤位址
0x0002263a。

Error - 22/8/2009 13:24:40 | Computer Name = USER3424-EEA723 | Source = Application Error | ID = 1000
Description = 失敗的應用程式 wlcomm.exe，版本 14.0.8064.206，失敗的模組 lhgjyit0.dll，版本 0.0.0.0，錯誤位址
0x0002263a。

Error - 23/8/2009 11:33:47 | Computer Name = USER3424-EEA723 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Trojan.Packed.NsAnti in File: c:\documents
and settings\win xp user\local settings\temp\uret463.exe by: Manual scan. Action:
Clean failed : Quarantine failed. Action Description: The file was left unchanged.

Error - 23/8/2009 11:33:49 | Computer Name = USER3424-EEA723 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Trojan.Packed.NsAnti in File: c:\documents
and settings\win xp user\local settings\temp\uret463.exe by: Manual scan. Action:
Clean failed : Quarantine failed. Action Description:

Error - 23/8/2009 11:34:29 | Computer Name = USER3424-EEA723 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Trojan.Packed.NsAnti in File: c:\documents
and settings\win xp user\local settings\temp\uret463.exe by: Manual scan. Action:
Leave Alone succeeded. Action Description: The file was left unchanged.

Error - 23/8/2009 11:34:29 | Computer Name = USER3424-EEA723 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Trojan.Packed.NsAnti in File: c:\documents
and settings\win xp user\local settings\temp\uret463.exe by: Manual scan. Action:
Delete succeeded. Action Description: The file was deleted successfully.

Error - 23/8/2009 20:09:45 | Computer Name = USER3424-EEA723 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Trojan.Packed.NsAnti in File: c:\documents
and settings\win xp user\local settings\temp\uret463.exe by: Manual scan. Action:
Clean failed : Quarantine failed. Action Description: The file was left unchanged.

Error - 23/8/2009 20:09:47 | Computer Name = USER3424-EEA723 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Trojan.Packed.NsAnti in File: c:\documents
and settings\win xp user\local settings\temp\uret463.exe by: Manual scan. Action:
Clean failed : Quarantine failed. Action Description:

Error - 24/8/2009 10:11:20 | Computer Name = USER3424-EEA723 | Source = Application Error | ID = 1000
Description = 失敗的應用程式 wlcomm.exe，版本 14.0.8064.206，失敗的模組 lhgjyit0.dll，版本 0.0.0.0，錯誤位址
0x0002263a。

Error - 24/8/2009 11:23:28 | Computer Name = USER3424-EEA723 | Source = Application Error | ID = 1000
Description = 失敗的應用程式 wlcomm.exe，版本 14.0.8064.206，失敗的模組 lhgjyit0.dll，版本 0.0.0.0，錯誤位址
0x0002263a。

[ System Events ]
Error - 18/8/2009 19:58:00 | Computer Name = USER3424-EEA723 | Source = W32Time | ID = 39452701
Description = 時間提供者 NtpClient 已經設定成從某些時間來源取得時間，不過目前沒有可存取的時間來源，將嘗試在 14 分內連絡上一個來源。
NTPCLIENT
沒有正確的時間來源。

Error - 22/8/2009 15:14:13 | Computer Name = USER3424-EEA723 | Source = Disk | ID = 262155
Description = 驅動程式在 \Device\Harddisk1\D 上偵測到控制器錯誤。

Error - 24/8/2009 13:10:31 | Computer Name = USER3424-EEA723 | Source = Service Control Manager | ID = 7031
Description = Apple Mobile Device 服務意外終止，服務曾完成這項動作 1 次。以下的修正操作將在 60000 毫秒內執行: 重新啟動服務。

Error - 24/8/2009 13:10:31 | Computer Name = USER3424-EEA723 | Source = Service Control Manager | ID = 7034
Description = Bonjour ?A?? 服務意外地終止。已經發生 1 次。

Error - 24/8/2009 13:10:31 | Computer Name = USER3424-EEA723 | Source = Service Control Manager | ID = 7034
Description = Symantec AntiVirus Definition Watcher 服務意外地終止。已經發生 1 次。

Error - 24/8/2009 13:10:31 | Computer Name = USER3424-EEA723 | Source = Service Control Manager | ID = 7034
Description = Java Quick Starter 服務意外地終止。已經發生 1 次。

Error - 24/8/2009 13:10:31 | Computer Name = USER3424-EEA723 | Source = Service Control Manager | ID = 7034
Description = NVIDIA Display Driver Service 服務意外地終止。已經發生 1 次。

Error - 24/8/2009 13:10:31 | Computer Name = USER3424-EEA723 | Source = Service Control Manager | ID = 7034
Description = Symantec Settings Manager 服務意外地終止。已經發生 1 次。

Error - 24/8/2009 13:10:31 | Computer Name = USER3424-EEA723 | Source = Service Control Manager | ID = 7034
Description = Symantec Event Manager 服務意外地終止。已經發生 1 次。

Error - 24/8/2009 13:10:31 | Computer Name = USER3424-EEA723 | Source = Service Control Manager | ID = 7034
Description = ServiceLayer 服務意外地終止。已經發生 1 次。

< End of report >

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/25 01:33
Program Version: Version 1.3.5.0
Windows Version: Windows XP Tablet PC Edition SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB4EDB000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADE2000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP2608
Image Path: \Driver\PCI_PNP2608
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB2AFB000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spuu.sys
Image Path: spuu.sys
Address: 0xBA6A9000 Size: 1040384 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x89b4d5f8

#: 041 Function Name: NtCreateKey
Status: Hooked by "spuu.sys" at address 0xba6aa0e0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spuu.sys" at address 0xba6c7ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spuu.sys" at address 0xba6c8030

#: 119 Function Name: NtOpenKey
Status: Hooked by "spuu.sys" at address 0xba6aa0c0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spuu.sys" at address 0xba6c8108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spuu.sys" at address 0xba6c7f88

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spuu.sys" at address 0xba6c819a

==EOF==

Once again, really thanks for your help.

Kelvin

Attached thumbnail(s)

#4 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 24 August 2009 - 08:49 PM

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#5 kelvindou

Group: Member
Posts: 41
Joined: 29-September 05

Posted 25 August 2009 - 11:22 AM

Hi,

Thanks for your help. After running ComboFix a "Internet Explorer" icon was created on my Desktop.

Following is ComboFix.txt.

ComboFix 09-08-24.06 - Win XP User 8/2009 Wed 1:05.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.852.1028.18.2046.1389 [GMT 8:00]
執行位置: c:\documents and settings\Win XP User\桌面\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* 成功創造新還原點
.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\Win XP User\My Documents\PowerDVD6\_desktop.ini
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\backup_0622.reg
c:\windows\Installer\29da33.msi
D:\Autorun.inf
E:\autorun.inf

.
((((((((((((((((((((((((( 2009-07-25 至 2009-08-25 的新的檔案 )))))))))))))))))))))))))))))))
.

2009-08-24 17:16 . 2009-08-24 17:16 -------- d-----w- c:\program files\ERUNT
2009-08-24 15:21 . 2009-08-24 15:21 -------- d-----w- c:\program files\Microsoft
2009-08-24 15:21 . 2009-08-24 15:21 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-24 15:20 . 2009-08-24 15:21 -------- d-----w- c:\program files\Windows Live
2009-08-24 14:36 . 2009-08-24 14:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-23 15:58 . 2009-08-23 15:58 -------- d-----w- c:\documents and settings\Win XP User\Application Data\Malwarebytes
2009-08-23 15:58 . 2009-08-03 05:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 15:58 . 2009-08-23 15:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 15:58 . 2009-08-23 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-23 15:58 . 2009-08-03 05:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 14:29 . 2009-08-14 17:03 113708 --sh--r- C:\j0.exe
2009-08-15 13:19 . 2009-08-15 13:19 -------- d-sh--w- c:\documents and settings\Win XP User\IECompatCache
2009-08-15 13:17 . 2009-08-15 13:17 -------- d-sh--w- c:\documents and settings\Win XP User\PrivacIE
2009-08-15 13:16 . 2009-08-15 13:16 -------- d-sh--w- c:\documents and settings\Win XP User\IETldCache
2009-08-15 13:14 . 2009-07-03 16:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-15 13:14 . 2009-07-03 16:55 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-15 13:14 . 2009-08-15 13:14 -------- d-----w- c:\windows\ie8updates
2009-08-15 13:13 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-15 13:11 . 2009-08-15 13:13 -------- dc-h--w- c:\windows\ie8
2009-08-13 16:38 . 2009-08-13 16:38 -------- d-----w- c:\windows\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 17:02 . 2007-05-11 13:20 -------- d-----w- c:\program files\Symantec AntiVirus
2009-08-25 15:32 . 2008-07-31 16:15 -------- d-----w- c:\documents and settings\Win XP User\Application Data\gtk-2.0
2009-08-24 14:17 . 2007-05-11 12:52 55464 ----a-w- c:\documents and settings\Win XP User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 07:25 . 2009-07-23 17:00 -------- d-----w- c:\documents and settings\Win XP User\Application Data\ImgBurn
2009-08-14 19:00 . 2001-09-17 00:00 453656 ----a-w- c:\windows\system32\prfh0404.dat
2009-08-14 19:00 . 2001-09-17 00:00 173122 ----a-w- c:\windows\system32\prfc0404.dat
2009-08-05 09:05 . 2004-08-03 16:47 201728 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 17:23 . 2007-09-14 20:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-26 08:44 . 2009-07-26 08:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-23 16:59 . 2009-07-23 16:59 -------- d-----w- c:\program files\ImgBurn
2009-07-23 16:27 . 2009-07-23 16:27 -------- d-----w- c:\program files\GIMP-2.0
2009-07-18 14:02 . 2009-07-18 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-18 14:02 . 2009-07-18 14:02 -------- d-----w- c:\program files\NOS
2009-07-17 18:56 . 2004-08-03 16:47 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:43 . 2004-08-03 16:47 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 14:12 . 2009-07-11 14:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-11 14:12 . 2009-07-11 14:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-07-03 16:55 . 2004-08-03 16:47 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 13:35 . 2007-08-06 12:08 -------- d-----w- c:\program files\Nokia
2009-07-01 13:35 . 2007-08-06 12:09 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-01 13:35 . 2007-08-06 15:17 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-01 13:35 . 2009-07-01 13:35 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-01 13:34 . 2009-07-01 13:34 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-01 13:34 . 2009-07-01 13:34 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-01 13:34 . 2009-07-01 13:34 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-01 13:34 . 2009-07-01 13:34 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-01 13:33 . 2007-08-06 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-01 13:33 . 2009-07-01 13:34 34210984 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_chi_hk.exe
2009-06-25 18:34 . 2004-08-03 16:47 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:34 . 2004-08-03 16:47 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:34 . 2004-08-03 16:47 295936 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:34 . 2004-08-03 16:47 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:34 . 2004-08-03 16:47 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:34 . 2004-08-03 16:47 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:34 . 2004-08-03 16:47 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:34 . 2004-08-03 16:47 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:34 . 2004-08-03 16:47 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:34 . 2004-08-03 16:47 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:34 . 2004-08-03 16:47 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:34 . 2004-08-03 16:47 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 08:44 . 2004-08-03 16:47 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-03 16:47 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-03 16:47 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-03 16:47 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2004-08-03 16:47 702464 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-03 16:47 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:49 . 2004-08-03 16:48 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-03 16:48 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-03 16:48 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-03 14:58 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-03 14:59 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-19 17:45 . 2009-06-19 17:45 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
2009-06-19 17:45 . 2009-06-19 17:45 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
2009-06-19 17:45 . 2009-06-19 17:45 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
2009-06-19 17:45 . 2009-06-19 17:46 24376336 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13ZH_HK.exe
2009-06-16 14:53 . 2004-08-03 16:47 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:53 . 2001-09-17 00:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 11:32 . 2004-08-03 16:48 85504 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 11:32 . 2004-08-03 16:48 74240 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:23 . 2004-08-03 16:47 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:30 . 2004-08-03 16:47 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:45 . 2007-05-11 12:41 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:25 . 2004-08-03 16:47 1272320 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"CustMain.exe"="c:\winpenjr\WIN32\CustMain.EXE" [2006-10-27 32768]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-11 32768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 8429568]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-31 36864]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-17 1953792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"CJIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-22 66400]
"PHIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-22 98656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\XLink Kai\\kaiEngine.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15336:TCP"= 15336:TCP:BitComet 15336 TCP
"15336:UDP"= 15336:UDP:BitComet 15336 UDP
"23672:TCP"= 23672:TCP:BitComet 23672 TCP
"23672:UDP"= 23672:UDP:BitComet 23672 UDP
"19528:TCP"= 19528:TCP:Foxy (218.255.56.193:19528) 19528 TCP
"19528:UDP"= 19528:UDP:Foxy (218.255.56.193:19528) 19528 UDP

R1 ppmoucls;ppmoucls;c:\windows\system32\drivers\PPMOUCLS.SYS [14/5/2007 21:18 20704]
R1 pptchpad;PenPower Touchpad;c:\windows\system32\drivers\PPTCHPD5.SYS [14/5/2007 21:18 17216]
S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\drivers\aexpamdrv.sys [20/12/2005 10:57 27008]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [14/7/2007 3:25 16512]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [31/3/2008 1:25 446976]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [30/3/2008 1:42 20608]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [18/7/2009 22:02 66056]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [25/5/2008 22:12 36928]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [9/5/2009 1:17 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [9/5/2009 1:17 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [9/5/2009 1:17 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [9/5/2009 1:17 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [9/5/2009 1:17 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [9/5/2009 1:17 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [9/5/2009 1:17 115752]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [17/4/2005 12:30 124608]
S3 ZD1211BU(PLANEX COMMUNICATIONS INC.);PCI GW-US54GXS 54Mbps WLAN USB Adapter Driver(PLANEX COMMUNICATIONS INC.);c:\windows\system32\drivers\ZD1211BU.sys [30/3/2008 1:48 477696]
S3 ZD1211BU(WIFI LINK);WIFI LINK IEEE 802.11 b+g Wireless LAN Driver (USB)(WIFI LINK);c:\windows\system32\drivers\ZD1211BU.sys [30/3/2008 1:48 477696]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilDrv10910

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
‘計劃任務’ 文件夾裡的內容

2009-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 04:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

.
------- 而外的掃描 -------
.
uStart Page = hxxp://hk.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: 匯出至 Microsoft Office Excel(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {468AEC1E-7D17-46CC-9859-8C4662F69AB0} = 218.102.32.208 205.252.144.126
DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} - hxxp://wifi.nintendo.co.jp/information/r_check/usbaptest.cab
DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} - hxxp://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} - hxxp://txn01.hkjc.com/BetSlip/object/eWinCtl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Win XP User\Application Data\Mozilla\Firefox\Profiles\z27rekds.default\
FF - prefs.js: browser.startup.homepage - hxxp://s4.travian.hk/
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- 火狐配置文件 ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 01:08
Windows 5.1.2600 Service Pack 2 NTFS

掃描被隱藏的進程 ...

掃描被隱藏的啟動組 ...

掃描被隱藏的文件 ...

掃描完成
被隱藏的檔案: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk23.drv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CurVer]
@="BDATuner.元件.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
完成時間: 2009-08-25 1:09
ComboFix-quarantined-files.txt 2009-08-25 17:09

Pre-Run: 30,662,889,472 位元組可用
Post-Run: 30,621,151,232 位元組可用

WindowsXP-KB310994-SP2-Pro-BootDisk-CHT.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

303 --- E O F --- 2009-08-15 19:27

#6 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 25 August 2009 - 02:14 PM

Please post a new OTL log.

#7 kelvindou

Group: Member
Posts: 41
Joined: 29-September 05

Posted 26 August 2009 - 09:23 AM

OTL logfile created on: 26/8/2009 23:19:50 - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Win XP User\桌面
Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 64.84% Memory free
3.85 Gb Paging File | 3.37 Gb Available in Paging File | 87.65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 28.40 Gb Free Space | 50.81% Space Free | Partition Type: NTFS
Drive D: | 93.15 Gb Total Space | 26.34 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 5.05 Gb Free Space | 3.39% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER3424-EEA723
Current User Name: Win XP User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/04/20 06:05:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/06/13 21:22:28 | 00,977,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/04/17 12:30:48 | 00,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/14 17:21:00 | 16,270,848 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/01/12 03:01:32 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2005/04/08 15:52:30 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/06/06 23:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2004/10/14 00:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/06/25 15:12:42 | 01,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2006/11/17 11:26:34 | 00,065,536 | ---- | M] (PenPower) -- C:\WINPENJR\WIN32\CustomNew.exe
PRC - [2006/10/27 12:28:36 | 00,065,536 | ---- | M] () -- C:\WINPENJR\WIN32\pphidpad.exe
PRC - [2007/03/22 14:02:12 | 00,512,000 | ---- | M] () -- C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe
PRC - [2006/09/08 10:17:50 | 00,045,056 | ---- | M] (PenPower) -- C:\WINPENJR\WIN32\Msnchk.exe
PRC - [2006/10/23 16:09:48 | 00,098,304 | ---- | M] () -- C:\WINPENJR\WIN32\PPHBUF.EXE
PRC - [2006/09/08 10:15:58 | 00,024,064 | ---- | M] () -- C:\WINPENJR\WIN32\DRAWOBJ.EXE
PRC - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/03/30 10:11:14 | 00,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/05/28 13:45:00 | 00,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/05/11 14:15:00 | 00,128,000 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009/08/25 00:02:35 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Win XP User\桌面\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2005/04/08 15:54:50 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/14 14:36:00 | 00,066,056 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2004/08/04 00:47:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/12/05 12:44:48 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2007/04/20 06:05:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/04/17 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2005/04/05 11:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2005/03/30 21:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2006/11/02 23:09:48 | 00,897,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hk.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://s4.travian.hk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/01 21:35:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/15 02:58:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/03 22:51:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/16 00:51:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/16 00:51:28 | 00,000,000 | ---D | M]

[2008/11/09 01:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\mozilla\Extensions
[2008/11/09 01:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/22 19:32:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\mozilla\Firefox\Profiles\z27rekds.default\extensions
[2009/08/26 08:26:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/16 00:51:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/03 22:51:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/01/03 00:53:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/27 08:21:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/26 08:26:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/08/16 00:51:18 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/16 00:51:18 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/16 00:51:23 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/14 14:36:36 | 00,032,456 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/08/16 00:51:24 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/16 00:51:24 | 00,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\findbook-zh-TW.xml
[2009/08/16 00:51:24 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/16 00:51:24 | 00,001,222 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-zh-TW.xml
[2009/08/16 00:51:24 | 00,001,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-answer-zh-TW.xml
[2009/08/16 00:51:24 | 00,000,843 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-bid-zh-TW.xml
[2009/08/16 00:51:24 | 00,000,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-zh-TW.xml

O1 HOSTS File: (303436 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 10468 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live 登入小幫手) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [CustMain.exe] C:\WINPENJR\WIN32\CustMain.EXE ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ｹqｸ｣ｺﾝｮM･.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\WL Utility.lnk = C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe ()
O4 - Startup: C:\Documents and Settings\Win XP User\「開始」功能表\程式集\啟動\netvigator.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} http://wifi.nintendo...k/usbaptest.cab (USBAPTester Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} http://txn02.hkjc.co...ect/eWinCtl.cab (DataStorage Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} http://txn01.hkjc.co...ect/eWinCtl.cab (DataStore Class)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (目前的首頁) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/11 20:46:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/26 23:18:21 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Win XP User\桌面\OTL.exe
[2009/08/26 01:09:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/08/26 01:08:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/26 01:04:40 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/08/26 01:04:40 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/08/26 01:04:36 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/08/26 01:03:12 | 00,229,376 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/26 01:03:12 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/26 01:03:12 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/26 01:03:12 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/26 01:03:12 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/26 01:03:12 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/26 01:03:12 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/26 01:03:12 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/26 01:03:06 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/08/26 01:03:03 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/26 01:00:52 | 03,184,368 | R--- | C] () -- C:\Documents and Settings\Win XP User\桌面\ComboFix.exe
[2009/08/25 01:17:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/25 01:16:39 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Win XP User\桌面\NTREGOPT.lnk
[2009/08/25 01:16:39 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Win XP User\桌面\ERUNT.lnk
[2009/08/25 01:16:38 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/25 00:00:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Win XP User\桌面\Geek
[2009/08/24 23:21:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/08/24 23:21:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/08/24 23:20:57 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/08/23 23:58:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Win XP User\Application Data\Malwarebytes
[2009/08/23 23:58:49 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2009/08/23 23:58:46 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/23 23:58:45 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/23 23:58:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/23 23:58:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/20 22:29:44 | 00,113,708 | RHS- | C] () -- C:\j0.exe
[2009/08/20 22:25:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Win XP User\桌面\MP3
[2009/08/15 21:14:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/08/15 21:11:59 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/08/14 00:38:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles

========== Files - Modified Within 14 Days ==========

[2009/08/26 23:08:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/26 23:08:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/26 01:08:16 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/26 01:04:40 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/08/26 01:01:06 | 03,184,368 | R--- | M] () -- C:\Documents and Settings\Win XP User\桌面\ComboFix.exe
[2009/08/25 01:16:39 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Win XP User\桌面\NTREGOPT.lnk
[2009/08/25 01:16:39 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Win XP User\桌面\ERUNT.lnk
[2009/08/25 00:04:07 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/25 00:02:35 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Win XP User\桌面\OTL.exe
[2009/08/24 22:36:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/24 22:17:57 | 00,055,464 | ---- | M] () -- C:\Documents and Settings\Win XP User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/23 23:58:49 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2009/08/23 23:31:08 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/23 03:09:13 | 00,229,376 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/16 03:27:54 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/15 09:58:54 | 00,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/15 03:00:39 | 01,132,916 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/15 03:00:39 | 00,453,656 | ---- | M] () -- C:\WINDOWS\System32\prfh0404.dat
[2009/08/15 03:00:39 | 00,443,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/15 03:00:39 | 00,173,122 | ---- | M] () -- C:\WINDOWS\System32\prfc0404.dat
[2009/08/15 03:00:39 | 00,071,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/15 02:54:12 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Win XP User\桌面\tra.xls
[2009/08/15 01:03:20 | 00,113,708 | RHS- | M] () -- C:\j0.exe

========== LOP Check ==========

[2009/08/23 23:58:45 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/22 21:48:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/05/11 21:23:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/07/01 21:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/08/06 22:53:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2007/08/06 20:16:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/08/23 23:58:50 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Win XP User\Application Data
[2007/05/11 21:11:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Ahead
[2007/05/28 02:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\CyberLink
[2007/07/14 04:10:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\dvdcss
[2007/08/08 01:02:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Flickr
[2009/08/25 23:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\gtk-2.0
[2009/08/23 15:25:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\ImgBurn
[2008/03/08 01:02:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Leadertech
[2008/06/16 02:03:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Nokia
[2008/06/16 02:07:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Nseries
[2009/06/20 01:41:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\PC Suite
[2008/08/14 19:38:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\ppstream
[2009/05/09 00:20:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Teleca
[2008/03/01 16:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\U3
[2008/05/02 03:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Xi
[2008/05/25 22:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\XLink Kai
[2009/08/24 22:36:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001/09/17 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/26 23:08:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2009/08/15 01:03:20 | 00,113,708 | RHS- | M] () -- C:\j0.exe

< %systemroot%\system32\eventlog.dll >
[2004/08/04 00:47:38 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2004/08/04 00:47:46 | 00,171,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Files - Unicode (All) ==========
[2008/06/16 01:55:07 | 00,001,844 | ---- | C] ()(C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ?q?????M?.lnk) -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ｹqｸ｣ｺﾝｮM･.lnk
[2008/06/16 01:55:07 | 00,001,844 | ---- | M] ()(C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ?q?????M?.lnk) -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ｹqｸ｣ｺﾝｮM･.lnk
< End of report >

#8 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 26 August 2009 - 09:16 PM

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
[2009/08/20 22:29:44 | 00,113,708 | RHS- | C] () -- C:\j0.exe

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#9 kelvindou

Group: Member
Posts: 41
Joined: 29-September 05

Posted 27 August 2009 - 06:32 AM

OTL logfile created on: 27/8/2009 20:30:16 - Run 3
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Win XP User\桌面
Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 66.18% Memory free
3.85 Gb Paging File | 3.39 Gb Available in Paging File | 88.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 28.53 Gb Free Space | 51.04% Space Free | Partition Type: NTFS
Drive D: | 93.15 Gb Total Space | 26.34 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 5.05 Gb Free Space | 3.39% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER3424-EEA723
Current User Name: Win XP User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/06/13 21:22:28 | 00,977,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/04/17 12:30:48 | 00,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/14 17:21:00 | 16,270,848 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/01/12 03:01:32 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2005/04/08 15:52:30 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/06/06 23:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2004/10/14 00:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/06/25 15:12:42 | 01,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2006/11/17 11:26:34 | 00,065,536 | ---- | M] (PenPower) -- C:\WINPENJR\WIN32\CustomNew.exe
PRC - [2007/03/22 14:02:12 | 00,512,000 | ---- | M] () -- C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe
PRC - [2006/10/27 12:28:36 | 00,065,536 | ---- | M] () -- C:\WINPENJR\WIN32\pphidpad.exe
PRC - [2006/09/08 10:17:50 | 00,045,056 | ---- | M] (PenPower) -- C:\WINPENJR\WIN32\Msnchk.exe
PRC - [2006/10/23 16:09:48 | 00,098,304 | ---- | M] () -- C:\WINPENJR\WIN32\PPHBUF.EXE
PRC - [2006/09/08 10:15:58 | 00,024,064 | ---- | M] () -- C:\WINPENJR\WIN32\DRAWOBJ.EXE
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/04/20 06:05:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/03/30 10:11:14 | 00,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/05/28 13:45:00 | 00,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/05/11 14:15:00 | 00,128,000 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009/08/25 00:02:35 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Win XP User\桌面\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2005/04/08 15:54:50 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/14 14:36:00 | 00,066,056 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2004/08/04 00:47:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/12/05 12:44:48 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2007/04/20 06:05:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/04/17 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2005/04/05 11:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2005/03/30 21:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2006/11/02 23:09:48 | 00,897,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hk.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://s4.travian.hk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/01 21:35:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/15 02:58:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/03 22:51:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/16 00:51:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/16 00:51:28 | 00,000,000 | ---D | M]

[2008/11/09 01:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\mozilla\Extensions
[2008/11/09 01:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/22 19:32:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\mozilla\Firefox\Profiles\z27rekds.default\extensions
[2009/08/26 23:25:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/16 00:51:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/03 22:51:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/01/03 00:53:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/27 08:21:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/26 08:26:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/08/16 00:51:18 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/16 00:51:18 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/16 00:51:23 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/14 14:36:36 | 00,032,456 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/08/16 00:51:24 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/16 00:51:24 | 00,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\findbook-zh-TW.xml
[2009/08/16 00:51:24 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/16 00:51:24 | 00,001,222 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-zh-TW.xml
[2009/08/16 00:51:24 | 00,001,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-answer-zh-TW.xml
[2009/08/16 00:51:24 | 00,000,843 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-bid-zh-TW.xml
[2009/08/16 00:51:24 | 00,000,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-zh-TW.xml

O1 HOSTS File: (303436 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 10468 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live 登入小幫手) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [CustMain.exe] C:\WINPENJR\WIN32\CustMain.EXE ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ｹqｸ｣ｺﾝｮM･.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\WL Utility.lnk = C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe ()
O4 - Startup: C:\Documents and Settings\Win XP User\「開始」功能表\程式集\啟動\netvigator.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} http://wifi.nintendo...k/usbaptest.cab (USBAPTester Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} http://txn02.hkjc.co...ect/eWinCtl.cab (DataStorage Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} http://txn01.hkjc.co...ect/eWinCtl.cab (DataStore Class)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (目前的首頁) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/11 20:46:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/27 20:15:37 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/27 20:15:29 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/26 23:18:21 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Win XP User\桌面\OTL.exe
[2009/08/26 01:09:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/08/26 01:08:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/26 01:04:40 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/08/26 01:04:40 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/08/26 01:04:36 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/08/26 01:03:12 | 00,229,376 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/26 01:03:12 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/26 01:03:12 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/26 01:03:12 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/26 01:03:12 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/26 01:03:12 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/26 01:03:12 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/26 01:03:12 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/26 01:03:06 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/08/26 01:03:03 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/26 01:00:52 | 03,184,368 | R--- | C] () -- C:\Documents and Settings\Win XP User\桌面\ComboFix.exe
[2009/08/25 01:17:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/25 01:16:39 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Win XP User\桌面\NTREGOPT.lnk
[2009/08/25 01:16:39 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Win XP User\桌面\ERUNT.lnk
[2009/08/25 01:16:38 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/25 00:00:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Win XP User\桌面\Geek
[2009/08/24 23:21:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/08/24 23:21:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/08/24 23:20:57 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/08/23 23:58:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Win XP User\Application Data\Malwarebytes
[2009/08/23 23:58:49 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2009/08/23 23:58:46 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/23 23:58:45 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/23 23:58:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/23 23:58:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/20 22:25:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Win XP User\桌面\MP3
[2009/08/15 21:14:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/08/15 21:11:59 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/08/14 00:38:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles

========== Files - Modified Within 14 Days ==========

[2009/08/27 20:17:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/27 20:17:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/27 00:37:18 | 00,000,524 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/26 01:08:16 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/26 01:04:40 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/08/26 01:01:06 | 03,184,368 | R--- | M] () -- C:\Documents and Settings\Win XP User\桌面\ComboFix.exe
[2009/08/25 01:16:39 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Win XP User\桌面\NTREGOPT.lnk
[2009/08/25 01:16:39 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Win XP User\桌面\ERUNT.lnk
[2009/08/25 00:04:07 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/25 00:02:35 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Win XP User\桌面\OTL.exe
[2009/08/24 22:36:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/24 22:17:57 | 00,055,464 | ---- | M] () -- C:\Documents and Settings\Win XP User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/23 23:58:49 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2009/08/23 23:31:08 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/23 03:09:13 | 00,229,376 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/16 03:27:54 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/15 09:58:54 | 00,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/15 03:00:39 | 01,132,916 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/15 03:00:39 | 00,453,656 | ---- | M] () -- C:\WINDOWS\System32\prfh0404.dat
[2009/08/15 03:00:39 | 00,443,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/15 03:00:39 | 00,173,122 | ---- | M] () -- C:\WINDOWS\System32\prfc0404.dat
[2009/08/15 03:00:39 | 00,071,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/15 02:54:12 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Win XP User\桌面\tra.xls

========== LOP Check ==========

[2009/08/23 23:58:45 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/22 21:48:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/05/11 21:23:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/07/01 21:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/08/06 22:53:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2007/08/06 20:16:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/08/23 23:58:50 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Win XP User\Application Data
[2007/05/11 21:11:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Ahead
[2007/05/28 02:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\CyberLink
[2007/07/14 04:10:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\dvdcss
[2007/08/08 01:02:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Flickr
[2009/08/25 23:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\gtk-2.0
[2009/08/23 15:25:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\ImgBurn
[2008/03/08 01:02:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Leadertech
[2008/06/16 02:03:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Nokia
[2008/06/16 02:07:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Nseries
[2009/06/20 01:41:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\PC Suite
[2008/08/14 19:38:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\ppstream
[2009/05/09 00:20:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Teleca
[2008/03/01 16:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\U3
[2008/05/02 03:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Xi
[2008/05/25 22:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\XLink Kai
[2009/08/24 22:36:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001/09/17 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/27 20:17:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2004/08/04 00:47:38 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2004/08/04 00:47:46 | 00,171,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Files - Unicode (All) ==========
[2008/06/16 01:55:07 | 00,001,844 | ---- | C] ()(C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ?q?????M?.lnk) -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ｹqｸ｣ｺﾝｮM･.lnk
[2008/06/16 01:55:07 | 00,001,844 | ---- | M] ()(C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ?q?????M?.lnk) -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ｹqｸ｣ｺﾝｮM･.lnk
< End of report >

#10 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 27 August 2009 - 07:41 AM

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u16-windows-i586.exe and select "Run as an Administrator.")

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
[/list]

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View report... at the bottom.
Click the Save report... button.
Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply along with a new OTL log.

#11 kelvindou

Group: Member
Posts: 41
Joined: 29-September 05

Posted 27 August 2009 - 05:59 PM

OTL logfile created on: 28/8/2009 2:28:47 - Run 4
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Win XP User\桌面
Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.56% Memory free
3.85 Gb Paging File | 3.33 Gb Available in Paging File | 86.58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 28.57 Gb Free Space | 51.11% Space Free | Partition Type: NTFS
Drive D: | 93.15 Gb Total Space | 26.34 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 15.03 Gb Free Space | 10.09% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER3424-EEA723
Current User Name: Win XP User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/06/13 21:22:28 | 00,977,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/04/17 12:30:48 | 00,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/14 17:21:00 | 16,270,848 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/01/12 03:01:32 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2005/04/08 15:52:30 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/06/06 23:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
PRC - [2009/08/28 02:19:58 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2004/10/14 00:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/06/25 15:12:42 | 01,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2006/11/17 11:26:34 | 00,065,536 | ---- | M] (PenPower) -- C:\WINPENJR\WIN32\CustomNew.exe
PRC - [2007/03/22 14:02:12 | 00,512,000 | ---- | M] () -- C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe
PRC - [2006/10/27 12:28:36 | 00,065,536 | ---- | M] () -- C:\WINPENJR\WIN32\pphidpad.exe
PRC - [2006/09/08 10:17:50 | 00,045,056 | ---- | M] (PenPower) -- C:\WINPENJR\WIN32\Msnchk.exe
PRC - [2006/10/23 16:09:48 | 00,098,304 | ---- | M] () -- C:\WINPENJR\WIN32\PPHBUF.EXE
PRC - [2006/09/08 10:15:58 | 00,024,064 | ---- | M] () -- C:\WINPENJR\WIN32\DRAWOBJ.EXE
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/08/28 02:19:58 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/04/20 06:05:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/03/30 10:11:14 | 00,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/05/28 13:45:00 | 00,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/05/11 14:15:00 | 00,128,000 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009/08/25 00:02:35 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Win XP User\桌面\OTL.exe
PRC - [2009/02/07 00:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2005/04/08 15:54:50 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/14 14:36:00 | 00,066,056 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2004/08/04 00:47:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/08/28 02:19:58 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/12/05 12:44:48 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2007/04/20 06:05:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/04/17 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2005/04/05 11:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2005/03/30 21:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2006/11/02 23:09:48 | 00,897,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hk.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://s4.travian.hk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/01 21:35:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/15 02:58:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/28 02:20:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/16 00:51:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/16 00:51:28 | 00,000,000 | ---D | M]

[2008/11/09 01:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\mozilla\Extensions
[2008/11/09 01:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/22 19:32:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\mozilla\Firefox\Profiles\z27rekds.default\extensions
[2009/08/28 02:20:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/16 00:51:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/03 22:51:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/01/03 00:53:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/27 08:21:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/28 02:20:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/16 00:51:18 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/16 00:51:18 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/28 02:19:59 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/16 00:51:23 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/14 14:36:36 | 00,032,456 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/08/16 00:51:24 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/16 00:51:24 | 00,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\findbook-zh-TW.xml
[2009/08/16 00:51:24 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/16 00:51:24 | 00,001,222 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-zh-TW.xml
[2009/08/16 00:51:24 | 00,001,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-answer-zh-TW.xml
[2009/08/16 00:51:24 | 00,000,843 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-bid-zh-TW.xml
[2009/08/16 00:51:24 | 00,000,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-zh-TW.xml

O1 HOSTS File: (303436 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 10468 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live 登入小幫手) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [CustMain.exe] C:\WINPENJR\WIN32\CustMain.EXE ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ｹqｸ｣ｺﾝｮM･.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\WL Utility.lnk = C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe ()
O4 - Startup: C:\Documents and Settings\Win XP User\「開始」功能表\程式集\啟動\netvigator.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} http://wifi.nintendo...k/usbaptest.cab (USBAPTester Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} http://txn02.hkjc.co...ect/eWinCtl.cab (DataStorage Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} http://txn01.hkjc.co...ect/eWinCtl.cab (DataStore Class)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (目前的首頁) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/11 20:46:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/27 20:15:37 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/27 20:15:29 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/26 23:18:21 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Win XP User\桌面\OTL.exe
[2009/08/26 01:09:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/08/26 01:08:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/26 01:04:40 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/08/26 01:04:40 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/08/26 01:04:36 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/08/26 01:03:12 | 00,229,376 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/26 01:03:12 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/26 01:03:12 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/26 01:03:12 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/26 01:03:12 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/26 01:03:12 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/26 01:03:12 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/26 01:03:12 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/26 01:03:06 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/08/26 01:03:03 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/26 01:00:52 | 03,184,368 | R--- | C] () -- C:\Documents and Settings\Win XP User\桌面\ComboFix.exe
[2009/08/25 01:17:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/25 01:16:39 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Win XP User\桌面\NTREGOPT.lnk
[2009/08/25 01:16:39 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Win XP User\桌面\ERUNT.lnk
[2009/08/25 01:16:38 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/25 00:00:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Win XP User\桌面\Geek
[2009/08/24 23:21:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/08/24 23:21:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/08/24 23:20:57 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/08/23 23:58:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Win XP User\Application Data\Malwarebytes
[2009/08/23 23:58:49 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2009/08/23 23:58:46 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/23 23:58:45 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/23 23:58:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/23 23:58:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/20 22:25:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Win XP User\桌面\MP3
[2009/08/15 21:14:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/08/15 21:11:59 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8

========== Files - Modified Within 14 Days ==========

[2009/08/28 02:25:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/28 02:25:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/27 00:37:18 | 00,000,524 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/26 01:08:16 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/26 01:04:40 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/08/26 01:01:06 | 03,184,368 | R--- | M] () -- C:\Documents and Settings\Win XP User\桌面\ComboFix.exe
[2009/08/25 01:16:39 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Win XP User\桌面\NTREGOPT.lnk
[2009/08/25 01:16:39 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Win XP User\桌面\ERUNT.lnk
[2009/08/25 00:04:07 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/25 00:02:35 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Win XP User\桌面\OTL.exe
[2009/08/24 22:36:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/24 22:17:57 | 00,055,464 | ---- | M] () -- C:\Documents and Settings\Win XP User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/23 23:58:49 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2009/08/23 23:31:08 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/23 03:09:13 | 00,229,376 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/16 03:27:54 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/15 09:58:54 | 00,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/15 03:00:39 | 01,132,916 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/15 03:00:39 | 00,453,656 | ---- | M] () -- C:\WINDOWS\System32\prfh0404.dat
[2009/08/15 03:00:39 | 00,443,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/15 03:00:39 | 00,173,122 | ---- | M] () -- C:\WINDOWS\System32\prfc0404.dat
[2009/08/15 03:00:39 | 00,071,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/15 02:54:12 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Win XP User\桌面\tra.xls

========== LOP Check ==========

[2009/08/23 23:58:45 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/22 21:48:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/05/11 21:23:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/07/01 21:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/08/06 22:53:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2007/08/06 20:16:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/08/23 23:58:50 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Win XP User\Application Data
[2007/05/11 21:11:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Ahead
[2007/05/28 02:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\CyberLink
[2007/07/14 04:10:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\dvdcss
[2007/08/08 01:02:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Flickr
[2009/08/25 23:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\gtk-2.0
[2009/08/23 15:25:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\ImgBurn
[2008/03/08 01:02:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Leadertech
[2008/06/16 02:03:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Nokia
[2008/06/16 02:07:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Nseries
[2009/06/20 01:41:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\PC Suite
[2008/08/14 19:38:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\ppstream
[2009/05/09 00:20:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Teleca
[2008/03/01 16:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\U3
[2008/05/02 03:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Xi
[2008/05/25 22:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\XLink Kai
[2009/08/24 22:36:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001/09/17 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/28 02:25:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2004/08/04 00:47:38 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2004/08/04 00:47:46 | 00,171,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Files - Unicode (All) ==========
[2008/06/16 01:55:07 | 00,001,844 | ---- | C] ()(C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ?q?????M?.lnk) -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ｹqｸ｣ｺﾝｮM･.lnk
[2008/06/16 01:55:07 | 00,001,844 | ---- | M] ()(C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ?q?????M?.lnk) -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ｹqｸ｣ｺﾝｮM･.lnk
< End of report >

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, August 28, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, August 27, 2009 19:39:15
Records in database: 2692678
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 59392
Threats found: 3
Infected objects found: 7
Suspicious objects found: 0
Scan duration: 01:15:25

File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08880000.VBN Infected: Trojan.Java.ClassLoader.as 3
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480000\4F7DC22F.VBN Infected: Trojan-Downloader.HTML.Agent.cp 1
C:\_OTL\MovedFiles\08272009_201529\j0.exe Infected: Trojan-GameThief.Win32.Magania.bwwm 1
D:\j0.exe Infected: Trojan-GameThief.Win32.Magania.bwwm 1
E:\j0.exe Infected: Trojan-GameThief.Win32.Magania.bwwm 1

Selected area has been scanned.

#12 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 28 August 2009 - 08:14 AM

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
```
:Files
D:\j0.exe
E:\j0.exe

:Commands
[purity]
[emptytemp]
[Reboot]
```
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Is your computer running better now?

#13 kelvindou

Group: Member
Posts: 41
Joined: 29-September 05

Posted 28 August 2009 - 09:17 AM

OTL logfile created on: 28/8/2009 23:09:05 - Run 5
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Win XP User\桌面
Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.34% Memory free
3.85 Gb Paging File | 3.24 Gb Available in Paging File | 84.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 28.60 Gb Free Space | 51.17% Space Free | Partition Type: NTFS
Drive D: | 93.15 Gb Total Space | 26.34 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 15.03 Gb Free Space | 10.09% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER3424-EEA723
Current User Name: Win XP User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/06/13 21:22:28 | 00,977,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/04/17 12:30:48 | 00,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/14 17:21:00 | 16,270,848 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/01/12 03:01:32 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2005/04/17 12:30:32 | 00,018,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DoScan.exe
PRC - [2005/04/08 15:52:30 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/06/06 23:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
PRC - [2009/08/28 02:19:58 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2004/10/14 00:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/06/25 15:12:42 | 01,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2006/11/17 11:26:34 | 00,065,536 | ---- | M] (PenPower) -- C:\WINPENJR\WIN32\CustomNew.exe
PRC - [2007/03/22 14:02:12 | 00,512,000 | ---- | M] () -- C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe
PRC - [2006/10/27 12:28:36 | 00,065,536 | ---- | M] () -- C:\WINPENJR\WIN32\pphidpad.exe
PRC - [2006/09/08 10:17:50 | 00,045,056 | ---- | M] (PenPower) -- C:\WINPENJR\WIN32\Msnchk.exe
PRC - [2006/10/23 16:09:48 | 00,098,304 | ---- | M] () -- C:\WINPENJR\WIN32\PPHBUF.EXE
PRC - [2006/09/08 10:15:58 | 00,024,064 | ---- | M] () -- C:\WINPENJR\WIN32\DRAWOBJ.EXE
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/08/28 02:19:58 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/04/20 06:05:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/03/30 10:11:14 | 00,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/05/28 13:45:00 | 00,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/05/11 14:15:00 | 00,128,000 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009/02/07 00:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/08/25 00:02:35 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Win XP User\桌面\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2005/04/08 15:54:50 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/14 14:36:00 | 00,066,056 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2004/08/04 00:47:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/08/28 02:19:58 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/12/05 12:44:48 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2007/04/20 06:05:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/04/17 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2005/04/05 11:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2005/03/30 21:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2006/11/02 23:09:48 | 00,897,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hk.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://s4.travian.hk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/01 21:35:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/15 02:58:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/28 02:20:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/16 00:51:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/16 00:51:28 | 00,000,000 | ---D | M]

[2008/11/09 01:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\mozilla\Extensions
[2008/11/09 01:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/22 19:32:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\mozilla\Firefox\Profiles\z27rekds.default\extensions
[2009/08/28 03:24:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/16 00:51:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/03 22:51:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/01/03 00:53:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/27 08:21:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/28 02:20:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/16 00:51:18 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/16 00:51:18 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/28 02:19:59 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/16 00:51:23 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/11/22 21:47:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/14 14:36:36 | 00,032,456 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/08/16 00:51:24 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/16 00:51:24 | 00,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\findbook-zh-TW.xml
[2009/08/16 00:51:24 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/16 00:51:24 | 00,001,222 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-zh-TW.xml
[2009/08/16 00:51:24 | 00,001,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-answer-zh-TW.xml
[2009/08/16 00:51:24 | 00,000,843 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-bid-zh-TW.xml
[2009/08/16 00:51:24 | 00,000,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-zh-TW.xml

O1 HOSTS File: (303436 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 10468 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live 登入小幫手) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [CustMain.exe] C:\WINPENJR\WIN32\CustMain.EXE ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ｹqｸ｣ｺﾝｮM･.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\WL Utility.lnk = C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe ()
O4 - Startup: C:\Documents and Settings\Win XP User\「開始」功能表\程式集\啟動\netvigator.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} http://wifi.nintendo...k/usbaptest.cab (USBAPTester Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} http://txn02.hkjc.co...ect/eWinCtl.cab (DataStorage Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} http://txn01.hkjc.co...ect/eWinCtl.cab (DataStore Class)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (目前的首頁) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/11 20:46:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/27 20:15:37 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/27 20:15:29 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/26 23:18:21 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Win XP User\桌面\OTL.exe
[2009/08/26 01:09:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/08/26 01:08:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/26 01:04:40 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/08/26 01:04:40 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/08/26 01:04:36 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/08/26 01:03:12 | 00,229,376 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/26 01:03:12 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/26 01:03:12 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/26 01:03:12 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/26 01:03:12 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/26 01:03:12 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/26 01:03:12 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/26 01:03:12 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/26 01:03:06 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/08/26 01:03:03 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/26 01:00:52 | 03,184,368 | R--- | C] () -- C:\Documents and Settings\Win XP User\桌面\ComboFix.exe
[2009/08/25 01:17:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/25 01:16:39 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Win XP User\桌面\NTREGOPT.lnk
[2009/08/25 01:16:39 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Win XP User\桌面\ERUNT.lnk
[2009/08/25 01:16:38 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/25 00:00:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Win XP User\桌面\Geek
[2009/08/24 23:21:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/08/24 23:21:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/08/24 23:20:57 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/08/23 23:58:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Win XP User\Application Data\Malwarebytes
[2009/08/23 23:58:49 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2009/08/23 23:58:46 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/23 23:58:45 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/23 23:58:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/23 23:58:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/20 22:25:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Win XP User\桌面\MP3
[2009/08/15 21:14:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/08/15 21:11:59 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8

========== Files - Modified Within 14 Days ==========

[2009/08/28 23:06:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/28 23:06:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/28 22:20:51 | 00,000,524 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/26 01:08:16 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/26 01:04:40 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/08/26 01:01:06 | 03,184,368 | R--- | M] () -- C:\Documents and Settings\Win XP User\桌面\ComboFix.exe
[2009/08/25 01:16:39 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Win XP User\桌面\NTREGOPT.lnk
[2009/08/25 01:16:39 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Win XP User\桌面\ERUNT.lnk
[2009/08/25 00:04:07 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/25 00:02:35 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Win XP User\桌面\OTL.exe
[2009/08/24 22:36:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/24 22:17:57 | 00,055,464 | ---- | M] () -- C:\Documents and Settings\Win XP User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/23 23:58:49 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2009/08/23 23:31:08 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/23 03:09:13 | 00,229,376 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/16 03:27:54 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/15 09:58:54 | 00,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/15 03:00:39 | 01,132,916 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/15 03:00:39 | 00,453,656 | ---- | M] () -- C:\WINDOWS\System32\prfh0404.dat
[2009/08/15 03:00:39 | 00,443,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/15 03:00:39 | 00,173,122 | ---- | M] () -- C:\WINDOWS\System32\prfc0404.dat
[2009/08/15 03:00:39 | 00,071,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/15 02:54:12 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Win XP User\桌面\tra.xls

========== LOP Check ==========

[2009/08/23 23:58:45 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/22 21:48:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/05/11 21:23:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/07/01 21:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/08/06 22:53:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2007/08/06 20:16:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/08/23 23:58:50 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Win XP User\Application Data
[2007/05/11 21:11:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Ahead
[2007/05/28 02:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\CyberLink
[2007/07/14 04:10:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\dvdcss
[2007/08/08 01:02:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Flickr
[2009/08/25 23:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\gtk-2.0
[2009/08/23 15:25:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\ImgBurn
[2008/03/08 01:02:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Leadertech
[2008/06/16 02:03:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Nokia
[2008/06/16 02:07:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Nseries
[2009/06/20 01:41:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\PC Suite
[2008/08/14 19:38:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\ppstream
[2009/05/09 00:20:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Teleca
[2008/03/01 16:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\U3
[2008/05/02 03:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\Xi
[2008/05/25 22:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Win XP User\Application Data\XLink Kai
[2009/08/24 22:36:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001/09/17 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/28 23:06:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2004/08/04 00:47:38 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2004/08/04 00:47:46 | 00,171,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Files - Unicode (All) ==========
[2008/06/16 01:55:07 | 00,001,844 | ---- | C] ()(C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ?q?????M?.lnk) -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ｹqｸ｣ｺﾝｮM･.lnk
[2008/06/16 01:55:07 | 00,001,844 | ---- | M] ()(C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ?q?????M?.lnk) -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Nokia Nseries ｹqｸ｣ｺﾝｮM･.lnk
< End of report >

Yes, my computer is running better now.

I saw there are many entries such as:

O1 HOSTS File: (303436 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com

I have no idea about that is it normal? If not, will you help me to get rid of it.

Once again thank you very much for your time and really appreciated for your help.

#14 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 28 August 2009 - 09:41 AM

Those are put in place by security software, to block you from loading malicious sites that would harm your computer. You are actually safer with those lines than without them.

Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set.

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Make sure you have an Internet Connection.
Download OTC to your desktop and run it
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
Click Yes to beging the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please update Adobe Reader, by downloading and installing Adobe Reader 9.1.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard gives you realtime protection from spyware.
Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

Have a safe and happy computing day!

#15 kelvindou

Group: Member
Posts: 41
Joined: 29-September 05

Posted 28 August 2009 - 11:51 AM

Hi Handhfan,

Thanks for your help.

I am currently using Norton Anti-virus + Spybot S&D for my computer. However, this time I think the Spybot seems not working or corrupted, that's why there are no alert to remind me about the registry being changed.

Do you have any suggestion to well protect my computer?

BTW, for the free programs you suggested
- SpywareBlaster
- SpywareGuard
- Malwarebytes' Anti-Malware
- MVPS Hosts file
Can I install them all together in my computer? Any anti-virus program can you suggest (free or not free)?

Back to Virus, Spyware, Malware Removal

Share this topic:

2 Pages
1
2
→

Please log in to reply

uret463.exe [Solved] - Geeks to Go Forums