Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/Crypt.XPACK.Gen & TR/Dropper.Gen [Solved]

Started by Double.C , Oct 21 2009 09:16 AM

  • This topic is locked This topic is locked

#1
Double.C
Posted 21 October 2009 - 09:16 AM

Double.C

    New Member

  • Member
  • Pip
  • 8 posts
Avira is keeping tell me that i got a virus these date..i select "dELETE" but pop up the warning window again after a while...can any one help me?? thanks a lot..

----------------------------------------
Exported events:

21/10/2009 23:05 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\_avast4_\unp86892641.VIR.
Action performed: Allow access

Exported events:

18/10/2009 20:52 [Guard] Malware found
Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\_avast4_\unp78241979.tmp.
Action performed: Delete file
-----------------------------------------------------------------
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

21/10/2009 AM 2:35:17
mbam-log-2009-10-21 (02-35-11).txt

Scan type: Full Scan (C:\|T:\|)
Objects scanned: 271730
Time elapsed: 3 hour(s), 17 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\nowstarter.nowstarterctrl.1 (Adware.CWS) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{b40cd41a-67d4-49f3-9ae8-0c3ec988bb67} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{36146c12-cc76-4e1f-bc3a-1d1767505e9d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a02ac169-b150-43de-8bd4-109b9de6b34b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7e00b0c7-30e9-4e5a-88a4-433ac86532c3} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7e00b0c7-30e9-4e5a-88a4-433ac86532c3} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{40b61b7e-431e-4332-a2c4-1c361534a7d6} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3fc43a91-a270-48ae-955e-c466c4a6d013} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4c2ec008-4ba0-4d31-a458-31293a8dad20} (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\NATEON\BIN\DumpUploader.exe (Trojan.BHO) -> No action taken.
C:\Program Files\NATEON\BIN\NateMessengerApiActiveX.dll (Trojan.BHO) -> No action taken.
C:\Program Files\NATEON\BIN\NATEON.exe (Trojan.BHO) -> No action taken.
C:\Program Files\NATEON\BIN\NateonDownloadManager.ocx (Trojan.BHO) -> No action taken.
C:\Program Files\NATEON\BIN\NateOnMain.exe (Trojan.BHO) -> No action taken.
C:\Program Files\NATEON\BIN\NateOnResDLL_ENG.dll (Trojan.BHO) -> No action taken.
  • 0

Advertisements

#2
Extremeboy
Posted 21 October 2009 - 04:07 PM

Extremeboy

    Malware Removal Staff

  • Retired Staff
  • 824 posts
Hello and welcome to G2G! :)

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

---

If you still require assistance post a new set of OTL and RootRepeal Logs so we can see the current condition of your system and a description of any remaining problems or symptoms you may still have please.

Further instructions on that can be found here: http://www.geekstogo...uide-t2852.html

For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.

Thanks again and we apologize for the delay.

With Regards,
Extremeboy
  • 0

#3
Double.C
Posted 22 October 2009 - 11:07 AM

Double.C

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Oh~ Really thanks for your help...
but i have got 2 question right now ..
1...while i am scaning my computer, Avira warning pops up again, what should i select?delete?or ignore?
2...since my computer is in Chinese display, ans the logs seems to be Chinese too>__<
hope it would not affect too much for you

Here comes with my logs:

OTL------------------------
OTL logfile created on: 23/10/2009 0:46:06 - Run 3
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Christine Chow\桌面\*制造器\防毒
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

1.50 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 60.00% Memory free
2.11 Gb Paging File | 1.27 Gb Available in Paging File | 60.30% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 15.23 Gb Free Space | 9.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive T: | 931.51 Gb Total Space | 638.58 Gb Free Space | 68.55% Space Free | Partition Type: NTFS

Computer Name: CHRISTINE
Current User Name: Christine Chow
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/22 23:10:35 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christine Chow\桌面\*制造器\防毒\OTL.exe
PRC - [2009/10/18 00:21:24 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/18 00:21:24 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/26 14:57:04 | 00,222,728 | ---- | M] (RealNetworks, Inc.) -- c:\program files\real\RealPlay.exe
PRC - [2009/09/26 14:57:00 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/21 23:43:25 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/21 23:43:25 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/06 03:00:03 | 01,172,992 | ---- | M] (Vitalwerks LLC) -- C:\Program Files\No-IP\DUC20.exe
PRC - [2009/08/18 00:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/18 00:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/18 00:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/18 00:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/08/17 23:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/06 01:00:12 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/26 16:44:40 | 03,883,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/22 16:14:20 | 00,210,312 | ---- | M] (PPStream Inc) -- C:\Program Files\PPStream\ppsap.exe
PRC - [2009/07/01 02:48:59 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/06 18:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/08 13:33:48 | 01,173,384 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/04/15 18:54:48 | 00,978,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/03/25 17:48:35 | 00,118,784 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe
PRC - [2007/03/12 13:49:46 | 01,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 13:49:46 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007/03/12 13:49:26 | 00,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/09/23 00:42:24 | 00,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/12 20:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2002/02/07 00:32:48 | 00,057,344 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/18 00:21:24 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/09/21 23:43:25 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/09/06 03:00:03 | 01,172,992 | ---- | M] (Vitalwerks LLC) -- C:\Program Files\No-IP\DUC20.exe -- (NoIPDUCService [Auto | Running])
SRV - [2009/08/18 00:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/18 00:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/18 00:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2009/08/17 23:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/06 01:00:12 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/05/01 14:05:57 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2009/03/21 05:04:05 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9a99f754b4572 [Auto | Stopped])
SRV - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/15 18:54:36 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/08/30 21:15:22 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2007/03/25 17:48:35 | 00,118,784 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen [Auto | Running])
SRV - [2007/03/14 19:19:10 | 00,779,824 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2007/03/12 13:49:46 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])
SRV - [2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2006/11/02 23:09:48 | 00,897,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2002/02/07 00:32:48 | 00,057,344 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hk.yahoo.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo!擐葛 蝬脤???"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.10
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:9.8.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.6
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:1.6
FF - prefs.js..extensions.enabledItems: {3bbdd952-cf6f-44a7-9d23-354a8792b598}:1.3
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.78
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.32.0
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: smftn@clowwindy:1.7.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.autoconfig_url: "http://localhost:941...15/tudouva.pac"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:23:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/09/05 03:54:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\browserrecord\firefox\ext [2009/09/26 14:57:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/18 00:21:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/12 23:38:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/12 23:38:39 | 00,000,000 | ---D | M]

[2009/01/24 04:24:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Extensions
[2009/01/24 04:24:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/22 23:33:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions
[2009/05/27 19:45:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\{0200c2a9-70da-4f6d-b527-f5f7d7877228}
[2009/03/17 01:43:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/09/12 12:54:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/09/03 01:33:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/27 01:50:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\{3bbdd952-cf6f-44a7-9d23-354a8792b598}
[2009/09/26 12:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2009/07/09 14:47:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/09/12 12:54:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2009/01/25 01:26:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}
[2009/10/12 23:38:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/09/12 12:54:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/02 01:51:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/09/12 13:17:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/26 12:12:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/07/02 01:50:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\[email protected]
[2009/09/12 12:54:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\[email protected]
[2009/10/14 13:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\smftn@clowwindy
[2009/09/12 12:54:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\mozilla\Firefox\Profiles\r0k939qy.default\extensions\[email protected]
[2009/04/18 12:40:52 | 00,001,421 | ---- | M] () -- C:\Documents and Settings\Christine Chow\Application Data\Mozilla\FireFox\Profiles\r0k939qy.default\searchplugins\google-search-for-friendbar-toolbar.xml
[2009/04/18 12:40:52 | 00,001,186 | ---- | M] () -- C:\Documents and Settings\Christine Chow\Application Data\Mozilla\FireFox\Profiles\r0k939qy.default\searchplugins\twitter-search.xml
[2009/01/25 03:02:17 | 00,020,283 | ---- | M] () -- C:\Documents and Settings\Christine Chow\Application Data\Mozilla\FireFox\Profiles\r0k939qy.default\searchplugins\yahoo-.xml
[2009/01/25 01:26:19 | 00,000,655 | ---- | M] () -- C:\Documents and Settings\Christine Chow\Application Data\Mozilla\FireFox\Profiles\r0k939qy.default\searchplugins\yahoo-search.xml
[2009/08/11 23:26:10 | 00,000,872 | ---- | M] () -- C:\Documents and Settings\Christine Chow\Application Data\Mozilla\FireFox\Profiles\r0k939qy.default\searchplugins\yahoo.gif
[2009/08/11 23:26:10 | 00,000,466 | ---- | M] () -- C:\Documents and Settings\Christine Chow\Application Data\Mozilla\FireFox\Profiles\r0k939qy.default\searchplugins\yahoo.src
[2009/08/11 23:26:06 | 00,001,767 | ---- | M] () -- C:\Documents and Settings\Christine Chow\Application Data\Mozilla\FireFox\Profiles\r0k939qy.default\searchplugins\yahoo.xml
[2009/10/22 23:33:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/11 23:42:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/22 00:24:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/10/18 00:21:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/09/11 23:42:38 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/11 23:42:38 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/17 16:40:12 | 00,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009/10/18 00:21:24 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/11 23:42:42 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/26 14:57:51 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/09/26 14:58:03 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/09/26 14:57:37 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/09/01 23:14:54 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/01 23:14:55 | 00,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\findbook-zh-TW.xml
[2009/09/01 23:14:55 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/01 23:14:55 | 00,001,222 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-zh-TW.xml
[2009/09/01 23:14:55 | 00,001,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-answer-zh-TW.xml
[2009/09/01 23:14:55 | 00,000,843 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-bid-zh-TW.xml
[2009/09/01 23:14:55 | 00,000,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-zh-TW.xml

O1 HOSTS File: (727 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WebThunder Browser Helper) - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (IE2EMBHO Class) - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Program Files\easyMule\modules\IE2EM.dll (VeryCD.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVGLS\avgssie.dll File not found
O2 - BHO: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live 登入小幫手) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKLM\..\Toolbar: (Yahoo! 工具列) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0002-0002-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! 工具列) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ClubBox] File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe (Corel TW Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PPS Accelerator] c:\Program Files\PPStream\ppsap.exe (PPStream Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &U妏蚚馨譙儂狟婥甜彶紲 - C:\Program Files\NamiRobot\Data\du.html ()
O8 - Extra context menu item: &U使用纳米机器人下载并收藏 - C:\Program Files\NamiRobot\Data\du.html ()
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: 妏蚚iTudou狟婥誹醴 - C:\Program Files\Tudou\iTudou\iTudou_Link.HTM ()
O8 - Extra context menu item: 妏蚚Web捃濘狟婥 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm ()
O8 - Extra context menu item: 妏蚚Web捃濘狟婥窒蟈諉 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm ()
O8 - Extra context menu item: 使用電驢下載 - C:\Program Files\easyMule\IE2EM.htm ()
O8 - Extra context menu item: 設為 Messenger Live 頭像 - C:\Program Files\MSNShell\Bin\SetMSNDP.htm ()
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Gears 設定(&G) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll (Google Inc.)
O9 - Extra Button: 發佈至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : 使用 Windows Live Writer 發佈至部落格(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (ICQ Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: 雄WEB捃濘 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - File not found
O9 - Extra 'Tools' menuitem : 雄WEB捃濘 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - File not found
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE File not found
O9 - Extra 'Tools' menuitem : 騰訊QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE File not found
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : QQ嚃粗馱撿沭扢离 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} http://sticube.clubb...NowStarter2.cab (NowStarter2 Control)
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} http://www.pdbox.co....MSpeedCheck.cab (BMSpeedCheck Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {15EDD727-C89B-4639-8157-A731271E2EA6} http://update2.pczig...box/PCZiggy.cab (PZLaunch Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} http://211.233.36.13...cibrowser12.cab (Innotive Cibrowser Control 1.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {9331EBA1-CE35-4608-8604-39399E4826ED} http://fs1.tw.cyworl...CyImgTaiwan.cab (CyImgTaiwanCtl Class)
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} http://www.gogobox.c...GNowStarter.cab (NowStarter Control)
O16 - DPF: {BD6F8792-B90E-4431-B0AB-08CF414E9D35} http://bgm.iple.com/...usicPlayerX.cab (DamoimBGMPlayerX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} http://tw.cyworld.co...ex/P3Instal.cab (PcubeSet Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EDEDED2E-A0A6-4085-BC52-A95255A96DBD} http://fs17u.cyworld.../CyImgChina.cab (CyImgChinaCtl Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (目前的首頁) - About:Home
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/03 21:49:50 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/10/14 17:47:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2009/10/19 23:22:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/20 22:22:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/14 17:46:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christine Chow\Application Data\ArcSoft
[2009/10/19 23:07:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christine Chow\Application Data\AVG8
[2009/10/16 00:56:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christine Chow\Application Data\FireShot
[2009/10/19 23:22:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christine Chow\Application Data\Malwarebytes
[2009/10/20 22:22:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christine Chow\Application Data\PC Tools
[2009/10/20 22:22:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/14 17:46:23 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2009/10/18 21:32:14 | 00,000,000 | ---D | C] -- C:\Program Files\arswp3
[2009/10/19 22:23:50 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/10/12 00:50:49 | 00,000,000 | ---D | C] -- C:\Program Files\eREAD
[2009/10/20 22:16:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/14 20:45:57 | 00,000,000 | ---D | C] -- C:\Program Files\Poladroid
[2009/10/20 22:22:53 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/10/18 14:52:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
File not found -- C:\Documents and Settings\Christine Chow\桌面\CAVAKFVX.
File not found -- C:\Documents and Settings\Christine Chow\桌面\CASDMJGT.
[2009/10/23 00:34:39 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/22 23:47:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-sa
[2009/10/22 23:47:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-br
[2009/10/22 23:47:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bg-bg
[2009/10/22 23:47:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-cn
[2009/10/22 23:47:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\cs-cz
[2009/10/22 23:47:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\da-dk
[2009/10/22 23:46:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\el-gr
[2009/10/22 23:46:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\es-es
[2009/10/22 23:46:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-fi
[2009/10/22 23:46:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\et-ee
[2009/10/22 23:46:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-fr
[2009/10/22 23:46:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de-de
[2009/10/22 23:46:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-il
[2009/10/22 23:46:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\hu-hu
[2009/10/22 23:46:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\hr-hr
[2009/10/22 23:46:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\it-it
[2009/10/22 23:46:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ja-jp
[2009/10/22 23:46:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-kr
[2009/10/22 23:46:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-nl
[2009/10/22 23:46:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\lv-lv
[2009/10/22 23:46:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\lt-lt
[2009/10/22 23:46:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-no
[2009/10/22 23:46:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pl-pl
[2009/10/22 23:46:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-pt
[2009/10/22 23:46:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ro-ro
[2009/10/22 23:46:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ru-ru
[2009/10/22 23:46:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sk-sk
[2009/10/22 23:46:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sl-si
[2009/10/22 23:46:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-se
[2009/10/22 23:46:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-tr
[2009/10/22 23:46:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\th-th
[2009/10/21 23:17:37 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Christine Chow\桌面\erunt_setup.exe
[2009/10/20 22:23:15 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/10/20 22:23:06 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/10/20 22:23:06 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/10/20 22:22:58 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/10/20 22:16:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/20 22:16:06 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/19 23:52:52 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/10/18 21:00:29 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/18 20:58:31 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/18 20:58:31 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/18 20:58:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/18 20:58:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/18 20:58:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/14 20:44:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christine Chow\桌面\Font
[2009/10/14 19:49:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christine Chow\桌面\新資料夾 (3)
[2009/10/14 19:11:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christine Chow\My Documents\FotoBook
[2009/10/14 17:47:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christine Chow\My Documents\My Albums
[2009/10/14 16:41:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christine Chow\My Documents\光影魔術手
[2009/10/12 23:44:58 | 00,002,560 | ---- | C] (BitComet) -- C:\WINDOWS\System32\bitcometres.dll
[2009/10/12 00:44:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christine Chow\桌面\nEOiMAGING_311_tw_ZARD
[2009/10/11 20:51:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christine Chow\桌面\新資料夾 (2)

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
File not found -- C:\Documents and Settings\Christine Chow\桌面\CAVAKFVX.
File not found -- C:\Documents and Settings\Christine Chow\桌面\CASDMJGT.
[2009/10/23 00:39:59 | 00,248,320 | ---- | M] () -- C:\Documents and Settings\Christine Chow\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/23 00:25:11 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/23 00:17:02 | 00,002,208 | ---- | M] () -- C:\WINDOWS\psnetwork.ini
[2009/10/23 00:16:37 | 00,000,045 | ---- | M] () -- C:\WINDOWS\PCDNSetting.ini
[2009/10/23 00:14:18 | 00,000,540 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/23 00:14:13 | 01,865,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/23 00:13:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/23 00:12:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/23 00:12:23 | 16,098,79552 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/22 23:54:54 | 00,000,079 | ---- | M] () -- C:\WINDOWS\System32\fscagent.ini
[2009/10/22 23:54:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\PDBOXGame.html
[2009/10/22 23:54:15 | 00,000,544 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/22 23:43:19 | 00,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/22 23:30:07 | 00,100,928 | ---- | M] () -- C:\Documents and Settings\Christine Chow\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/22 23:18:02 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/22 01:32:01 | 21,053,452 | ---- | M] () -- C:\WINDOWS\System32\agentfile.che
[2009/10/21 23:17:42 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Christine Chow\桌面\erunt_setup.exe
[2009/10/20 23:23:03 | 07,280,672 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\SUPERAntiSpyware.exe
[2009/10/20 00:51:34 | 05,161,984 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\WindowsDefender.msi
[2009/10/20 00:37:06 | 00,052,571 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\3ace9665652ae3ddf73654d3.jpg
[2009/10/18 23:47:53 | 00,005,262 | ---- | M] () -- C:\WINDOWS\PowerPlayer.ini
[2009/10/18 23:47:53 | 00,000,113 | ---- | M] () -- C:\WINDOWS\PPSMediaList.ini
[2009/10/18 23:47:47 | 00,000,030 | ---- | M] () -- C:\WINDOWS\msgtn.ini
[2009/10/18 22:00:40 | 00,000,083 | ---- | M] () -- C:\WINDOWS\powerlist.ini
[2009/10/18 21:32:29 | 00,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\ArSwp3.lnk
[2009/10/18 21:00:41 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/16 00:56:39 | 00,086,646 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\091015 CY.jpg
[2009/10/15 00:45:27 | 00,341,967 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\IMG_1382拷貝.jpg
[2009/10/14 23:56:33 | 00,061,288 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\未命名 -2.jpg
[2009/10/14 23:35:36 | 00,416,461 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\IMG_1382.jpg
[2009/10/14 23:30:51 | 00,000,586 | ---- | M] () -- C:\WINDOWS\System32\cid_store.dat
[2009/10/14 23:03:53 | 00,066,048 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\label x 12(bag).doc
[2009/10/14 22:44:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/14 20:46:53 | 00,000,503 | ---- | M] () -- C:\Documents and Settings\Christine Chow\Application Data\Poladroid prefs.plist
[2009/10/14 20:46:07 | 00,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Poladroid 0.9.6r0.lnk
[2009/10/14 19:16:58 | 00,000,826 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\nEOiMAGING.lnk
[2009/10/14 15:38:16 | 02,062,902 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\cici.hk.bmp
[2009/10/14 12:13:48 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/14 03:17:52 | 01,021,512 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/14 03:17:52 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/14 03:17:52 | 00,383,860 | ---- | M] () -- C:\WINDOWS\System32\prfh0404.dat
[2009/10/14 03:17:52 | 00,150,070 | ---- | M] () -- C:\WINDOWS\System32\prfc0404.dat
[2009/10/14 03:17:52 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/14 03:13:27 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/12 23:44:58 | 00,002,560 | ---- | M] (BitComet) -- C:\WINDOWS\System32\bitcometres.dll
[2009/10/11 20:11:40 | 00,000,416 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\0 SM Town.lnk
[2009/10/11 20:11:40 | 00,000,411 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\0 ENERGY.lnk
[2009/10/11 20:11:40 | 00,000,399 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\0 EXAM.lnk
[2009/10/11 20:11:40 | 00,000,399 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\0 [FC].lnk
[2009/10/11 20:11:40 | 00,000,395 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\0 情書.lnk
[2009/10/11 20:11:40 | 00,000,387 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\0 SJ.lnk
[2009/10/11 20:11:40 | 00,000,387 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\0 JP.lnk
[2009/10/11 20:11:40 | 00,000,387 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\0 HP.lnk
[2009/10/11 20:11:40 | 00,000,387 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\0 CF.lnk
[2009/10/11 20:11:40 | 00,000,387 | ---- | M] () -- C:\Documents and Settings\Christine Chow\桌面\0 BL.lnk
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Files - No Company Name ==========
[2009/10/23 00:10:01 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/10/23 00:10:01 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_864.nls
[2009/10/23 00:10:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/10/23 00:10:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/10/23 00:10:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28596.NLS
[2009/10/23 00:10:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10004.nls
[2009/10/23 00:10:00 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/10/23 00:10:00 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2009/10/23 00:10:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/10/23 00:10:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_708.nls
[2009/10/23 00:09:53 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/10/23 00:09:53 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2009/10/23 00:09:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/10/23 00:09:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10005.nls
[2009/10/23 00:09:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/10/23 00:09:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10021.nls
[2009/10/20 23:22:38 | 07,280,672 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\SUPERAntiSpyware.exe
[2009/10/20 00:51:27 | 05,161,984 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\WindowsDefender.msi
[2009/10/20 00:36:59 | 00,052,571 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\3ace9665652ae3ddf73654d3.jpg
[2009/10/18 21:32:29 | 00,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\ArSwp3.lnk
[2009/10/18 21:00:41 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/18 21:00:36 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/18 20:58:31 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/18 20:58:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/18 20:58:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/18 20:58:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/18 14:30:34 | 16,098,79552 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/16 00:56:39 | 00,086,646 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\091015 CY.jpg
[2009/10/14 23:56:31 | 00,061,288 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\未命名 -2.jpg
[2009/10/14 23:44:07 | 00,341,967 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\IMG_1382拷貝.jpg
[2009/10/14 23:35:11 | 00,416,461 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\IMG_1382.jpg
[2009/10/14 22:45:21 | 00,066,048 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\label x 12(bag).doc
[2009/10/14 20:46:53 | 00,000,503 | ---- | C] () -- C:\Documents and Settings\Christine Chow\Application Data\Poladroid prefs.plist
[2009/10/14 20:46:07 | 00,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Poladroid 0.9.6r0.lnk
[2009/10/14 19:16:58 | 00,000,826 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\nEOiMAGING.lnk
[2009/10/14 19:11:47 | 00,001,011 | ---- | C] () -- C:\Documents and Settings\Christine Chow\Application Data\momento.log
[2009/10/14 15:35:17 | 02,062,902 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\cici.hk.bmp
[2009/10/11 20:11:40 | 00,000,416 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\0 SM Town.lnk
[2009/10/11 20:11:40 | 00,000,411 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\0 ENERGY.lnk
[2009/10/11 20:11:40 | 00,000,399 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\0 EXAM.lnk
[2009/10/11 20:11:40 | 00,000,399 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\0 [FC].lnk
[2009/10/11 20:11:40 | 00,000,395 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\0 情書.lnk
[2009/10/11 20:11:40 | 00,000,387 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\0 SJ.lnk
[2009/10/11 20:11:40 | 00,000,387 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\0 JP.lnk
[2009/10/11 20:11:40 | 00,000,387 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\0 HP.lnk
[2009/10/11 20:11:40 | 00,000,387 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\0 CF.lnk
[2009/10/11 20:11:40 | 00,000,387 | ---- | C] () -- C:\Documents and Settings\Christine Chow\桌面\0 BL.lnk
[2009/09/27 04:25:18 | 00,000,022 | ---- | C] () -- C:\WINDOWS\Kruptos.INI
[2009/07/14 02:25:55 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/07/14 02:25:55 | 00,004,962 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/07/14 02:25:53 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/07/14 02:25:53 | 00,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/02/14 15:39:33 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2009/02/14 15:39:33 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2009/01/21 03:32:04 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/01/07 01:29:15 | 00,000,113 | ---- | C] () -- C:\WINDOWS\PPSMediaList.ini
[2009/01/06 02:07:05 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/06 02:07:02 | 02,330,643 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/01/06 02:07:02 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/06 02:07:01 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/01/06 02:07:01 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/06 02:07:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/06 02:07:00 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/09/17 00:01:00 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/09/17 00:01:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/09/17 00:00:59 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/09/17 00:00:59 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2008/08/16 11:35:30 | 00,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2008/03/14 09:27:06 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/02/25 15:25:57 | 00,000,027 | ---- | C] () -- C:\WINDOWS\ppssg.ini
[2008/02/25 14:54:37 | 00,000,045 | ---- | C] () -- C:\WINDOWS\PCDNSetting.ini
[2008/02/25 02:11:49 | 00,000,083 | ---- | C] () -- C:\WINDOWS\powerlist.ini
[2008/02/11 02:11:47 | 00,000,030 | ---- | C] () -- C:\WINDOWS\msgtn.ini
[2008/02/11 02:06:08 | 00,005,262 | ---- | C] () -- C:\WINDOWS\PowerPlayer.ini
[2008/02/11 02:01:36 | 00,002,208 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2008/01/05 05:57:22 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/05 05:57:22 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/01/05 05:56:24 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/29 23:04:24 | 02,067,140 | R--- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2007/09/01 14:28:48 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2007/06/11 19:41:38 | 00,166,216 | ---- | C] () -- C:\WINDOWS\System32\contmenu.dll.del
[2007/06/11 19:41:38 | 00,166,216 | ---- | C] () -- C:\WINDOWS\System32\contmenu.dll
[2007/04/25 10:12:00 | 01,079,032 | ---- | C] () -- C:\WINDOWS\System32\vorbis_vx.dll
[2007/04/25 10:11:56 | 00,067,320 | ---- | C] () -- C:\WINDOWS\System32\ogg_vx.dll
[2007/04/21 14:34:41 | 00,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/04/21 14:34:41 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/04/05 22:47:20 | 00,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/04/05 22:47:19 | 00,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/04/05 22:47:19 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/04/05 22:47:19 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/04/05 22:47:19 | 00,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/04/05 22:47:19 | 00,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/03/25 22:30:14 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/25 14:51:04 | 00,000,579 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/20 20:37:04 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/03/16 01:02:27 | 00,000,527 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2007/03/14 20:42:32 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2007/03/14 20:42:32 | 00,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2007/03/12 22:18:54 | 00,000,067 | ---- | C] () -- C:\WINDOWS\#1 Video Converter.INI
[2007/03/08 23:48:29 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/03/08 23:41:28 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\nod.dll
[2007/03/08 23:40:58 | 00,000,079 | ---- | C] () -- C:\WINDOWS\System32\fscagent.ini
[2007/03/08 23:40:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\fscflist.ini
[2007/03/04 21:04:30 | 00,248,320 | ---- | C] () -- C:\Documents and Settings\Christine Chow\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/03 23:20:02 | 00,157,184 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/03/03 23:11:08 | 00,013,906 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/03/03 23:11:08 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/03/03 23:11:04 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/03/03 23:08:40 | 00,507,976 | R--- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/03/03 23:08:40 | 00,352,330 | R--- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/03/03 23:08:35 | 00,037,684 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2007/03/03 23:08:35 | 00,037,684 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2007/03/03 22:13:31 | 00,100,928 | ---- | C] () -- C:\Documents and Settings\Christine Chow\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/03/03 21:54:04 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Christine Chow\Application Data\desktop.ini
[2007/03/03 21:37:40 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/03/09 16:01:24 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\ahook.dll
[2005/01/12 11:08:50 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\SafeIE.dll
[2004/11/25 15:30:44 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\dmvm.dll
[2004/08/12 20:00:00 | 00,000,984 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/12 20:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/02/28 02:58:24 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\msjmfas.dll

========== LOP Check ==========

[2009/10/20 22:22:53 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/06/03 22:50:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/23 23:42:58 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/10/14 17:47:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2007/08/30 21:20:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2007/12/27 19:26:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GRETECH
[2007/12/12 21:05:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grid
[2008/07/09 03:02:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2007/03/20 01:57:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2007/12/08 01:58:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mvcache
[2007/03/14 21:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/09/13 21:20:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/09/12 13:06:44 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2009/10/23 00:40:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/03/22 01:19:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tencent
[2007/08/30 19:39:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2008/01/11 21:13:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\thunder_dctemp
[2007/08/12 16:22:10 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
[2009/09/13 21:10:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/01/10 01:39:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vucache
[2007/03/03 23:48:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/20 22:22:53 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Christine Chow\Application Data
[2008/08/17 02:19:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\Ahead
[2009/10/14 17:46:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\ArcSoft
[2007/09/01 14:18:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\DataCast
[2007/04/26 14:35:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\DataLayer
[2009/02/12 02:31:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\DNA
[2009/09/06 03:57:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\FileZilla
[2009/10/16 00:56:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\FireShot
[2007/05/08 00:39:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\FlashGet
[2009/10/02 00:14:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\Geniesoft
[2008/08/06 01:38:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\GlarySoft
[2007/03/17 17:28:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\GlobalSCAPE
[2007/12/27 19:26:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\GRETECH
[2007/06/12 23:44:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\iebook
[2007/04/22 21:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\LEAPS
[2007/03/20 02:00:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\Locktime
[2008/01/19 22:20:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\MegauploadToolbar
[2009/08/25 22:51:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\miroko
[2009/10/03 00:32:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\MSNShell
[2007/04/26 15:14:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\Nokia
[2007/04/26 15:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\Nokia 多媒體播放器
[2007/03/14 21:24:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\PC Suite
[2007/03/25 18:38:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\Pegasys Inc
[2009/10/13 02:09:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\ppStream
[2007/11/29 23:07:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\Samsung
[2007/05/10 22:15:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\Screenshot Sender
[2009/02/07 03:24:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\Tencent
[2009/09/14 13:23:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christine Chow\Application Data\Ulead Systems
[2009/10/22 23:43:19 | 00,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/10/14 22:44:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/12 20:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/23 00:14:18 | 00,000,540 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/22 23:54:15 | 00,000,544 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/23 00:13:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< etsvcs >

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/15 18:54:31 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2008/04/15 18:54:37 | 00,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

< %systemroot%\system32\drivers\iaStor.sys >

< %systemroot%\System32\drivers\nvstor.sys >

< %systemroot%\system32\drivers\atapi.sys >
[2008/04/14 02:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys

< %systemroot%\system32\drivers\IdeChnDr.sys >

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CD562B4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1940DBE8

========== Files - Unicode (All) ==========
[2009/10/12 02:01:27 | 00,043,183 | ---- | M] ()(C:\Documents and Settings\Christine Chow\桌面\?.txt) -- C:\Documents and Settings\Christine Chow\桌面\殇.txt
[2009/10/12 02:01:26 | 00,043,183 | ---- | C] ()(C:\Documents and Settings\Christine Chow\桌面\?.txt) -- C:\Documents and Settings\Christine Chow\桌面\殇.txt
[2007/06/02 18:46:05 | 00,012,934 | ---- | M] ()(C:\Documents and Settings\Christine Chow\My Documents\??前加入??日期 For D5.5.docx) -- C:\Documents and Settings\Christine Chow\My Documents\标题前加入发贴日期 For D5.5.docx
[2007/06/02 18:46:05 | 00,012,934 | ---- | C] ()(C:\Documents and Settings\Christine Chow\My Documents\??前加入??日期 For D5.5.docx) -- C:\Documents and Settings\Christine Chow\My Documents\标题前加入发贴日期 For D5.5.docx
< End of report >

---------------------------------
Extras.Txt from OTL-----------
OTL Extras logfile created on: 22/10/2009 PM 11:11:39 - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Christine Chow\桌面\*制造器\防毒
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

1.50 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 56.72% Memory free
2.11 Gb Paging File | 1.31 Gb Available in Paging File | 62.09% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 16.28 Gb Free Space | 10.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive T: | 931.51 Gb Total Space | 638.59 Gb Free Space | 68.55% Space Free | Partition Type: NTFS

Computer Name: CHRISTINE
Current User Name: Christine Chow
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\notepad.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\WINDOWS\notepad.exe %1 (Microsoft Corporation)
Directory [AAW2007] -- C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe /scanfolder "%1" (Lavasoft)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Playback] -- "C:\Program Files\TTPlayer\TTPlayer.exe" "%1" (Alen Soft)
Directory [PlayList] -- "C:\Program Files\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13794:TCP" = 13794:TCP:*:Enabled:BitComet 13794 TCP
"13794:UDP" = 13794:UDP:*:Enabled:BitComet 13794 UDP
"2895:TCP" = 2895:TCP:*:Enabled:Foxy (202.80.133.26:2895) 2895 TCP
"2895:UDP" = 2895:UDP:*:Enabled:Foxy (202.80.133.26:2895) 2895 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"8921:TCP" = 8921:TCP:*:Enabled:BitComet 8921 TCP
"8921:UDP" = 8921:UDP:*:Enabled:BitComet 8921 UDP
"18112:TCP" = 18112:TCP:*:Enabled:BitComet 18112 TCP
"18112:UDP" = 18112:UDP:*:Enabled:BitComet 18112 UDP
"26755:TCP" = 26755:TCP:*:Enabled:BitComet 26755 TCP
"26755:UDP" = 26755:UDP:*:Enabled:BitComet 26755 UDP
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"10007:TCP" = 10007:TCP:*:Enabled:BitComet 10007 TCP
"10007:UDP" = 10007:UDP:*:Enabled:BitComet 10007 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ\Icq.exe" = C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ -- (ICQ Inc.)
"C:\WINDOWS\system32\fscagent.exe" = C:\WINDOWS\system32\fscagent.exe:*:Enabled:???? ???? ?? -- (Nowcom Co., Ltd.)
"C:\WINDOWS\system32\clubbox.exe" = C:\WINDOWS\system32\clubbox.exe:*:Enabled:贗毀夢蝶 橾瞪歎 婦葬濠 -- (Nowcom, Co. LTD.)
"C:\WINDOWS\system32\grdmgr.exe" = C:\WINDOWS\system32\grdmgr.exe:*:Enabled:CDN ???? ?? -- (???)
"C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe" = C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe:*:Enabled:FTP Transfer Engine -- (GlobalSCAPE Texas, LP.)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Program Files\Tencent\QQGame\QQGame.exe" = C:\Program Files\Tencent\QQGame\QQGame.exe:*:Enabled:QQGame -- (深圳市騰訊計算机系統有限公司)
"C:\Program Files\GuildFTPd\GuildFTPd.exe" = C:\Program Files\GuildFTPd\GuildFTPd.exe:*:Enabled:GuildFTPd FTP Server Deamon -- ()
"C:\Program Files\NextLink\GOGOBOX\GFSCAgent.exe" = C:\Program Files\NextLink\GOGOBOX\GFSCAgent.exe:*:Enabled:GOGOBOX檔案傳送Daemon -- (NextLink Co., Ltd.)
"C:\Program Files\NextLink\GOGOBOX\gogobox.exe" = C:\Program Files\NextLink\GOGOBOX\gogobox.exe:*:Enabled:gogobox檔案傳送管理者 -- (NextLink, Co. LTD.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" = C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Disabled:Media Player Classic -- (mpc-hc@Sourceforge)
"C:\WINDOWS\system32\cytwsvr.exe" = C:\WINDOWS\system32\cytwsvr.exe:*:Enabled:Cyworld Taiwan BGM Player -- (Cyworld Taiwan)
"C:\Program Files\GridService\peer.exe" = C:\Program Files\GridService\peer.exe:*:Enabled:muse peer -- (FS2YOU)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Program Files\Tudou\Tudou\TudouVa.exe" = C:\Program Files\Tudou\Tudou\TudouVa.exe:*:Enabled:?速Tudou -- (土豆网(www.tudou.com))
"C:\Program Files\FlashGet\FlashGet.exe" = C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS厙釐萇弝 -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS 厙釐樓厒 -- (PPStream Inc)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Installed\BitComet魂 0.98\BitComet-NDA\BitComet.exe" = C:\Installed\BitComet魂 0.98\BitComet-NDA\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Program Files\Tudou\iTudou\iTudou.exe" = C:\Program Files\Tudou\iTudou\iTudou.exe:*:Enabled:iTudou -- (土豆网)
"C:\Documents and Settings\Christine Chow\桌面\NDSL\ezbuilder_fullpackage_20070427\setup\lighttpd\lighttpd.exe" = C:\Documents and Settings\Christine Chow\桌面\NDSL\ezbuilder_fullpackage_20070427\setup\lighttpd\lighttpd.exe:*:Enabled:lighttpd -- ()
"C:\Program Files\easyMule\emule.exe" = C:\Program Files\easyMule\emule.exe:*:Enabled:easyMule -- (http://www.verycd.com)
"C:\Program Files\Thunder Network\WebThunder\WebThunder.exe" = C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:*:Enabled:WebThunder -- (深圳市迅雷网?技?有限公司)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\NATEON\BIN\NateOnMain.exe" = C:\Program Files\NATEON\BIN\NateOnMain.exe:*:Enabled:NATE ON -- (SK Communications)
"C:\Program Files\PPStream\update\ppstreamsetup-update090811.exe" = C:\Program Files\PPStream\update\ppstreamsetup-update090811.exe:*:Enabled:PPStream Installer -- (PPStream Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Documents and Settings\Christine Chow\桌面\nEOiMAGING_311_tw_ZARD\nEO iMAGING\nEOiMAGING.exe" = C:\Documents and Settings\Christine Chow\桌面\nEOiMAGING_311_tw_ZARD\nEO iMAGING\nEOiMAGING.exe:*:Enabled:光影魔術手 -- (nEO Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0967A7D8-FD69-4FB3-BC98-D5B85F9A6F45}" = Windows Live Toolbar
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0FF1922C-B6C4-40BB-AF30-BEF75A482444}" = Nokia Connectivity Cable Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live 上載工具
"{226DED00-5B8B-4877-AEF6-C41E00B57E36}" = Windows Live Mail
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java™ SE Development Kit 6 Update 13
"{350C97B6-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{43FFE159-3199-4188-A1CD-629166AD1028}" = Nero 7 Ultra Edition
"{459DDD17-D825-4FBF-B437-693E7D44F5B3}" = Windows Live Writer
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E4F8EE0-43EC-4AB9-9A04-702F2AE7E229}" = Windows Live 登入小幫手
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5832EEB8-7E3F-4608-B51F-8015B76EC7A4}_is1" = Extra.YouTube Picker 1.6.6
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = AsusUpdate
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{697E41EA-AEBE-4B5F-884E-87B5CD6C70AC}" = 네이트온
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7396F7C8-EDD8-4473-BF6A-2CE4996716E1}" = JavaFX™ 1.1 SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 ESD
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D4942F1-D5EB-40A7-9D7B-07F8ED1B71E9}" = TMPGEnc DVD Author 3 with DivX Authoring
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F6E4272-B797-4523-8A4E-9FF01E1E0B16}" = Ulead DVD MovieFactory 5
"{90120000-0010-0404-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Chinese (Traditional)) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0404-0000-0000000FF1CE}_PROPLUS_{85AA1E0E-550A-4C3B-80CE-27CD8E172608}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}_PROPLUS_{85AA1E0E-550A-4C3B-80CE-27CD8E172608}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}_PROPLUS_{85AA1E0E-550A-4C3B-80CE-27CD8E172608}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0404-0000-0000000FF1CE}_PROPLUS_{85AA1E0E-550A-4C3B-80CE-27CD8E172608}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0404-0000-0000000FF1CE}_PROPLUS_{85AA1E0E-550A-4C3B-80CE-27CD8E172608}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}_PROPLUS_{85AA1E0E-550A-4C3B-80CE-27CD8E172608}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_PROPLUS_{6197A9A1-87C4-4899-80A7-C555C31F95E4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_PROPLUS_{5CE74E24-2E09-4547-A1E0-354688209BBA}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-0044-0404-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007
"{90120000-0044-0404-0000-0000000FF1CE}_PROPLUS_{85AA1E0E-550A-4C3B-80CE-27CD8E172608}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}_PROPLUS_{327A849D-1627-4C07-8B62-C5364804968F}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{9465CD4C-1CE3-47EB-896C-C17C02BEA48C}" = Windows Live Call
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{961D35E8-D426-3E2E-8222-F4FFD9E104FD}" = Google Gears
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE49A86-2A62-4B0B-A763-EACBCD84E82F}" = Samsung PC Studio
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1028-7B44-A91000000001}" = Adobe Reader 9.1.3 - Chinese Traditional
"{AE156750-B9B5-4063-84F7-22FF638AF350}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio 5
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 0.77
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D05C84EC-3A0F-4EA2-8404-2179259FFDAB}" = Windows Live 影像中心
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE789653-D04E-47C7-8717-9EC340922B34}" = Windows Live Sync
"{DE7ED7D4-B603-4678-8CFD-09BD55C2A736}" = Windows Live 程式集
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media 編碼器 9 系列
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8F8652B-D212-437E-9917-0ACCA9B092CE}" = Office Multimedia Keyboard Driver
"{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EEED2879-F4AB-430A-998C-801D0E5B9C1E}" = KBS Kong v3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F5F5ABB8-87EA-47A7-8CC6-E68AFC2D3BC0}" = TMPGEnc Sound Player
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FF059F2A-62A7-4E6A-B305-559591D2769E}" = Nokia 電腦端套件
"2220-8135-6210-5880" = miroko 1.0.2(16000)
"7-Zip" = 7-Zip 4.42
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Allok 3GP PSP MP4 iPod Video Converter_is1" = Allok 3GP PSP MP4 iPod Video Converter 5.2.0202
"Allok RM RMVB to AVI MPEG DVD Converter_is1" = Allok RM RMVB to AVI MPEG DVD Converter 1.5.0
"Allok Video to DVD Burner_is1" = Allok Video to DVD Burner 1.0.4
"arswp3" = ArSwp3
"avast!" = avast! Antivirus
"AVI MPEG RM WMV Splitter_is1" = AVI/MPEG/RM/WMV Splitter 4.28
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"BandwidthSimulator" = RealPlayer Bandwidth Simulator
"BitComet" = BitComet(比特彗星) 1.15
"Boilsoft Video Splitter_is1" = Boilsoft Video Splitter 5.16
"Clubbox 橾瞪歎婦葬濠" = Clubbox 橾瞪歎婦葬濠
"easyMule" = easyMule
"FileZilla Client" = FileZilla Client 3.2.7.1
"FlashGet" = FlashGet 1.9.4.1063
"GOGOBOX檔案傳送管理者" = GOGOBOX檔案傳送管理者
"GOM Player" = GOM Player
"goot" = goot
"GuildFTPd" = GuildFTPd FTP Deamon
"HijackThis" = HijackThis 2.0.2
"ICQ" = ICQ
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{E8F8652B-D212-437E-9917-0ACCA9B092CE}" = Office Multimedia Keyboard Driver
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.5 (Full)
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"megauploadtoolbar" = Megaupload Toolbar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Font Color Editor_is1" = MSN Font Color Editor 4.2
"MSNShell" = MSNShell 5
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"No-IP.com DUC" = No-IP.com DUC (remove only)
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PPStream" = PPS網路電視 V2.6.86.8898 Final
"PPStream賜醱痺 AquaOS_is1" = AquaOS
"PPStream賜醱痺 Noire_is1" = Noire
"PPStream賜醱痺 vladstudio_is1" = vladstudio
"PPS網路電視" = PPS網路電視
"PROPLUS" = Microsoft Office Professional Plus 2007
"RaySource" = RaySource 2.1.10.8242
"RealPlayer 12.0" = RealPlayer
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"RM Converter_is1" = RM Converter 4.12
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Spyware Doctor" = Spyware Doctor 6.0
"TencentMediaPlayer" = Tencent Media Player by Viewpoint
"TTPlayer" = 千千靜聽 5.5Beta
"TVAnts 1.0" = TVAnts 1.0
"TVAnts ActiveX Control 1.0" = TVAnts ActiveX Control 1.0
"Video-AVI to GIF Converter_is1" = Video-AVI to GIF Converter v2.0.10a9 - Free Version
"Vodafone 804SS USB driver" = SAMSUNG Mobile USB Modem ^^
"WebThunder" = WEB捃濘
"Win AVI HelixSDK_is1" = Win AVI HelixSDK
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media 編碼器 9 系列
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live 程式集
"WinRAR archiver" = WinRAR 壓縮工具
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec
"Yahoo! Anti-Spy" = Yahoo! 反間諜軟件
"Yahoo! Companion" = Yahoo! 工具列
"Yahoo! 聰明筆" = Yahoo! 聰明筆
"YInstHelper" = Yahoo! Install Manager
"贗毀夢蝶 橾瞪歎婦葬濠" = 贗毀夢蝶 橾瞪歎婦葬濠

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"MilitaryGame App" = MilitaryGame App

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 18/1/2009 PM 3:53:49 | Computer Name = CHRISTINE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Christine Chow\Local Settings\Temporary Internet Files\Content.IE5\E3AEXXZN\common[1].js
failed, 00000005.

Error - 18/1/2009 PM 3:57:22 | Computer Name = CHRISTINE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Christine Chow\Local Settings\Temporary Internet Files\Content.IE5\E3AEXXZN\common[1].js
failed, 00000005.

Error - 18/1/2009 PM 4:13:40 | Computer Name = CHRISTINE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Christine Chow\Local Settings\Temporary Internet Files\Content.IE5\01SSOC11\common[2].js
failed, 00000005.

Error - 11/6/2009 AM 1:07:09 | Computer Name = CHRISTINE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\6a13a9dee10b4cdf557a94b2d5993b7e\BIT3.tmp
failed, 00000026.

Error - 15/7/2009 PM 1:33:18 | Computer Name = CHRISTINE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\742b42e5c6232e70f6661deb46cd972e\BIT68.tmp
failed, 00000026.

Error - 24/8/2009 PM 12:10:42 | Computer Name = CHRISTINE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://big5.pconline...01/1209620.html
failed, 00000084.

Error - 9/10/2009 PM 11:37:39 | Computer Name = CHRISTINE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.youtube.com/ failed, 00000070.

Error - 13/10/2009 AM 11:02:43 | Computer Name = CHRISTINE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://apps.facebook.../buddy_list.php failed, 00000070.

Error - 13/10/2009 AM 11:10:26 | Computer Name = CHRISTINE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://apps.facebook.../buddy_list.php failed, 00000070.

Error - 18/10/2009 AM 9:03:55 | Computer Name = CHRISTINE | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Unhandled exception in AavmProviderStop
[Inner], MAIL.

[ Application Events ]
Error - 18/10/2009 AM 9:02:42 | Computer Name = CHRISTINE | Source = crypt32 | ID = 131083
Description = 無法從自動更新 CAB 檔案中(在: <http://www.download....uthrootstl.cab>)將廠商根清單解壓縮,錯誤:
與目前的系統時鐘或簽署檔案的時間戳記核對時,所需的憑證不在有效日期內。

Error - 18/10/2009 AM 9:02:42 | Computer Name = CHRISTINE | Source = crypt32 | ID = 131080
Description = 從 <http://www.download....uthrootseq.txt>
自動更新廠商根清單順序數字發生失敗,錯誤: 這個網路連線不存在。

Error - 18/10/2009 AM 9:02:43 | Computer Name = CHRISTINE | Source = crypt32 | ID = 131083
Description = 無法從自動更新 CAB 檔案中(在: <http://www.download....uthrootstl.cab>)將廠商根清單解壓縮,錯誤:
與目前的系統時鐘或簽署檔案的時間戳記核對時,所需的憑證不在有效日期內。

Error - 18/10/2009 AM 9:02:43 | Computer Name = CHRISTINE | Source = crypt32 | ID = 131080
Description = 從 <http://www.download....uthrootseq.txt>
自動更新廠商根清單順序數字發生失敗,錯誤: 這個網路連線不存在。

Error - 18/10/2009 AM 9:02:43 | Computer Name = CHRISTINE | Source = crypt32 | ID = 131083
Description = 無法從自動更新 CAB 檔案中(在: <http://www.download....uthrootstl.cab>)將廠商根清單解壓縮,錯誤:
與目前的系統時鐘或簽署檔案的時間戳記核對時,所需的憑證不在有效日期內。

Error - 18/10/2009 AM 9:02:43 | Computer Name = CHRISTINE | Source = crypt32 | ID = 131080
Description = 從 <http://www.download....uthrootseq.txt>
自動更新廠商根清單順序數字發生失敗,錯誤: 這個網路連線不存在。

Error - 18/10/2009 AM 9:02:43 | Computer Name = CHRISTINE | Source = crypt32 | ID = 131083
Description = 無法從自動更新 CAB 檔案中(在: <http://www.download....uthrootstl.cab>)將廠商根清單解壓縮,錯誤:
與目前的系統時鐘或簽署檔案的時間戳記核對時,所需的憑證不在有效日期內。

Error - 18/10/2009 AM 9:02:43 | Computer Name = CHRISTINE | Source = crypt32 | ID = 131080
Description = 從 <http://www.download....uthrootseq.txt>
自動更新廠商根清單順序數字發生失敗,錯誤: 這個網路連線不存在。

Error - 19/10/2009 AM 10:55:39 | Computer Name = CHRISTINE | Source = crypt32 | ID = 131083
Description = 無法從自動更新 CAB 檔案中(在: <http://www.download....uthrootstl.cab>)將廠商根清單解壓縮,錯誤:
與目前的系統時鐘或簽署檔案的時間戳記核對時,所需的憑證不在有效日期內。

Error - 19/10/2009 PM 1:08:00 | Computer Name = CHRISTINE | Source = ESENT | ID = 490
Description = svchost (1124) 嘗試開啟檔案 "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
供讀 / 寫存取失敗並出現系統錯誤 32 (0x00000020): "程序無法存取檔案,因為檔案正由另一個程序使用。 "。 開啟檔案作業將會失敗並出現錯誤
-1032 (0xfffffbf8)。

[ NetLimiter Events ]
Error - 7/5/2007 AM 5:54:06 | Computer Name = CHRISTINE | Source = NetLimiter 2 | ID = 1000
Description =

Error - 8/5/2007 AM 2:11:15 | Computer Name = CHRISTINE | Source = NetLimiter 2 | ID = 1000
Description =

Error - 8/5/2007 AM 3:57:18 | Computer Name = CHRISTINE | Source = NetLimiter 2 | ID = 1000
Description =

Error - 8/5/2007 AM 5:11:30 | Computer Name = CHRISTINE | Source = NetLimiter 2 | ID = 1000
Description =

Error - 9/5/2007 AM 12:53:25 | Computer Name = CHRISTINE | Source = NetLimiter 2 | ID = 1000
Description =

Error - 9/5/2007 AM 1:02:22 | Computer Name = CHRISTINE | Source = NetLimiter 2 | ID = 1000
Description =

Error - 9/5/2007 PM 1:39:11 | Computer Name = CHRISTINE | Source = NetLimiter 2 | ID = 1000
Description =

Error - 10/5/2007 AM 1:37:11 | Computer Name = CHRISTINE | Source = NetLimiter 2 | ID = 1000
Description =

Error - 10/5/2007 AM 7:03:38 | Computer Name = CHRISTINE | Source = NetLimiter 2 | ID = 1000
Description =

Error - 10/5/2007 PM 12:54:30 | Computer Name = CHRISTINE | Source = NetLimiter 2 | ID = 1000
Description =

[ ODiag Events ]
Error - 2/6/2007 PM 3:53:43 | Computer Name = CHRISTINE | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A

[ OSession Events ]
Error - 14/6/2007 AM 10:56:54 | Computer Name = CHRISTINE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2945
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 19/10/2009 AM 11:52:52 | Computer Name = CHRISTINE | Source = Service Control Manager | ID = 7034
Description = Capture Device Service 服務意外地終止。已經發生 1 次。

Error - 19/10/2009 AM 11:52:52 | Computer Name = CHRISTINE | Source = Service Control Manager | ID = 7034
Description = B's Recorder GOLD Library General Service 服務意外地終止。已經發生 1 次。

Error - 19/10/2009 AM 11:52:52 | Computer Name = CHRISTINE | Source = Service Control Manager | ID = 7034
Description = Java Quick Starter 服務意外地終止。已經發生 1 次。

Error - 19/10/2009 AM 11:52:52 | Computer Name = CHRISTINE | Source = Service Control Manager | ID = 7034
Description = NoIPDUCService 服務意外地終止。已經發生 1 次。

Error - 19/10/2009 AM 11:52:52 | Computer Name = CHRISTINE | Source = Service Control Manager | ID = 7034
Description = NVIDIA Driver Helper Service 服務意外地終止。已經發生 1 次。

Error - 19/10/2009 AM 11:52:53 | Computer Name = CHRISTINE | Source = Service Control Manager | ID = 7034
Description = SeaPort 服務意外地終止。已經發生 1 次。

Error - 19/10/2009 AM 11:52:53 | Computer Name = CHRISTINE | Source = Service Control Manager | ID = 7034
Description = Ulead Burning Helper 服務意外地終止。已經發生 1 次。

Error - 19/10/2009 AM 11:52:59 | Computer Name = CHRISTINE | Source = Service Control Manager | ID = 7034
Description = NMIndexingService 服務意外地終止。已經發生 1 次。

Error - 19/10/2009 AM 11:52:59 | Computer Name = CHRISTINE | Source = Service Control Manager | ID = 7031
Description = Lavasoft Ad-Aware Service 服務意外終止,服務曾完成這項動作 1 次。以下的修正操作將在 5000 毫秒內執行:
重新啟動服務。

Error - 20/10/2009 PM 2:35:23 | Computer Name = CHRISTINE | Source = PlugPlayManager | ID = 11
Description = 裝置 Root\LEGACY_CATCHME\0000 沒有先作移除的準備,就已經從系統中消失了。


< End of report >
----------------------
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/23 00:54
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB8AC0000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79C7000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xB5B59000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB51F1000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb8b086b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xb8df41b6

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf743a282

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf743a474

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xb8df41ac

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xb8df41bb

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xb8df41c5

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb8b0814c

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xb8df41ca

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf744a3fa

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xb8df4198

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xb8df419d

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb8b0876e

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf744c422

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xb8df41d4

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xb8df41cf

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xb8df41c0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xb8df41a7

==EOF====EOF==
------------------------------
About my computer ...
for sure ...it slow down too much, start up, opening new windows ...etc
stuck on the web pages...esp. facebook..

that's all ...thanks
  • 0

#4
Extremeboy
Posted 23 October 2009 - 03:05 PM

Extremeboy

    Malware Removal Staff

  • Retired Staff
  • 824 posts
Hello.

1...while i am scaning my computer, Avira warning pops up again, what should i select?delete?or ignore?

What is the exact popup/message you got? let me know.

2...since my computer is in Chinese display, ans the logs seems to be Chinese too>__<
hope it would not affect too much for you

Should be fine. I can still see the information. I can also read a bit of chinese too. lol

Some Combofix related tools/files are there. Let's run Combofix. Make sure that you disable Avira before running it.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.
  • 0

#5
Double.C
Posted 24 October 2009 - 08:01 AM

Double.C

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Herewith my comboFix log & my avira massage...thanks.

ComboFix 09-10-23.01 - Christine Chow 0/2009 Sat 21:34.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.950.852.1028.18.1535.985 [GMT 8:00]
執行位置: c:\documents and settings\Christine Chow\桌面\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1351 [VPS 091023-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* 成功創造新還原點
.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

----- BITS: Possible infected sites -----

hxxp://download.windoj+|Cv+@J:NGD_DQ{zcxLJS@KIO5HWU Client DownloadS-1-5-18`HT4?? 6VwoQZCDHM6VwoQZCDHMXu-^3S-^3S-^3S-^3ScxLJS@GD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cvpdate.com
.
((((((((((((((((((((((((( 2009-09-24 至 2009-10-24 的新的檔案 )))))))))))))))))))))))))))))))
.

2009-10-22 18:47 . 2009-10-22 19:03 -------- d-----w- c:\documents and settings\Christine Chow\Application Data\U3
2009-10-22 16:09 . 2004-08-12 12:00 5632 -c--a-w- c:\windows\system32\dllcache\kbdheb.dll
2009-10-22 16:09 . 2004-08-12 12:00 5632 ----a-w- c:\windows\system32\kbdheb.dll
2009-10-22 16:09 . 2004-08-12 12:00 6144 -c--a-w- c:\windows\system32\dllcache\kbdth3.dll
2009-10-22 16:09 . 2004-08-12 12:00 6144 -c--a-w- c:\windows\system32\dllcache\kbdth2.dll
2009-10-22 16:09 . 2004-08-12 12:00 6144 ----a-w- c:\windows\system32\kbdth3.dll
2009-10-22 16:09 . 2004-08-12 12:00 6144 ----a-w- c:\windows\system32\kbdth2.dll
2009-10-22 16:09 . 2004-08-12 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftlx041e.dll
2009-10-22 16:09 . 2004-08-12 12:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2009-10-22 16:09 . 2004-08-12 12:00 5632 -c--a-w- c:\windows\system32\dllcache\kbdth1.dll
2009-10-22 16:09 . 2004-08-12 12:00 5632 -c--a-w- c:\windows\system32\dllcache\kbdth0.dll
2009-10-22 16:09 . 2004-08-12 12:00 5632 ----a-w- c:\windows\system32\kbdth1.dll
2009-10-22 16:09 . 2004-08-12 12:00 5632 ----a-w- c:\windows\system32\kbdth0.dll
2009-10-22 15:47 . 2009-10-22 15:47 -------- d-----w- c:\windows\system32\ar-sa
2009-10-22 15:47 . 2009-10-22 15:47 -------- d-----w- c:\windows\system32\pt-br
2009-10-22 15:47 . 2009-10-22 15:47 -------- d-----w- c:\windows\system32\bg-bg
2009-10-22 15:47 . 2009-10-22 15:47 -------- d-----w- c:\windows\system32\zh-cn
2009-10-22 15:47 . 2009-10-22 15:47 -------- d-----w- c:\windows\system32\cs-cz
2009-10-22 15:47 . 2009-10-22 15:47 -------- d-----w- c:\windows\system32\da-dk
2009-10-20 14:23 . 2008-12-11 00:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-20 14:23 . 2009-04-03 03:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-20 14:23 . 2008-12-18 04:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-20 14:22 . 2009-10-20 14:23 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-20 14:22 . 2008-12-10 03:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-20 14:22 . 2009-10-23 15:22 -------- d-----w- c:\program files\Spyware Doctor
2009-10-20 14:22 . 2009-10-20 14:22 -------- d-----w- c:\documents and settings\Christine Chow\Application Data\PC Tools
2009-10-20 14:22 . 2009-10-20 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-20 14:16 . 2009-09-10 06:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-20 14:16 . 2009-10-20 14:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-20 14:16 . 2009-09-10 06:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 16:20 . 2009-10-19 16:51 -------- d-----w- c:\documents and settings\Christine Chow\DoctorWeb
2009-10-19 15:52 . 2009-10-19 15:52 -------- d-----w- C:\_OTM
2009-10-19 15:22 . 2009-10-19 15:22 -------- d-----w- c:\documents and settings\Christine Chow\Application Data\Malwarebytes
2009-10-19 15:22 . 2009-10-19 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-19 15:07 . 2009-10-19 15:07 -------- d-----w- c:\documents and settings\Christine Chow\Application Data\AVG8
2009-10-19 14:23 . 2009-10-19 14:53 -------- d-----w- c:\program files\Enigma Software Group
2009-10-18 13:32 . 2009-10-18 13:41 -------- d-----w- c:\program files\arswp3
2009-10-18 06:52 . 2009-10-18 06:52 -------- d-----w- c:\program files\Trend Micro
2009-10-15 16:56 . 2009-10-15 16:56 -------- d-----w- c:\documents and settings\Christine Chow\Application Data\FireShot
2009-10-14 12:45 . 2009-10-14 12:46 -------- d-----w- c:\program files\Poladroid
2009-10-14 09:47 . 2009-10-14 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2009-10-14 09:46 . 2009-10-14 09:46 -------- d-----w- c:\documents and settings\Christine Chow\Application Data\ArcSoft
2009-10-14 09:46 . 2009-10-14 09:46 -------- d-----w- c:\program files\ArcSoft
2009-10-13 19:06 . 2009-10-13 19:06 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2009-10-12 15:44 . 2009-10-12 15:44 2560 ----a-w- c:\windows\system32\bitcometres.dll
2009-10-11 16:50 . 2009-10-11 16:50 -------- d-----w- c:\program files\eREAD
2009-10-06 17:31 . 2009-10-06 17:31 -------- d-----w- C:\My Music
2009-10-02 16:00 . 2009-10-02 16:00 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-10-02 15:59 . 2009-10-02 15:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-01 16:26 . 2009-10-01 16:26 -------- d-----w- c:\windows\Digital Ear
2009-10-01 16:14 . 2009-10-01 16:14 -------- d-----w- c:\program files\VSTPlugins
2009-10-01 16:14 . 2009-10-01 16:14 -------- d-----w- c:\documents and settings\Christine Chow\Application Data\Geniesoft
2009-09-30 15:30 . 2009-09-30 15:30 -------- d-----w- c:\program files\Boilsoft Video Splitter
2009-09-30 15:06 . 2009-09-30 15:06 -------- d-----w- c:\program files\Common Files\Apple
2009-09-30 15:05 . 2009-09-30 15:06 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 13:31 . 2007-03-14 16:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-22 16:39 . 2007-03-09 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-22 16:34 . 2007-03-09 17:29 -------- d-----w- c:\program files\Microsoft Works
2009-10-22 15:30 . 2007-03-03 14:13 100928 ----a-w- c:\documents and settings\Christine Chow\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-22 15:01 . 2009-10-19 16:03 79 ----a-w- c:\windows\system32\fscagent.ini.tmp
2009-10-21 15:53 . 2009-01-09 17:30 -------- d-----w- c:\program files\easyMule
2009-10-19 15:48 . 2007-08-02 14:16 -------- d-----w- c:\program files\Java
2009-10-18 13:58 . 2008-02-10 18:05 -------- d-----w- c:\program files\PPStream
2009-10-18 13:07 . 2009-06-14 07:31 -------- d-----w- c:\program files\NamiRobot
2009-10-17 16:21 . 2009-04-21 16:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-14 15:30 . 2007-04-15 10:35 586 ----a-w- c:\windows\system32\cid_store.dat
2009-10-14 12:34 . 2007-03-14 12:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-14 11:09 . 2007-03-03 16:13 -------- d-----w- c:\program files\BitComet
2009-10-13 19:17 . 2004-08-12 12:00 383860 ----a-w- c:\windows\system32\prfh0404.dat
2009-10-13 19:17 . 2004-08-12 12:00 150070 ----a-w- c:\windows\system32\prfc0404.dat
2009-10-12 18:09 . 2008-02-10 18:01 -------- d-----w- c:\documents and settings\Christine Chow\Application Data\ppStream
2009-10-12 15:41 . 2004-08-12 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-10-11 11:44 . 2009-01-07 08:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-02 16:32 . 2007-12-19 07:30 -------- d-----w- c:\documents and settings\Christine Chow\Application Data\MSNShell
2009-10-02 16:00 . 2007-12-19 07:30 -------- d-----w- c:\program files\Windows Live
2009-10-02 15:57 . 2009-03-03 18:21 -------- d-----w- c:\program files\Microsoft
2009-09-30 15:09 . 2007-04-30 13:06 -------- d-----w- c:\program files\KBS Kong v3
2009-09-30 15:05 . 2009-06-03 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-26 06:58 . 2007-03-03 15:40 -------- d-----w- c:\program files\Real
2009-09-21 15:43 . 2009-07-23 16:07 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-14 05:23 . 2007-04-05 14:44 -------- d-----w- c:\documents and settings\Christine Chow\Application Data\Ulead Systems
2009-09-13 13:20 . 2009-09-13 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-09-13 13:20 . 2009-09-13 13:20 -------- d-----w- c:\program files\SmartSound Software
2009-09-13 13:10 . 2007-04-05 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-09-13 13:10 . 2009-09-13 13:10 -------- d-----w- c:\program files\Corel
2009-09-12 20:32 . 2009-03-11 18:06 -------- d-----w- c:\program files\miroko
2009-09-12 16:52 . 2007-03-04 09:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-12 05:06 . 2009-09-12 05:06 -------- d-sh--w- c:\documents and settings\All Users\Application Data\System Restore
2009-09-11 14:17 . 2004-08-12 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 20:06 . 2007-05-01 20:00 -------- d-----w- c:\program files\GuildFTPd
2009-09-05 19:57 . 2009-09-05 19:43 -------- d-----w- c:\documents and settings\Christine Chow\Application Data\FileZilla
2009-09-05 19:43 . 2009-09-05 19:43 -------- d-----w- c:\program files\FileZilla FTP Client
2009-09-05 19:00 . 2007-05-01 19:57 -------- d-----w- c:\program files\No-IP
2009-09-04 21:03 . 2004-08-12 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 19:54 . 2009-01-07 07:58 -------- d-----w- c:\program files\Google
2009-08-29 07:54 . 2004-08-12 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-12 12:00 246814 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 15:27 . 2009-08-25 15:27 -------- d-----w- c:\program files\7-Zip
2009-08-25 14:51 . 2009-03-11 18:07 -------- d-----w- c:\documents and settings\Christine Chow\Application Data\miroko
2009-08-17 16:10 . 2009-01-06 19:33 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-01-06 19:33 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-01-06 19:33 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-01-06 19:33 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-01-06 19:33 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-01-06 19:33 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-01-06 19:33 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-01-06 19:33 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-01-06 19:33 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 15:33 . 2009-08-17 15:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 11:24 . 2007-03-03 13:47 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 11:24 . 2007-03-03 13:47 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 11:24 . 2007-03-03 13:47 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 11:24 . 2005-05-25 20:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 11:24 . 2007-03-03 13:47 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 11:24 . 2004-08-12 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 11:23 . 2007-03-03 13:47 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 11:23 . 2008-02-28 16:52 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 11:23 . 2008-02-28 16:52 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 11:23 . 2007-03-03 13:47 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 17:00 . 2009-07-05 18:26 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 08:59 . 2004-08-12 12:00 201728 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:26 . 2004-08-12 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:26 . 2004-08-11 18:12 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2006-05-03 09:06 . 2007-04-21 06:34 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-04-21 06:34 31232 --sh--r- c:\windows\system32\msfDX.dll
.

------- Sigcheck -------

[-] 2009-10-12 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2009-01-06 . ED06C31200714E734118F9A47F5DF5CE . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-04-13 . 607C976B22AEB2FCF8A7486BCCA1E3BF . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-02-10 . 01307B76A916A8F6D1F1452744BA7AD6 . 360064 . . [5.1.2600.3244] . . c:\windows\system32\backup\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . B4E29943B4B04BD5E7381546848E6669 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-12 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
2009-09-07 08:36 147928 ----a-w- c:\program files\easyMule\modules\IE2EM.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2009-07-22 210312]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-15 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-26 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-17 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-02-06 344064]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-09-22 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"UVS11 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
"WinampAgent"=c:\program files\Winamp\winampa.exe
"SMSTray"=c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\WINDOWS\\system32\\fscagent.exe"=
"c:\\WINDOWS\\system32\\clubbox.exe"=
"c:\\WINDOWS\\system32\\grdmgr.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Tencent\\QQGame\\QQGame.exe"=
"c:\\Program Files\\GuildFTPd\\GuildFTPd.exe"=
"c:\\Program Files\\NextLink\\GOGOBOX\\GFSCAgent.exe"=
"c:\\Program Files\\NextLink\\GOGOBOX\\gogobox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\WINDOWS\\system32\\cytwsvr.exe"=
"c:\\Program Files\\GridService\\peer.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Tudou\\Tudou\\TudouVa.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Installed\\BitComet魂 0.98\\BitComet-NDA\\BitComet.exe"=
"c:\\Program Files\\Tudou\\iTudou\\iTudou.exe"=
"c:\\Documents and Settings\\Christine Chow\\桌面\\NDSL\\ezbuilder_fullpackage_20070427\\setup\\lighttpd\\lighttpd.exe"=
"c:\\Program Files\\easyMule\\emule.exe"=
"c:\\Program Files\\Thunder Network\\WebThunder\\WebThunder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\NATEON\\BIN\\NateOnMain.exe"=
"c:\\Program Files\\PPStream\\update\\ppstreamsetup-update090811.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Christine Chow\\桌面\\nEOiMAGING_311_tw_ZARD\\nEO iMAGING\\nEOiMAGING.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13794:TCP"= 13794:TCP:BitComet 13794 TCP
"13794:UDP"= 13794:UDP:BitComet 13794 UDP
"2895:TCP"= 2895:TCP:Foxy (202.80.133.26:2895) 2895 TCP
"2895:UDP"= 2895:UDP:Foxy (202.80.133.26:2895) 2895 UDP
"8921:TCP"= 8921:TCP:BitComet 8921 TCP
"8921:UDP"= 8921:UDP:BitComet 8921 UDP
"18112:TCP"= 18112:TCP:BitComet 18112 TCP
"18112:UDP"= 18112:UDP:BitComet 18112 UDP
"26755:TCP"= 26755:TCP:BitComet 26755 TCP
"26755:UDP"= 26755:UDP:BitComet 26755 UDP
"10007:TCP"= 10007:TCP:BitComet 10007 TCP
"10007:UDP"= 10007:UDP:BitComet 10007 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/7/2009 11:43 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [20/10/2009 10:23 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/1/2009 3:33 114768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/7/2009 2:26 108289]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/1/2009 3:33 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/7/2009 10:49 1028432]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [25/3/2007 1:33 2368]
S2 gupdate1c9a99f754b4572;Google Update Service (gupdate1c9a99f754b4572);c:\program files\Google\Update\GoogleUpdate.exe [21/3/2009 5:04 133104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [20/10/2009 10:22 348752]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
‘計劃任務’ 文件夾 裡的內容

2009-10-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 15:43]

2009-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

2009-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 21:04]

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 21:04]
.
.
------- 而外的掃描 -------
.
uStart Page = hk.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://hk.rd.yahoo.com/customize/ycomp/defaults/su/*http://hk.yahoo.com
IE: &U使用?米机器人下?并收藏 - c:\program files\NamiRobot\Data\du.html
IE: &U妏蚚馨譙儂狟婥甜彶紲 - c:\program files\NamiRobot\Data\du.html
IE: &使用 FlashGet 下載 - c:\program files\FlashGet\jc_link.htm
IE: &全部使用 FlashGet 下載 - c:\program files\FlashGet\jc_all.htm
IE: 使用電驢下載 - c:\program files\easyMule\IE2EM.htm
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: 妏蚚iTudou狟婥誹醴 - c:\program files\Tudou\iTudou\iTudou_Link.HTM
IE: 妏蚚Web捃濘狟婥 - c:\program files\Thunder Network\WebThunder\GetUrl.htm
IE: 妏蚚Web捃濘狟婥窒蟈諉 - c:\program files\Thunder Network\WebThunder\GetAllUrl.htm
IE: 設為 Messenger Live 頭像 - c:\program files\MSNShell\Bin\SetMSNDP.htm
IE: {{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\program files\Tencent\QQ\QQ.EXE
IE: {{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - {39732CE5-0EE6-401A-A0B2-27F46B755C5B} -
TCP: {B8908FA3-AB07-47AE-A1C3-3CC2347EF119} = 192.168.11.1
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} - hxxp://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
DPF: {15EDD727-C89B-4639-8157-A731271E2EA6} - hxxp://update2.pcziggy.co.kr/update/ASP/ASP/Pdbox/PCZiggy.cab
DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} - hxxp://211.233.36.135/cab/cibrowser12.cab
DPF: {9331EBA1-CE35-4608-8604-39399E4826ED} - hxxp://fs1.tw.cyworld.com/common/activex/CyImgTaiwan.cab
DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab
DPF: {BD6F8792-B90E-4431-B0AB-08CF414E9D35} - hxxp://bgm.iple.com/Cab/SMMusicPlayerX.cab
DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} - hxxp://tw.cyworld.com/common/activex/P3Instal.cab
DPF: {EDEDED2E-A0A6-4085-BC52-A95255A96DBD} - hxxp://fs17u.cyworld.com.cn/common/activex/CyImgChina.cab
FF - ProfilePath - c:\documents and settings\Christine Chow\Application Data\Mozilla\Firefox\Profiles\r0k939qy.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!擐葛 蝬脤???
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Christine Chow\Application Data\Mozilla\Firefox\Profiles\r0k939qy.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\Christine Chow\Application Data\Mozilla\Firefox\Profiles\r0k939qy.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\real\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\real\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- 文件類型 -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ClubBox - (no file)
AddRemove-ERUNT_is1 - c:\program files\ERUNT\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 21:41
Windows 5.1.2600 Service Pack 3 NTFS

掃描被隱藏的進程 ...

掃描被隱藏的啟動組 ...

掃描被隱藏的文件 ...

掃描完成
被隱藏的檔案: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Avast\?悐灀送攤烓徵V*P*S* \.Current]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\vpsupd.wav"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Avast\?悐灀送攤烓徵V*P*S* \.Modified]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\vpsupd.wav"

[HKEY_USERS\S-1-5-21-682003330-616249376-839522115-1004\AppEvents\Schemes\Apps\Avast\?悐灀送攤烓徵V*P*S* \.Current]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\vpsupd.wav"

[HKEY_USERS\S-1-5-21-682003330-616249376-839522115-1004\AppEvents\Schemes\Apps\Avast\?悐灀送攤烓徵V*P*S* \.Modified]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\vpsupd.wav"

[HKEY_USERS\S-1-5-21-682003330-616249376-839522115-1004\Software\Microsoft\Internet Explorer\MenuExt\&*U*??Y?Q?鸃reZuv_2}]
@="c:\\Program Files\\NamiRobot\\Data\\du.html"
"contexts"="34"

[HKEY_USERS\S-1-5-21-682003330-616249376-839522115-1004\Software\Microsoft\Office\12.0\Common\Open Find\Microsoft Office Excel\Settings\ */SeQW[]
"PositionInfo-Monitor1"=hex:7b,00,00,00,6d,00,00,00,02,03,00,00,cc,01,00,00

[HKEY_USERS\S-1-5-21-682003330-616249376-839522115-1004\Software\Microsoft\Office\12.0\Common\Open Find\Microsoft Office Excel\Settings\ */SeQW[\File Name MRU]
"Value"=multi:"\00\00"
"Maximum Entries"=dword:0000000a

[HKEY_USERS\S-1-5-21-682003330-616249376-839522115-1004\Software\Microsoft\Office\12.0\Common\Open Find\Microsoft Office Excel\Settings\ */SeQW[\View]
"Data"=hex:04,16,00,47,28,14,14,14,0d,01,02,01,00,18,41,00,0d,00,fa,08,00,00,
90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,\

[HKEY_USERS\S-1-5-21-682003330-616249376-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Q]
@Class="Shell"

[HKEY_USERS\S-1-5-21-682003330-616249376-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Q\OpenWithList]
@Class="Shell"
"a"="iexplore.exe"
"MRUList"="ba"
"b"="BitComet.exe"

[HKEY_USERS\S-1-5-21-682003330-616249376-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)YNm]
@Class="Shell"

[HKEY_USERS\S-1-5-21-682003330-616249376-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)YNm\OpenWithList]
@Class="Shell"
"a"="peeradapter.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-682003330-616249376-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,{臹g]
@Class="Shell"

[HKEY_USERS\S-1-5-21-682003330-616249376-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,{臹g\OpenWithList]
@Class="Shell"
"a"="peeradapter.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-682003330-616249376-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\D?*]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,46,00,35,\

[HKEY_USERS\S-1-5-21-682003330-616249376-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\D?*\兀D?*]
"Order"=hex:08,00,00,00,02,00,00,00,66,01,00,00,01,00,00,00,03,00,00,00,6e,00,
00,00,00,00,00,00,60,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,4e,00,36,\

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CurVer]
@="BDATuner.元件.1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\k"Yv?*崝~j泡NkfZlo]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\SUPER *]
"DisplayName"="SUPER ?Version 2007.bld.22 (Mar 14, 2007)"
"UninstallString"="c:\\PROGRA~1\\ERIGHT~1\\SUPER\\Setup.exe /remove /q0"
"InstallDate"="2007-04-21 14:34"
"InstallLocation"="c:\\Program Files\\eRightSoft\\SUPER"
"InstallSource"="c:\\Documents and Settings\\Christine Chow\\My Documents\\我已接收的檔案\\WELLGET"
"DisplayIcon"="c:\\Program Files\\eRightSoft\\SUPER\\SUPER.exe"
"DisplayVersion"="Version 2007.bld.22 (Mar 14, 2007)"
"VersionMajor"=dword:00000000
"VersionMinor"=dword:00000000
"Publisher"="eRightSoft"
"HelpLink"="http://www.eRightSoft.com"
"URLInfoAbout"="http://www.eRightSoft.com"
"URLUpdateInfo"="http://www.eRightSoft.com"
"Contact"="[email protected]"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\k"Yv?*崝~j泡NkfZlo]
"DisplayName"="贗毀夢蝶 橾瞪歎婦葬濠"
"UninstallString"="c:\\WINDOWS\\system32\\clubboxuninstall.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Profile\Station\-?[1*]
"SSID"="linksys"
"Channel"="1"
"NetworkType"="1"
"PreambleType"="2"
"ACPowerCam"="0"
"PSMode"="0"
"TXPower"="0"
"UseRts"="0"
"RtsThresh"="2347"
"UseFrag"="0"
"FragThresh"="2346"
"AuthenType"="0"
"Encryption"="1"
"LeapEnabled"="0"
"LeapUserName"=""
"LeapPassword"=""
"LeapEncryType"="0"
"WPAPSK"=""
"WEPKeyUse"="1"
"WEPKey1Type"="0"
"WEPKey2Type"="0"
"WEPKey3Type"="0"
"WEPKey4Type"="0"
"WEPKey1"=""
"WEPKey2"=""
"WEPKey3"=""
"WEPKey4"=""
"Use8021X"="0"
"AuthenProtocol"="0"
"TunnelProtocol"="26"
"ProvisioningTunnel"="26"
"ID"=""
"Password"=""
"TunnelID"=""
"TunnelPassword"=""
"SessionResumption"="0"
"PasswordMode"="1"
"UseClientCert"="0"
"UseServerCert"="0"
"UsePAC"="0"
"ProvisionMode"="1"
"PACFilePath"=""
"ClientCertLen"="0"
"ClientCertData"=""
"ServerCertLen"="0"
"ServerCertData"=""
"ServerName"=""
"NameRule"="0"
"IntermediateCert"="0"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Profile\Station\-?[2*]
"SSID"="TP-LINK"
"Channel"="1"
"NetworkType"="1"
"PreambleType"="2"
"ACPowerCam"="0"
"PSMode"="0"
"TXPower"="0"
"UseRts"="0"
"RtsThresh"="2347"
"UseFrag"="0"
"FragThresh"="2346"
"AuthenType"="0"
"Encryption"="1"
"LeapEnabled"="0"
"LeapUserName"=""
"LeapPassword"=""
"LeapEncryType"="0"
"WPAPSK"=""
"WEPKeyUse"="1"
"WEPKey1Type"="0"
"WEPKey2Type"="0"
"WEPKey3Type"="0"
"WEPKey4Type"="0"
"WEPKey1"=""
"WEPKey2"=""
"WEPKey3"=""
"WEPKey4"=""
"Use8021X"="0"
"AuthenProtocol"="0"
"TunnelProtocol"="26"
"ProvisioningTunnel"="26"
"ID"=""
"Password"=""
"TunnelID"=""
"TunnelPassword"=""
"SessionResumption"="0"
"PasswordMode"="1"
"UseClientCert"="0"
"UseServerCert"="0"
"UsePAC"="0"
"ProvisionMode"="1"
"PACFilePath"=""
"ClientCertLen"="0"
"ClientCertData"=""
"ServerCertLen"="0"
"ServerCertData"=""
"ServerName"=""
"NameRule"="0"
"IntermediateCert"="0"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Profile\Station\-?[3*]
"SSID"="linksys"
"Channel"="1"
"NetworkType"="1"
"PreambleType"="2"
"ACPowerCam"="0"
"PSMode"="0"
"TXPower"="0"
"UseRts"="0"
"RtsThresh"="2347"
"UseFrag"="0"
"FragThresh"="2346"
"AuthenType"="0"
"Encryption"="1"
"LeapEnabled"="0"
"LeapUserName"=""
"LeapPassword"=""
"LeapEncryType"="0"
"WPAPSK"=""
"WEPKeyUse"="1"
"WEPKey1Type"="0"
"WEPKey2Type"="0"
"WEPKey3Type"="0"
"WEPKey4Type"="0"
"WEPKey1"=""
"WEPKey2"=""
"WEPKey3"=""
"WEPKey4"=""
"Use8021X"="0"
"AuthenProtocol"="0"
"TunnelProtocol"="26"
"ProvisioningTunnel"="26"
"ID"=""
"Password"=""
"TunnelID"=""
"TunnelPassword"=""
"SessionResumption"="0"
"PasswordMode"="1"
"UseClientCert"="0"
"UseServerCert"="0"
"UsePAC"="0"
"ProvisionMode"="1"
"PACFilePath"=""
"ClientCertLen"="0"
"ClientCertData"=""
"ServerCertLen"="0"
"ServerCertData"=""
"ServerName"=""
"NameRule"="0"
"IntermediateCert"="0"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Profile\Station\-?[4*]
"SSID"="linksys"
"Channel"="1"
"NetworkType"="1"
"PreambleType"="2"
"ACPowerCam"="0"
"PSMode"="0"
"TXPower"="0"
"UseRts"="0"
"RtsThresh"="2347"
"UseFrag"="0"
"FragThresh"="2346"
"AuthenType"="0"
"Encryption"="1"
"LeapEnabled"="0"
"LeapUserName"=""
"LeapPassword"=""
"LeapEncryType"="0"
"WPAPSK"=""
"WEPKeyUse"="1"
"WEPKey1Type"="0"
"WEPKey2Type"="0"
"WEPKey3Type"="0"
"WEPKey4Type"="0"
"WEPKey1"=""
"WEPKey2"=""
"WEPKey3"=""
"WEPKey4"=""
"Use8021X"="0"
"AuthenProtocol"="0"
"TunnelProtocol"="26"
"ProvisioningTunnel"="26"
"ID"=""
"Password"=""
"TunnelID"=""
"TunnelPassword"=""
"SessionResumption"="0"
"PasswordMode"="1"
"UseClientCert"="0"
"UseServerCert"="0"
"UsePAC"="0"
"ProvisionMode"="1"
"PACFilePath"=""
"ClientCertLen"="0"
"ClientCertData"=""
"ServerCertLen"="0"
"ServerCertData"=""
"ServerName"=""
"NameRule"="0"
"IntermediateCert"="0"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015\Profile\Station\-?[1*]
"SSID"="TP-LINK"
"Channel"="1"
"NetworkType"="1"
"PreambleType"="2"
"ACPowerCam"="0"
"PSMode"="0"
"TXPower"="0"
"UseRts"="0"
"RtsThresh"="2347"
"UseFrag"="0"
"FragThresh"="2346"
"AuthenType"="0"
"Encryption"="1"
"LeapEnabled"="0"
"LeapUserName"=""
"LeapPassword"=""
"LeapEncryType"="0"
"WPAPSK"=""
"WEPKeyUse"="1"
"WEPKey1Type"="0"
"WEPKey2Type"="0"
"WEPKey3Type"="0"
"WEPKey4Type"="0"
"WEPKey1"=""
"WEPKey2"=""
"WEPKey3"=""
"WEPKey4"=""
"Use8021X"="0"
"AuthenProtocol"="0"
"TunnelProtocol"="26"
"ProvisioningTunnel"="26"
"ID"=""
"Password"=""
"TunnelID"=""
"TunnelPassword"=""
"SessionResumption"="0"
"PasswordMode"="1"
"UseClientCert"="0"
"UseServerCert"="0"
"UsePAC"="0"
"ProvisionMode"="1"
"PACFilePath"=""
"ClientCertLen"="0"
"ClientCertData"=""
"ServerCertLen"="0"
"ServerCertData"=""
"ServerName"=""
"NameRule"="0"
"IntermediateCert"="0"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015\Profile\Station\-?[2*]
"SSID"="default"
"Channel"="1"
"NetworkType"="1"
"PreambleType"="2"
"ACPowerCam"="0"
"PSMode"="0"
"TXPower"="0"
"UseRts"="0"
"RtsThresh"="2347"
"UseFrag"="0"
"FragThresh"="2346"
"AuthenType"="0"
"Encryption"="1"
"LeapEnabled"="0"
"LeapUserName"=""
"LeapPassword"=""
"LeapEncryType"="0"
"WPAPSK"=""
"WEPKeyUse"="1"
"WEPKey1Type"="0"
"WEPKey2Type"="0"
"WEPKey3Type"="0"
"WEPKey4Type"="0"
"WEPKey1"=""
"WEPKey2"=""
"WEPKey3"=""
"WEPKey4"=""
"Use8021X"="0"
"AuthenProtocol"="0"
"TunnelProtocol"="26"
"ProvisioningTunnel"="26"
"ID"=""
"Password"=""
"TunnelID"=""
"TunnelPassword"=""
"SessionResumption"="0"
"PasswordMode"="1"
"UseClientCert"="0"
"UseServerCert"="0"
"UsePAC"="0"
"ProvisionMode"="1"
"PACFilePath"=""
"ClientCertLen"="0"
"ClientCertData"=""
"ServerCertLen"="0"
"ServerCertData"=""
"ServerName"=""
"NameRule"="0"
"IntermediateCert"="0"
.
完成時間: 2009-10-24 21:43
ComboFix-quarantined-files.txt 2009-10-24 13:43

Pre-Run: 15,391,064,064 位元組可用
Post-Run: 15,369,338,880 位元組可用

- - End Of File - - F813AD623E7853D45480F80B38C83B86

Attached Thumbnails

  • Avira.JPG

  • 0

#6
Extremeboy
Posted 24 October 2009 - 03:58 PM

Extremeboy

    Malware Removal Staff

  • Retired Staff
  • 824 posts
Hello.

What Avira detected appears to be related to Avast. Do you know why that happens?

This is because you have two anti-virus softwares installed...

avast! Antivirus

and

Avira AntiVir Personal - Free Antivirus

You should never have 2 anti-virus softwares installed and running at the same time. Why?

2 Anti-virus/Firewall Programs Running Simultaenously Warning

I do not recommend that you have more than one anti virus or firewall product installed and running on your computer at a time. In addition to wasting resources, if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Avast! Anti-Virus or Avira AntiVir Personal - Free Antivirus.

Please uninstall them until you are only running one antivirus using Add/Remove Programs if you are using XP or remove it via Programs and Features if you are using Vista.

Download and run DDS

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results soon.
  • Follow the instructions that pop up for posting the results and then click Ok.
  • The black and message box window shall then disappear.
  • Please save both log files on your desktop and post the DDS.txt and zip up and attach Attach.txt as instructed.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Thanks.

With Regards,
Extremeboy
  • 0

#7
Double.C
Posted 26 October 2009 - 06:58 AM

Double.C

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Finally... i had remove Avira..

DDS-----------


DDS (Ver_09-10-26.01) - NTFSx86
Run by Christine Chow at 20:51:16.43 on 26/10/2009 Mon
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.950.852.1028.18.1535.969 [GMT 8:00]

AV: avast! antivirus 4.8.1351 [VPS 091025-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\control.exe
C:\Documents and Settings\Christine Chow\桌面\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hk.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://hk.rd.yahoo.com/customize/ycomp/defaults/su/*http://hk.yahoo.com
uURLSearchHooks: Yahoo! 工具列: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: WebThunder Browser Helper: {00000aaa-a363-466e-bef5-9bb68697aa7f} - c:\program files\thunder network\webthunder\WebThunderBHO_Now.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: IE2EMBHO Class: {0a0ddbd3-6641-40b9-873f-bbdd26d6c14e} - c:\program files\easymule\modules\IE2EM.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avgls\avgssie.dll
BHO: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live 登入小幫手: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! 工具列: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {00000000-0002-0002-0000-000000000000} - No File
EB: 討論(&D): {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
IE: &U使用?米机器人下?并收藏 - c:\program files\namirobot\data\du.html
IE: &U妏蚚馨譙儂狟婥甜彶紲 - c:\program files\namirobot\data\du.html
IE: &使用 FlashGet 下載 - c:\program files\flashget\jc_link.htm
IE: &全部使用 FlashGet 下載 - c:\program files\flashget\jc_all.htm
IE: 使用電驢下載 - c:\program files\easymule\IE2EM.htm
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: 妏蚚iTudou狟婥誹醴 - c:\program files\tudou\itudou\iTudou_Link.HTM
IE: 妏蚚Web捃濘狟婥 - c:\program files\thunder network\webthunder\GetUrl.htm
IE: 妏蚚Web捃濘狟婥窒蟈諉 - c:\program files\thunder network\webthunder\GetAllUrl.htm
IE: 設為 Messenger Live 頭像 - c:\program files\msnshell\bin\SetMSNDP.htm
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\program files\tencent\qq\QQ.EXE
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - {39732CE5-0EE6-401A-A0B2-27F46B755C5B}
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} - hxxp://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {15EDD727-C89B-4639-8157-A731271E2EA6} - hxxp://update2.pcziggy.co.kr/update/ASP/ASP/Pdbox/PCZiggy.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} - hxxp://211.233.36.135/cab/cibrowser12.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9331EBA1-CE35-4608-8604-39399E4826ED} - hxxp://fs1.tw.cyworld.com/common/activex/CyImgTaiwan.cab
DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab
DPF: {BD6F8792-B90E-4431-B0AB-08CF414E9D35} - hxxp://bgm.iple.com/Cab/SMMusicPlayerX.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} - hxxp://tw.cyworld.com/common/activex/P3Instal.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EDEDED2E-A0A6-4085-BC52-A95255A96DBD} - hxxp://fs17u.cyworld.com.cn/common/activex/CyImgChina.cab
TCP: {B8908FA3-AB07-47AE-A1C3-3CC2347EF119} = 192.168.11.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\christ~1\applic~1\mozilla\firefox\profiles\r0k939qy.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!擐葛 蝬脤???
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\christine chow\application data\mozilla\firefox\profiles\r0k939qy.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\christine chow\application data\mozilla\firefox\profiles\r0k939qy.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files\real\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npaliedit.dll
FF - plugin: c:\program files\real\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\netscape6\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-23 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-20 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-7 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-7 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-20 348752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-3-25 2368]
R3 Alidevice;Alidevice;c:\windows\system32\drivers\alidevice.sys [2009-10-25 6656]
S2 gupdate1c9a99f754b4572;Google Update Service (gupdate1c9a99f754b4572);c:\program files\google\update\GoogleUpdate.exe [2009-3-21 133104]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

============== File Associations ===============

txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2009-10-24 16:42:54 6656 ----a-w- c:\windows\system32\drivers\alidevice.sys
2009-10-22 16:09:53 66594 -c--a-w- c:\windows\system32\dllcache\c_862.nls
2009-10-22 15:47:21 0 d-----w- c:\windows\system32\ar-sa
2009-10-22 15:47:17 0 d-----w- c:\windows\system32\pt-br
2009-10-22 15:47:17 0 d-----w- c:\windows\system32\bg-bg
2009-10-22 15:47:13 0 d-----w- c:\windows\system32\zh-cn
2009-10-22 15:47:06 0 d-----w- c:\windows\system32\cs-cz
2009-10-22 15:47:02 0 d-----w- c:\windows\system32\da-dk
2009-10-20 14:23:15 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-20 14:23:06 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-20 14:23:06 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-20 14:22:59 0 d-----w- c:\program files\common files\PC Tools
2009-10-20 14:22:58 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-20 14:22:53 0 d-----w- c:\program files\Spyware Doctor
2009-10-20 14:22:53 0 d-----w- c:\docume~1\christ~1\applic~1\PC Tools
2009-10-20 14:22:53 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-20 14:16:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-20 14:16:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-20 14:16:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 16:20:48 0 d-----w- c:\documents and settings\christine chow\DoctorWeb
2009-10-19 16:03:02 79 ----a-w- c:\windows\system32\fscagent.ini.tmp
2009-10-19 15:52:52 0 d-----w- C:\_OTM
2009-10-19 15:22:29 0 d-----w- c:\docume~1\christ~1\applic~1\Malwarebytes
2009-10-19 15:22:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-19 15:07:50 0 d-----w- c:\docume~1\christ~1\applic~1\AVG8
2009-10-19 14:23:50 0 d-----w- c:\program files\Enigma Software Group
2009-10-18 13:32:14 0 d-----w- c:\program files\arswp3
2009-10-18 13:00:29 0 d-sha-r- C:\cmdcons
2009-10-18 12:58:31 236544 ----a-w- c:\windows\PEV.exe
2009-10-18 12:58:31 161792 ----a-w- c:\windows\SWREG.exe
2009-10-18 12:58:30 98816 ----a-w- c:\windows\sed.exe
2009-10-18 06:52:30 0 d-----w- c:\program files\Trend Micro
2009-10-17 16:21:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-15 16:56:05 0 d-----w- c:\docume~1\christ~1\applic~1\FireShot
2009-10-14 12:45:57 0 d-----w- c:\program files\Poladroid
2009-10-14 09:47:08 0 d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft
2009-10-12 15:44:58 2560 ----a-w- c:\windows\system32\bitcometres.dll
2009-10-12 15:39:33 361600 ----a-w- c:\windows\system32\drivers\tcpip.copy
2009-10-11 16:50:49 0 d-----w- c:\program files\eREAD
2009-10-06 17:31:09 0 d-----w- C:\My Music
2009-10-02 15:59:16 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-01 16:26:22 0 d-----w- c:\windows\Digital Ear
2009-10-01 16:14:36 0 d-----w- c:\program files\VSTPlugins
2009-10-01 16:14:36 0 d-----w- c:\docume~1\christ~1\applic~1\Geniesoft
2009-09-30 15:30:10 0 d-----w- c:\program files\Boilsoft Video Splitter
2009-09-26 20:25:18 22 ----a-w- c:\windows\Kruptos.INI

==================== Find3M ====================

2009-10-17 16:21:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-13 19:17:52 383860 ----a-w- c:\windows\system32\prfh0404.dat
2009-10-13 19:17:52 150070 ----a-w- c:\windows\system32\prfc0404.dat
2009-10-12 15:41:52 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-21 15:43:31 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-11 14:17:19 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 04:50:10 26012 ----a-w- c:\windows\fonts\Initialized.ttf
2009-09-04 21:03:03 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:54:35 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00:24 246814 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 15:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 15:57:08 21140 ----a-w- c:\windows\fonts\GothStencil.ttf
2009-08-06 11:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 11:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 08:59:41 201728 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:26:02 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:26:02 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-01-07 04:31:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010720090108\index.dat

============= FINISH: 20:51:42.14 ===============

Attached Files


  • 0

#8
Extremeboy
Posted 26 October 2009 - 01:58 PM

Extremeboy

    Malware Removal Staff

  • Retired Staff
  • 824 posts
Hi.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Take a new DDS run afterward and post back with only the DDS.txt log and let me know how your computer is running.

With Regards,
Extremeboy
  • 0

#9
Double.C
Posted 27 October 2009 - 09:22 AM

Double.C

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here comes with my MBAM & DDS log..

MBAM---------
Malwarebytes' Anti-Malware 1.41
Database version: 3040
Windows 5.1.2600 Service Pack 3

27/10/2009 11:16:21
mbam-log-2009-10-27 (23-16-21).txt

Scan type: Quick Scan
Objects scanned: 118002
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS-----------------

DDS (Ver_09-10-26.01) - NTFSx86
Run by Christine Chow at 23:16:53.98 on 27/10/2009 Tue
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.950.852.1028.18.1535.961 [GMT 8:00]

AV: avast! antivirus 4.8.1351 [VPS 091026-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Christine Chow\桌面\dds.scr
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hk.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://hk.rd.yahoo.com/customize/ycomp/defaults/su/*http://hk.yahoo.com
uURLSearchHooks: Yahoo! 工具列: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: WebThunder Browser Helper: {00000aaa-a363-466e-bef5-9bb68697aa7f} - c:\program files\thunder network\webthunder\WebThunderBHO_Now.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: IE2EMBHO Class: {0a0ddbd3-6641-40b9-873f-bbdd26d6c14e} - c:\program files\easymule\modules\IE2EM.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avgls\avgssie.dll
BHO: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live 登入小幫手: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! 工具列: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {00000000-0002-0002-0000-000000000000} - No File
EB: 討論(&D): {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
IE: &U使用?米机器人下?并收藏 - c:\program files\namirobot\data\du.html
IE: &U妏蚚馨譙儂狟婥甜彶紲 - c:\program files\namirobot\data\du.html
IE: &使用 FlashGet 下載 - c:\program files\flashget\jc_link.htm
IE: &全部使用 FlashGet 下載 - c:\program files\flashget\jc_all.htm
IE: 使用電驢下載 - c:\program files\easymule\IE2EM.htm
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: 妏蚚iTudou狟婥誹醴 - c:\program files\tudou\itudou\iTudou_Link.HTM
IE: 妏蚚Web捃濘狟婥 - c:\program files\thunder network\webthunder\GetUrl.htm
IE: 妏蚚Web捃濘狟婥窒蟈諉 - c:\program files\thunder network\webthunder\GetAllUrl.htm
IE: 設為 Messenger Live 頭像 - c:\program files\msnshell\bin\SetMSNDP.htm
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\program files\tencent\qq\QQ.EXE
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - {39732CE5-0EE6-401A-A0B2-27F46B755C5B}
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} - hxxp://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {15EDD727-C89B-4639-8157-A731271E2EA6} - hxxp://update2.pcziggy.co.kr/update/ASP/ASP/Pdbox/PCZiggy.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} - hxxp://211.233.36.135/cab/cibrowser12.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9331EBA1-CE35-4608-8604-39399E4826ED} - hxxp://fs1.tw.cyworld.com/common/activex/CyImgTaiwan.cab
DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab
DPF: {BD6F8792-B90E-4431-B0AB-08CF414E9D35} - hxxp://bgm.iple.com/Cab/SMMusicPlayerX.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} - hxxp://tw.cyworld.com/common/activex/P3Instal.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EDEDED2E-A0A6-4085-BC52-A95255A96DBD} - hxxp://fs17u.cyworld.com.cn/common/activex/CyImgChina.cab
TCP: {B8908FA3-AB07-47AE-A1C3-3CC2347EF119} = 192.168.11.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\christ~1\applic~1\mozilla\firefox\profiles\r0k939qy.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!擐葛 蝬脤???
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\christine chow\application data\mozilla\firefox\profiles\r0k939qy.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\christine chow\application data\mozilla\firefox\profiles\r0k939qy.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files\real\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npaliedit.dll
FF - plugin: c:\program files\real\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\netscape6\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-23 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-20 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-7 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-7 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-20 348752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-3-25 2368]
R3 Alidevice;Alidevice;c:\windows\system32\drivers\alidevice.sys [2009-10-25 6656]
S2 gupdate1c9a99f754b4572;Google Update Service (gupdate1c9a99f754b4572);c:\program files\google\update\GoogleUpdate.exe [2009-3-21 133104]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

============== File Associations ===============

txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2009-10-26 13:54:51 60 ----a-w- c:\windows\MediaList.ini
2009-10-24 16:42:54 6656 ----a-w- c:\windows\system32\drivers\alidevice.sys
2009-10-22 16:09:53 66594 -c--a-w- c:\windows\system32\dllcache\c_862.nls
2009-10-22 15:47:21 0 d-----w- c:\windows\system32\ar-sa
2009-10-22 15:47:17 0 d-----w- c:\windows\system32\pt-br
2009-10-22 15:47:17 0 d-----w- c:\windows\system32\bg-bg
2009-10-22 15:47:13 0 d-----w- c:\windows\system32\zh-cn
2009-10-22 15:47:06 0 d-----w- c:\windows\system32\cs-cz
2009-10-22 15:47:02 0 d-----w- c:\windows\system32\da-dk
2009-10-20 14:23:15 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-20 14:23:06 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-20 14:23:06 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-20 14:22:59 0 d-----w- c:\program files\common files\PC Tools
2009-10-20 14:22:58 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-20 14:22:53 0 d-----w- c:\program files\Spyware Doctor
2009-10-20 14:22:53 0 d-----w- c:\docume~1\christ~1\applic~1\PC Tools
2009-10-20 14:22:53 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-20 14:16:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-20 14:16:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-20 14:16:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 16:20:48 0 d-----w- c:\documents and settings\christine chow\DoctorWeb
2009-10-19 16:03:02 79 ----a-w- c:\windows\system32\fscagent.ini.tmp
2009-10-19 15:52:52 0 d-----w- C:\_OTM
2009-10-19 15:22:29 0 d-----w- c:\docume~1\christ~1\applic~1\Malwarebytes
2009-10-19 15:22:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-19 15:07:50 0 d-----w- c:\docume~1\christ~1\applic~1\AVG8
2009-10-19 14:23:50 0 d-----w- c:\program files\Enigma Software Group
2009-10-18 13:32:14 0 d-----w- c:\program files\arswp3
2009-10-18 13:00:29 0 d-sha-r- C:\cmdcons
2009-10-18 12:58:31 236544 ----a-w- c:\windows\PEV.exe
2009-10-18 12:58:31 161792 ----a-w- c:\windows\SWREG.exe
2009-10-18 12:58:30 98816 ----a-w- c:\windows\sed.exe
2009-10-18 06:52:30 0 d-----w- c:\program files\Trend Micro
2009-10-17 16:21:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-15 16:56:05 0 d-----w- c:\docume~1\christ~1\applic~1\FireShot
2009-10-14 12:45:57 0 d-----w- c:\program files\Poladroid
2009-10-14 09:47:08 0 d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft
2009-10-12 15:44:58 2560 ----a-w- c:\windows\system32\bitcometres.dll
2009-10-12 15:39:33 361600 ----a-w- c:\windows\system32\drivers\tcpip.copy
2009-10-11 16:50:49 0 d-----w- c:\program files\eREAD
2009-10-06 17:31:09 0 d-----w- C:\My Music
2009-10-02 15:59:16 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-01 16:26:22 0 d-----w- c:\windows\Digital Ear
2009-10-01 16:14:36 0 d-----w- c:\program files\VSTPlugins
2009-10-01 16:14:36 0 d-----w- c:\docume~1\christ~1\applic~1\Geniesoft
2009-09-30 15:30:10 0 d-----w- c:\program files\Boilsoft Video Splitter

==================== Find3M ====================

2009-10-17 16:21:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-13 19:17:52 383860 ----a-w- c:\windows\system32\prfh0404.dat
2009-10-13 19:17:52 150070 ----a-w- c:\windows\system32\prfc0404.dat
2009-10-12 15:41:52 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-21 15:43:31 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-11 14:17:19 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 04:50:10 26012 ----a-w- c:\windows\fonts\Initialized.ttf
2009-09-04 21:03:03 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:54:35 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00:24 246814 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 15:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 15:57:08 21140 ----a-w- c:\windows\fonts\GothStencil.ttf
2009-08-06 11:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 11:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 08:59:41 201728 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:26:02 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:26:02 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-01-07 04:31:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010720090108\index.dat

============= FINISH: 23:17:39.39 ===============

seems my computer rum smoother then before...
but since i had remove Avira, no more warning text pop up ..so i am not sure my computer is clear already ^_^
  • 0

#10
Extremeboy
Posted 28 October 2009 - 03:37 PM

Extremeboy

    Malware Removal Staff

  • Retired Staff
  • 824 posts
That looks good. You may wish to run an online scan to make sure...

Run ESET Online Scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
You can refer to this animation by neomage if needed.
  • 0

Advertisements

#11
Double.C
Posted 30 October 2009 - 09:21 PM

Double.C

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
oh....my computer seems clean~~~yeah!!! Thanks.

Attached Thumbnails

  • eset.jpg

Edited by Double.C, 30 October 2009 - 09:25 PM.

  • 0

#12
Extremeboy
Posted 31 October 2009 - 11:49 AM

Extremeboy

    Malware Removal Staff

  • Retired Staff
  • 824 posts
That's good. One last checkup though.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
  • 0

#13
Double.C
Posted 03 November 2009 - 11:10 AM

Double.C

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here comes with my DDS log


DDS (Ver_09-10-26.01) - NTFSx86
Run by Christine Chow at 1:07:23.90 on 04/11/2009 Wed
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.950.852.1028.18.1535.516 [GMT 8:00]

AV: avast! antivirus 4.8.1351 [VPS 091103-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\LG Electronics\LG PC Suite III\LG_PCSuiteIII.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Christine Chow\桌面\*制造器\防毒\dds.scr
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/home.php
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://hk.rd.yahoo.com/customize/ycomp/defaults/su/*http://hk.yahoo.com
uURLSearchHooks: Yahoo! 工具列: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: WebThunder Browser Helper: {00000aaa-a363-466e-bef5-9bb68697aa7f} - c:\program files\thunder network\webthunder\WebThunderBHO_Now.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: IE2EMBHO Class: {0a0ddbd3-6641-40b9-873f-bbdd26d6c14e} - c:\program files\easymule\modules\IE2EM.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avgls\avgssie.dll
BHO: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live 登入小幫手: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! 工具列: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {00000000-0002-0002-0000-000000000000} - No File
EB: 討論(&D): {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
IE: &U使用?米机器人下?并收藏 - c:\program files\namirobot\data\du.html
IE: &U妏蚚馨譙儂狟婥甜彶紲 - c:\program files\namirobot\data\du.html
IE: &使用 FlashGet 下載 - c:\program files\flashget\jc_link.htm
IE: &全部使用 FlashGet 下載 - c:\program files\flashget\jc_all.htm
IE: 使用電驢下載 - c:\program files\easymule\IE2EM.htm
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: 妏蚚iTudou狟婥誹醴 - c:\program files\tudou\itudou\iTudou_Link.HTM
IE: 妏蚚Web捃濘狟婥 - c:\program files\thunder network\webthunder\GetUrl.htm
IE: 妏蚚Web捃濘狟婥窒蟈諉 - c:\program files\thunder network\webthunder\GetAllUrl.htm
IE: 設為 Messenger Live 頭像 - c:\program files\msnshell\bin\SetMSNDP.htm
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\program files\tencent\qq\QQ.EXE
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - {39732CE5-0EE6-401A-A0B2-27F46B755C5B}
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} - hxxp://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {15EDD727-C89B-4639-8157-A731271E2EA6} - hxxp://update2.pcziggy.co.kr/update/ASP/ASP/Pdbox/PCZiggy.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} - hxxp://211.233.36.135/cab/cibrowser12.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9331EBA1-CE35-4608-8604-39399E4826ED} - hxxp://fs1.tw.cyworld.com/common/activex/CyImgTaiwan.cab
DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab
DPF: {BD6F8792-B90E-4431-B0AB-08CF414E9D35} - hxxp://bgm.iple.com/Cab/SMMusicPlayerX.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} - hxxp://tw.cyworld.com/common/activex/P3Instal.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EDEDED2E-A0A6-4085-BC52-A95255A96DBD} - hxxp://fs17u.cyworld.com.cn/common/activex/CyImgChina.cab
TCP: {B8908FA3-AB07-47AE-A1C3-3CC2347EF119} = 192.168.11.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\christ~1\applic~1\mozilla\firefox\profiles\r0k939qy.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!擐葛 蝬脤???
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\christine chow\application data\mozilla\firefox\profiles\r0k939qy.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\christine chow\application data\mozilla\firefox\profiles\r0k939qy.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files\real\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npaliedit.dll
FF - plugin: c:\program files\real\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\netscape6\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-20 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-7 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-7 20560]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-20 348752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-3-25 2368]
R3 Alidevice;Alidevice;c:\windows\system32\drivers\alidevice.sys [2009-10-25 6656]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate1c9a99f754b4572;Google Update Service (gupdate1c9a99f754b4572);c:\program files\google\update\GoogleUpdate.exe [2009-3-21 133104]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUsb.sys [2009-11-2 16896]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

============== File Associations ===============

txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2009-11-02 15:15:56 90112 ----a-w- c:\windows\LGMobileDL.dll
2009-11-02 15:15:56 40960 ----a-w- c:\windows\Sublock.dll
2009-11-02 15:15:56 258048 ----a-w- c:\windows\esn.dll
2009-11-02 15:15:56 221291 ----a-w- c:\windows\Imei_dll.dll
2009-11-02 15:15:56 180224 ----a-w- c:\windows\AuthDll.dll
2009-11-02 15:05:30 0 d-----w- C:\Sounds
2009-11-02 15:03:19 16896 ----a-w- c:\windows\system32\drivers\FlashUsb.sys
2009-11-02 15:03:18 0 d-----w- c:\program files\infineon
2009-11-02 14:58:28 0 d-----w- C:\KM900
2009-11-02 14:56:37 53248 ----a-w- c:\windows\system32\CommonDL.dll
2009-11-02 14:56:37 2412 ----a-w- c:\windows\system32\lgAxconfig.ini
2009-11-02 14:56:33 0 d-----w- c:\docume~1\alluse~1\applic~1\LGMOBILEAX
2009-11-01 16:49:40 630784 ----a-w- c:\windows\system32\vsflex8u.ocx
2009-11-01 16:49:40 419240 ----a-w- c:\windows\system32\Vsflex7L.ocx
2009-11-01 16:49:40 244416 ----a-w- c:\windows\system32\Msflxgrd.ocx
2009-11-01 16:49:40 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-11-01 16:49:28 0 d-----w- c:\docume~1\christ~1\applic~1\LG Electronics
2009-11-01 16:48:45 0 d-----w- c:\program files\LG Electronics
2009-10-28 15:43:00 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-28 14:47:38 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-28 14:47:29 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-28 14:47:29 0 d-----w- c:\docume~1\christ~1\applic~1\SUPERAntiSpyware.com
2009-10-28 14:37:20 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-27 15:56:34 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-26 13:54:51 60 ----a-w- c:\windows\MediaList.ini
2009-10-24 16:42:54 6656 ----a-w- c:\windows\system32\drivers\alidevice.sys
2009-10-22 16:09:53 66594 -c--a-w- c:\windows\system32\dllcache\c_862.nls
2009-10-22 15:47:21 0 d-----w- c:\windows\system32\ar-sa
2009-10-22 15:47:17 0 d-----w- c:\windows\system32\pt-br
2009-10-22 15:47:17 0 d-----w- c:\windows\system32\bg-bg
2009-10-22 15:47:13 0 d-----w- c:\windows\system32\zh-cn
2009-10-22 15:47:06 0 d-----w- c:\windows\system32\cs-cz
2009-10-22 15:47:02 0 d-----w- c:\windows\system32\da-dk
2009-10-20 14:23:15 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-20 14:23:06 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-20 14:23:06 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-20 14:22:59 0 d-----w- c:\program files\common files\PC Tools
2009-10-20 14:22:58 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-20 14:22:53 0 d-----w- c:\program files\Spyware Doctor
2009-10-20 14:22:53 0 d-----w- c:\docume~1\christ~1\applic~1\PC Tools
2009-10-20 14:22:53 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-20 14:16:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-20 14:16:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-20 14:16:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 16:20:48 0 d-----w- c:\documents and settings\christine chow\DoctorWeb
2009-10-19 16:03:02 79 ----a-w- c:\windows\system32\fscagent.ini.tmp
2009-10-19 15:52:52 0 d-----w- C:\_OTM
2009-10-19 15:22:29 0 d-----w- c:\docume~1\christ~1\applic~1\Malwarebytes
2009-10-19 15:22:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-19 15:07:50 0 d-----w- c:\docume~1\christ~1\applic~1\AVG8
2009-10-19 14:23:50 0 d-----w- c:\program files\Enigma Software Group
2009-10-18 13:32:14 0 d-----w- c:\program files\arswp3
2009-10-18 13:00:29 0 d-sha-r- C:\cmdcons
2009-10-18 12:58:31 236544 ----a-w- c:\windows\PEV.exe
2009-10-18 12:58:31 161792 ----a-w- c:\windows\SWREG.exe
2009-10-18 12:58:30 98816 ----a-w- c:\windows\sed.exe
2009-10-18 06:52:30 0 d-----w- c:\program files\Trend Micro
2009-10-17 16:21:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-15 16:56:05 0 d-----w- c:\docume~1\christ~1\applic~1\FireShot
2009-10-14 12:45:57 0 d-----w- c:\program files\Poladroid
2009-10-14 09:47:08 0 d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft
2009-10-12 15:44:58 2560 ----a-w- c:\windows\system32\bitcometres.dll
2009-10-12 15:39:33 361600 ----a-w- c:\windows\system32\drivers\tcpip.copy
2009-10-11 16:50:49 0 d-----w- c:\program files\eREAD
2009-10-06 17:31:09 0 d-----w- C:\My Music

==================== Find3M ====================

2009-10-17 16:21:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-13 19:17:52 383860 ----a-w- c:\windows\system32\prfh0404.dat
2009-10-13 19:17:52 150070 ----a-w- c:\windows\system32\prfc0404.dat
2009-10-12 15:41:52 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-11 14:17:19 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 04:50:10 26012 ----a-w- c:\windows\fonts\Initialized.ttf
2009-09-04 21:03:03 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:54:35 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00:24 246814 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 15:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 15:57:08 21140 ----a-w- c:\windows\fonts\GothStencil.ttf
2009-08-06 11:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 11:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-01-07 04:31:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010720090108\index.dat

============= FINISH: 1:08:19.54 ===============

Attached Files


  • 0

#14
Extremeboy
Posted 03 November 2009 - 03:41 PM

Extremeboy

    Malware Removal Staff

  • Retired Staff
  • 824 posts

Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.


  • 0

#15
Double.C
Posted 06 November 2009 - 07:20 AM

Double.C

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Sorry for my late reply...

My computer is much more smoother then before...

Really thanks a lot..
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP