 Infection, Please Help, memory could not be read message appears |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 May 26 2008, 12:55 AM
Post
#1
|
|
|
Member  Group: Members Posts: 18 Joined: 25-May 08 Member No.: 211,210  |
I get a message which is about "memory could not be read" when I start my computer. I tried combofix before and it worked! However, the message appears again after several days. And this time, I cannot turn on the automatic prevention of Norton Internet Security. There is a cross on the Norton icon beside the time. Also, it seems that I cannot browse the anti-virus websites like symantec, kasperskyand ewido. I am from Hong Kong and using a computer in Chinese Language. The reports may contain some Chinese words. I am sorry about that. I don't know how to solve the problem and so try get help from here. Thank you very much and sorry for my poor English and the inconvenience caused when reading my reports. Deckard's System Scanner v20071014.68 Run by user on 2008-05-26 13:04:09 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 16: 2008-05-26 05:04:15 UTC - RP19 - Deckard's System Scanner Restore Point 15: 2008-05-26 04:32:49 UTC - RP18 - Installed MySQL Connector Net 5.0.5 14: 2008-05-26 04:32:25 UTC - RP17 - Installed MySQL Tools for 5.0 13: 2008-05-26 04:31:49 UTC - RP16 - Installed MySQL Connector/ODBC 3.51 12: 2008-05-26 04:31:02 UTC - RP15 - Installed MySQL Server 5.0 -- First Restore Point -- 1: 2008-05-25 20:19:49 UTC - RP4 - 系統檢查點 Backed up registry hives. Performed disk cleanup. System Drive C: has 2.3 GiB (less than 15%) free. -- HijackThis (run as user.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 下午 01:06:07, on 2008/5/26 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\GridService\peer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\Documents and Settings\user\桌面\dss.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid O4 - HKLM\..\Run: [ClubBox] nwiz.exe /install O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm O8 - Extra context menu item: Foxy 更 - res://C:\Program Files\Foxy\Foxy.exe/download.htm O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent2\QQ\AddToNetDisk.htm O8 - Extra context menu item: 使用影音傳送帶下載 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: 使用影音傳送帶下載全部連結 - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: 使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm O8 - Extra context menu item: 使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent2\QQ\AddPanel.htm O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent2\QQ\AddEmotion.htm O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent2\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent2\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent2\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent2\QQ\SendMMS.htm O9 - Extra button: 運行迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra 'Tools' menuitem: 運行迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {003FACAF-40CB-4358-96D2-B0D8CEF4DBF5} (SKeyHelper Class) - https://bet.hongkongjockeyclub.com/ib/skey/...cab/eWinCtl.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} (InstallHelper Class) - http://cache.tv.qq.com/qqlive_ocx/QQLiveInstaller.cab O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/147f98ffeffb7b...RdxIE601_tw.cab O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1192295777281 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab O16 - DPF: {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} (PhotoUploadCtrl Control) - http://qz-photo.qq.com/qzone_v4/QzoneMediaTools.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.co.kr/neo.fld/MultiUpload.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O23 - Service: 自動 LiveUpdate 排程器 - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- End of file - 12664 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 npkcrypt - c:\program files\tencent\qq\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver> S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing) S3 npkycryp - c:\program files\tencent\qq\npkycryp.sys (file missing) S3 snpstd (VideoCAM Eye) - c:\windows\system32\drivers\snpstd.sys (file missing) S3 usbbus (LGE Mobile Composite USB Device) - c:\windows\system32\drivers\lgusbbus.sys (file missing) S3 USBModem (LGE Mobile USB Modem) - c:\windows\system32\drivers\lgusbmodem.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 MySQL - "c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-02-22 20:39:52 498 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - 掃描我的電腦 - user.job -- Files created between 2008-04-26 and 2008-05-26 ----------------------------- 2008-05-26 12:31:02 0 d-------- C:\Program Files\MySQL 2008-05-26 12:18:55 16636 --a------ C:\WINDOWS\hosts 2008-05-26 10:56:55 68096 --a------ C:\WINDOWS\zip.exe 2008-05-26 10:56:55 49152 --a------ C:\WINDOWS\VFind.exe 2008-05-26 10:56:55 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-05-26 10:56:55 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-05-26 10:56:55 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-05-26 10:56:55 98816 --a------ C:\WINDOWS\sed.exe 2008-05-26 10:56:55 80412 --a------ C:\WINDOWS\grep.exe 2008-05-26 10:56:55 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-05-26 04:50:15 17055 --a------ C:\blok.exe 2008-05-25 17:32:24 0 dr-h----- C:\Documents and Settings\user\Recent 2008-05-18 18:55:15 0 d-------- C:\UFI_Backup 2008-05-16 19:38:33 16636 --a------ C:\WINDOWS\system32\drivers\hosts 2008-05-13 21:57:44 0 d-------- C:\Program Files\7-Zip 2008-05-13 21:06:01 0 d-------- C:\Documents and Settings\user\Application Data\WinRAR 2008-05-13 20:02:19 0 d-------- C:\Program Files\Apple Software Update 2008-05-13 20:02:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-05-05 04:32:43 0 d-------- C:\CheckOut 2008-04-29 19:24:19 685568 --a------ C:\killer_rodog.exe <KILLER~1.EXE> <Not Verified; ; Killer.exe> 2008-04-28 23:47:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2008-04-28 22:38:13 73728 --a------ C:\WINDOWS\antiRK.dll <Not Verified; 奇虎网; 360安全?士文件粉碎模块> 2008-04-28 08:14:24 0 d-------- C:\imgGrab 0504 -- Find3M Report --------------------------------------------------------------- 2008-05-26 13:05:49 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-05-26 12:38:11 0 d-------- C:\Documents and Settings\user\Application Data\MySQL 2008-05-26 12:32:59 240182 --a------ C:\WINDOWS\system32\prfh0404.dat 2008-05-26 12:32:59 76820 --a------ C:\WINDOWS\system32\prfc0404.dat 2008-05-26 11:03:42 0 d-------- C:\Program Files\Common Files 2008-05-26 03:53:38 0 d-------- C:\Documents and Settings\user\Application Data\uTorrent 2008-05-26 03:53:28 0 d-------- C:\Program Files\Norton Internet Security 2008-05-25 18:55:35 0 d-------- C:\Program Files\eMule 2008-05-19 16:51:16 0 d-------- C:\Program Files\360safe 2008-05-13 20:47:57 0 d-------- C:\Documents and Settings\user\Application Data\MegauploadToolbar 2008-05-13 20:05:33 0 d-------- C:\Program Files\QuickTime 2008-05-13 17:30:06 0 d-------- C:\Documents and Settings\user\Application Data\360Safe 2008-05-12 00:30:40 0 d-------- C:\Program Files\ExtraPlayer 2008-05-12 00:19:09 644 --a------ C:\WINDOWS\system32\cid_store.dat 2008-05-12 00:17:00 26 --a------ C:\WINDOWS\system32\xlhcc.dat 2008-04-28 23:48:43 0 d-------- C:\Program Files\Common Files\Adobe 2008-04-10 01:52:48 0 d-------- C:\Documents and Settings\user\Application Data\Adobe 2008-04-08 23:10:56 0 d-------- C:\Program Files\Trend Micro 2008-04-07 22:09:18 0 d-------- C:\Program Files\Google 2008-04-04 14:38:54 0 d-------- C:\Program Files\MegauploadToolbar 2008-04-01 22:07:02 1531904 -ra------ C:\WINDOWS\system32\clubbox.exe <Not Verified; Nowcom, Co. LTD.; CLUBBOX File Transfer Manager V2> 2008-04-01 22:06:30 155648 -ra------ C:\WINDOWS\system32\downengine.dll <Not Verified; (?)???; ClubBox> 2008-03-27 20:31:48 20 --a------ C:\WINDOWS\system32\pub_store.dat 2008-03-27 20:28:23 0 d-------- C:\Program Files\Thunder Network 2008-02-26 00:24:40 159744 -ra------ C:\WINDOWS\system32\fscagent.exe <Not Verified; Nowcom Co., Ltd.; FSCAgent> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008/02/12 上午 01:10] "SoundMan"="SOUNDMAN.EXE" [2004/08/30 下午 01:48 C:\WINDOWS\SOUNDMAN.EXE] "snpstd"="C:\WINDOWS\vsnpstd.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008/03/28 下午 11:37] "PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2003/07/14 下午 10:57] "nwiz"="nwiz.exe" [2006/01/17 上午 10:19 C:\WINDOWS\system32\nwiz.exe] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006/01/17 上午 10:19] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2001/09/05 下午 08:00] "Grid Service"="C:\Program Files\GridService\peer.exe" [2007/12/14 下午 04:22] "ClubBox"="nwiz.exe" [2006/01/17 上午 10:19 C:\WINDOWS\system32\nwiz.exe] "CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2003/07/14 下午 10:57] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006/05/19 下午 06:07] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008/01/11 下午 10:16] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008/04/04 下午 02:43] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2001/09/05 下午 08:00] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Shell"="C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\shell32.dll",Control_RunDLL "C:\WINDOWS\TEMP\dat54.tmp" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56256ba0-945b-11dc-acb2-00508d7a8158}] AutoRun\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe open\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe *Newly Created Service* - MYSQL [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.symantec.com 127.0.0.1 securityresponse.symantec.com 127.0.0.1 downloads1.kaspersky-labs.com 127.0.0.1 downloads2.kaspersky-labs.com 127.0.0.1 downloads3.kaspersky-labs.com 127.0.0.1 downloads4.kaspersky-labs.com 127.0.0.1 downloads5.kaspersky-labs.com 127.0.0.1 www.kaspersky-labs.com 127.0.0.1 symantec.com 127.0.0.1 www.sophos.com 525 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-05-26 13:06:54 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: Chinese CPU 0: AMD Athlon™ XP 2500+ Percentage of Memory in Use: 59% Physical Memory (total/avail): 511.48 MiB / 206.76 MiB Pagefile Memory (total/avail): 1250.07 MiB / 953.58 MiB Virtual Memory (total/avail): 2047.88 MiB / 1929.43 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 19.09 GiB total, 2.3 GiB free. D: is Fixed (FAT32) - 57.22 GiB total, 13.61 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) G: is Fixed (NTFS) - 146.48 GiB total, 47.85 GiB free. H: is Fixed (NTFS) - 151.61 GiB total, 118.1 GiB free. \\.\PHYSICALDRIVE0 - Maxtor 6Y080P0 - 76.33 GiB - 2 partitions \PARTITION0 (bootable) - 可安裝的檔案系統 - 19.09 GiB - C: \PARTITION1 - Unknown - 57.24 GiB - D: \\.\PHYSICALDRIVE1 - WDC WD32 01ABYS-01B9A SCSI Disk Device - 298.09 GiB - 2 partitions \PARTITION0 - 可安裝的檔案系統 - 146.48 GiB - G: \PARTITION1 - 可安裝的檔案系統 - 151.61 GiB - H: -- Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is disabled. AntiVirusDisableNotify is set. FirewallDisableNotify is set. FW: Norton Internet Security v2005 (Symantec Corporation) AV: Norton Internet Security v2005 (Symantec Corporation) Disabled [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Foxy\\Foxy.exe"="C:\\Program Files\\Foxy\\Foxy.exe:*:Enabled:Foxy" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:μTorrent" "C:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"="C:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe:*:Enabled:Thunder" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\user\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=USER-ND76JHN6V0 ComSpec=C:\WINDOWS\system32\cmd.exe DEFAULT_CA_NR=CA8 FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\user LOGONSERVER=\\USER-ND76JHN6V0 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\EPSON\Utility Suite\Copy Utility;C:\Program Files\Java\jdk1.5.0_09\bin;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0a00 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\user\LOCALS~1\Temp TMP=C:\DOCUME~1\user\LOCALS~1\Temp USERDOMAIN=USER-ND76JHN6V0 USERNAME=user USERPROFILE=C:\Documents and Settings\user windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- user (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ▲麩敃芶Season2◎諦誧傷假蚾最唗 --> C:\PROGRA~1\9you\麩敃芶~1\UNWISE.EXE C:\PROGRA~1\9you\麩敃芶~1\INSTALL.LOG ▲敃V1.7◎絿㜢翋最宒假娊 --> \UNWISE.EXE C:\DOCUME~1\user\桌面\1CD-NO~1\1CD-NO~1\ 360安全?士 --> C:\Program Files\360safe\uninst.exe 7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe" Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2 - Chinese Traditional --> MsiExec.exe /I{AC76BA86-7AD7-1028-7B44-A81200000003} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919} ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB} CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917} eMule VeryCD唳 --> C:\Program Files\eMule\uninstall.exe EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\Setup.exe" -l0x9 -UnInstall EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x404 Uninstall EPSON印表機軟體 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R Foxy v1.9.7 --> "C:\Program Files\Foxy\unins000.exe" G-TECH WebCam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBF79EFA-3F63-43BC-88EE-0157CE50F1B1}\setup.exe" -l0x404 -removeonly Gameone --> C:\Program Files\InstallShield Installation Information\{860D3152-6E51-4E4F-A589-64C373097622}\setup.exe -runfromtemp -l0x0404 -removeonly Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall J2SE Development Kit 5.0 Update 9 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150090} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} K-Lite Codec Pack 3.2.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe" Kaspersky Online Scanner --> C:\WINDOWS\System32\KASPER~1\KASPER~1\kavuninstall.exe LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe Microsoft AppLocale --> MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7} Microsoft MSDN 2005 Express 㙉 - 羉砰いゅ --> C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express 㙉 - 羉砰いゅ\install.exe Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110404-6000-11D3-8CFE-0150048383C9} Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510404-6000-11D3-8CFE-0150048383C9} Microsoft Visual Basic 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - ENU\setup.exe Microsoft Visual Basic 2005 Express Edition - ENU --> MsiExec.exe /X{577AD794-8B34-40B4-9E7A-BE4CFFE396E6} Microsoft Visual Basic 2005 Express 㙉 - 羉砰いゅ --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express 㙉 - 羉砰いゅ\setup.exe Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual Web Developer 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Web Developer 2005 Express Edition - ENU\setup.exe Microsoft Visual Web Developer 2005 Express Edition - ENU --> MsiExec.exe /X{221125DC-6A40-4900-B844-591F5E1195B0} Microsoft Windows Application Compatibility Database --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" MiniQQLive --> "C:\Program Files\Tencent\QQLive\MiniQQLiveUninstall.exe" Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MS HKSCS-2001 Support --> RunDll32.exe advpack.dll,LaunchINFSection hkscs2001.inf,Uninstall MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69} MySQL Connector Net 5.0.5 --> MsiExec.exe /I{5FD88490-011C-4DF1-B886-F298D955171B} MySQL Connector/ODBC 3.51 --> MsiExec.exe /I{9A854ED3-C3B1-493D-8104-C4B5AC459B7A} MySQL Server 5.0 --> MsiExec.exe /I{2FEB25F8-C3CB-49A2-AE79-DE17FFAFB5D9} MySQL Tools for 5.0 --> MsiExec.exe /I{EC561602-C0B9-4FAA-A175-1B3273639AC3} Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Net Transport 1.94.281 --> "C:\Program Files\Xi\NetTransport 2\unins000.exe" Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519} Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F} Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B} Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125} Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935} Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B} Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F} Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20} Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555} Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43} Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22} Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0} Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4} NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan Power MP3 WMA Converter 2006, (ver 3.51) --> "C:\Program Files\Power MP3 WMA Converter\unins000.exe" QQ2006 Beta2 --> C:\Program Files\Tencent2\QQ\uninst.exe QQLive 3.5 --> "C:\Program Files\Tencent\QQLive\uninstall.exe" QQ游? --> C:\Program Files\Tencent\QQGame\Uninstall.EXE QQ繁體新斗地主 --> C:\PROGRA~1\Tencent\QQGame\newddz\UNWISE.EXE C:\PROGRA~1\Tencent\QQGame\newddz\INSTALL.LOG QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} RaySource 2.0.10.7348 --> C:\Program Files\RaySource\uninst.exe RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138} SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} Tencent Media Player by Viewpoint --> C:\Program Files\Tencent\Viewpoint Media Player\mtsAxInstaller.exe /u TextPad 4.7 --> MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715} Unlocker 1.8.3 --> C:\Program Files\Unlocker\uninst.exe Windows Live installer --> MsiExec.exe /X{97898768-B0A7-4529-82D8-96925BD906EA} Windows Live Messenger --> MsiExec.exe /X{6560D90C-5223-49A3-B78C-A48C31EAEC56} Windows Live 登入小幫手 --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41} WinRAR 壓縮工具 --> C:\Program Files\WinRAR\uninstall.exe μTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL 迅雷5 --> "C:\Program Files\Thunder Network\Thunder\unins000.exe" 超級兔子魔法設定 --> C:\PROGRA~1\SUPERR~1\magicset\UNWISE.EXE C:\PROGRA~1\SUPERR~1\magicset\INSTALL.LOG -- Application Event Log ------------------------------------------------------- Event Record #/Type24439 / Error Event Submitted/Written: 05/26/2008 00:32:59 PM Event ID/Source: 3001 / LoadPerf Event Description: 3866 Event Record #/Type24438 / Warning Event Submitted/Written: 05/26/2008 00:32:59 PM Event ID/Source: 2006 / LoadPerf Event Description: 效能登錄的 LastCounter 和 LastHelp 值已經損毀,需要 更新。資料區段中第一個和第二個 DWORD 是原始值,而區段中第三個和第四個 DWORD 是更新後的新值。 Event Record #/Type24350 / Success Event Submitted/Written: 05/26/2008 04:34:15 AM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type24123 / Success Event Submitted/Written: 05/24/2008 09:40:15 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type24011 / Success Event Submitted/Written: 05/24/2008 11:46:15 AM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type47599 / Error Event Submitted/Written: 05/25/2008 02:07:34 AM Event ID/Source: 7000 / Service Control Manager Event Description: LiveUpdate 服務無法啟動,因為發生下列錯誤: %%1053 Event Record #/Type47598 / Error Event Submitted/Written: 05/25/2008 02:07:28 AM Event ID/Source: 7009 / Service Control Manager Event Description: LiveUpdate 服務連線的等候逾時 (30000 毫秒)。 Event Record #/Type47597 / Error Event Submitted/Written: 05/25/2008 02:07:28 AM Event ID/Source: 10005 / DCOM Event Description: DCOM 遇到錯誤 "%%1053",是當嘗試啟動服務 LiveUpdate 而引數為 "", 為了執行伺服器: {03E0E6C2-363B-11D3-B536-00902771A435} 之時 Event Record #/Type47546 / Error Event Submitted/Written: 05/24/2008 09:09:36 PM Event ID/Source: 10010 / DCOM Event Description: 伺服器 {F3A614DC-ABE0-11D2-A441-00C04F795683} 沒有在指定的等候逾時內登錄 DCOM。 Event Record #/Type47301 / Error Event Submitted/Written: 05/23/2008 03:08:17 AM Event ID/Source: 10005 / DCOM Event Description: DCOM 遇到錯誤 "%%1084",是當嘗試啟動服務 EventSystem 而引數為 "", 為了執行伺服器: {1BE1F766-5536-11D1-B726-00C04FB926AF} 之時 -- End of Deckard's System Scanner: finished at 2008-05-26 13:06:54 ------------ |
 |
 
|
|
Jun 25 2008, 05:18 AM
Post
#2
|
|
 Forum Regular Group: Study Hall Admin Posts: 3,185 Joined: 12-July 04 From: Boston Mass Member No.: 1,374 |
Hello
Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up. If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine. Thanks and again sorry for the delay. click on Start, click on Run copy and paste the following in bold in the open window and then click OK "%userprofile%\desktop\dss.exe" /config This will open up DSS configuration click on Check All click Scan DSS will now run again when finished Please post back both logs that open in notepad Main txt and extra txt Next Please do a scan with Kaspersky Online Scanner Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Click on the Accept button and install any components it needs.
|
|
|
|
|
Jun 25 2008, 10:05 AM
Post
#3
|
|
|
Member Group: Members Posts: 18 Joined: 25-May 08 Member No.: 211,210 |
Hello. Thanks for your reply.
You don't need to feel sorry for the delay. I know you all are so busy and I really appreciate your help. Here's the main.txt Deckard's System Scanner v20071014.68 Run by user on 2008-06-25 23:10:40 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 39: 2008-06-25 15:10:46 UTC - RP42 - Deckard's System Scanner Restore Point 38: 2008-06-25 11:10:16 UTC - RP41 - 系統檢查點 37: 2008-06-24 10:43:07 UTC - RP40 - 系統檢查點 36: 2008-06-22 16:53:35 UTC - RP39 - 系統檢查點 35: 2008-06-20 19:46:44 UTC - RP38 - Removed MySQL Server 5.0 -- First Restore Point -- 1: 2008-05-25 20:19:49 UTC - RP4 - 系統檢查點 Performed disk cleanup. System Drive C: has 1.44 GiB (less than 15%) free. -- HijackThis (run as user.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 下午 11:10:52, on 2008/6/25 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\QTTask.exe C:\Program Files\GridService\peer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\conime.exe C:\Documents and Settings\user\桌面\dss.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid O4 - HKLM\..\Run: [ClubBox] nwiz.exe /install O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvGraphicsInterface] C:\winhost.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &U妏蚚馨譙儂け狟婥甜彶紲 - C:\Program Files\NamiRobot\Data\du.html O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm O8 - Extra context menu item: Foxy 更 - res://C:\Program Files\Foxy\Foxy.exe/download.htm O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent2\QQ\AddToNetDisk.htm O8 - Extra context menu item: 使用影音傳送帶下載 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: 使用影音傳送帶下載全部連結 - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: 使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm O8 - Extra context menu item: 使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent2\QQ\AddPanel.htm O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent2\QQ\AddEmotion.htm O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent2\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent2\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent2\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent2\QQ\SendMMS.htm O9 - Extra button: 運行迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra 'Tools' menuitem: 運行迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {003FACAF-40CB-4358-96D2-B0D8CEF4DBF5} (SKeyHelper Class) - https://bet.hongkongjockeyclub.com/ib/skey/...cab/eWinCtl.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} (InstallHelper Class) - http://cache.tv.qq.com/qqlive_ocx/QQLiveInstaller.cab O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/147f98ffeffb7b...RdxIE601_tw.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1192295777281 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab O16 - DPF: {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} (PhotoUploadCtrl Control) - http://qz-photo.qq.com/qzone_v4/QzoneMediaTools.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.co.kr/neo.fld/MultiUpload.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O23 - Service: 自動 LiveUpdate 排程器 - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- End of file - 13287 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 npkcrypt - c:\program files\tencent\qq\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver> S3 EagleNT - c:\windows\system32\drivers\eaglent.sys <Not Verified; AhnLab, Inc.; AhnLab, Inc.> S3 npkycryp - c:\program files\tencent\qq\npkycryp.sys (file missing) S3 snpstd (VideoCAM Eye) - c:\windows\system32\drivers\snpstd.sys (file missing) S3 usbbus (LGE Mobile Composite USB Device) - c:\windows\system32\drivers\lgusbbus.sys (file missing) S3 USBModem (LGE Mobile USB Modem) - c:\windows\system32\drivers\lgusbmodem.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Process Modules ------------------------------------------------------------- C:\WINDOWS\explorer.exe (pid 3456) 2003-02-21 04:42:22 348160 -ra------ C:\WINDOWS\system32\msvcr71.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual Studio .NET> 2006-12-01 22:54:32 626688 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual StudioR 2005> 2006-01-17 10:19:44 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2008-03-26 20:14:36 57344 --a------ C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll <Not Verified; Thunder Networking Technologies,LTD; DsBho Dynamic Link Library> 2008-03-26 20:14:36 122880 --a------ C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll <Not Verified; Thunder Networking Technologies,LTD; DataProcessor Dynamic Link Library> 2003-03-18 22:14:52 499712 -ra------ C:\WINDOWS\system32\msvcp71.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual Studio .NET> 2003-03-18 21:05:50 89088 -ra------ C:\WINDOWS\system32\atl71.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual Studio .NET> 2004-07-19 21:16:48 49152 --a------ C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll <Not Verified; Xi; Net Transport IE Helper Module> 2006-05-06 21:29:21 8704 --a------ C:\Program Files\Unlocker\UnlockerCOM.dll 2007-09-25 17:51:06 129024 --a------ C:\Program Files\WinRAR\RarExt.dll 2007-12-06 16:32:58 69632 --a------ C:\Program Files\7-Zip\7-zip.dll <Not Verified; Igor Pavlov; 7-Zip> -- Scheduled Tasks ------------------------------------------------------------- 2008-02-22 20:39:52 498 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - 掃描我的電腦 - user.job -- Files created between 2008-05-25 and 2008-06-25 ----------------------------- 2008-06-25 22:20:30 0 d-------- C:\Program Files\Trend Micro 2008-06-25 14:06:49 448384 --a------ C:\WINDOWS\system32\drivers\EagleNt.sys <Not Verified; AhnLab, Inc.; AhnLab, Inc.> 2008-06-24 13:31:51 0 dr-h----- C:\Documents and Settings\user\Recent 2008-06-24 13:28:43 17055 --a------ C:\runmgr.exe 2008-06-17 00:55:42 0 d-------- C:\FSMWebSite 2008-06-08 20:10:52 0 d-------- C:\Program Files\NamiRobot 2008-06-03 21:30:38 1540096 -ra------ C:\WINDOWS\system32\clubbox.exe <Not Verified; Nowcom, Co. LTD.; CLUBBOX File Transfer Manager V2> 2008-05-28 17:27:58 16751 --a------ C:\WINDOWS\system32\drivers\hosts 2008-05-28 17:27:58 16751 --a------ C:\WINDOWS\hosts 2008-05-27 21:07:18 0 d-------- C:\WINDOWS\BDOSCAN8 2008-05-27 20:34:57 0 d-------- C:\UFI_Backup 2008-05-26 12:31:02 0 d-------- C:\Program Files\MySQL -- Find3M Report --------------------------------------------------------------- 2008-06-25 21:21:31 0 d-------- C:\Program Files\Common Files 2008-06-25 14:12:21 0 d-------- C:\Program Files\eMule 2008-06-25 11:16:00 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-06-24 00:11:11 400 --a------ C:\WINDOWS\system32\cid_store.dat 2008-06-24 00:10:27 26 --a------ C:\WINDOWS\system32\xlhcc.dat 2008-06-22 22:31:15 0 d-------- C:\Documents and Settings\user\Application Data\uTorrent 2008-06-17 08:13:56 0 d-------- C:\Documents and Settings\user\Application Data\MySQL 2008-06-12 01:03:59 0 d-------- C:\Program Files\Norton Internet Security 2008-06-10 15:39:13 0 d-------- C:\Program Files\ExtraPlayer 2008-06-09 18:41:59 0 d-------- C:\Documents and Settings\user\Application Data\360Safe 2008-06-09 18:41:41 0 d-------- C:\Program Files\360safe 2008-06-04 17:29:47 0 d-------- C:\Documents and Settings\user\Application Data\MegauploadToolbar 2008-06-02 16:33:36 0 d-------- C:\Program Files\Foxy 2008-05-26 12:32:59 240182 --a------ C:\WINDOWS\system32\prfh0404.dat 2008-05-26 12:32:59 76820 --a------ C:\WINDOWS\system32\prfc0404.dat 2008-05-13 21:57:46 0 d-------- C:\Program Files\7-Zip 2008-05-13 21:06:01 0 d-------- C:\Documents and Settings\user\Application Data\WinRAR 2008-05-13 20:05:33 0 d-------- C:\Program Files\QuickTime 2008-05-13 20:02:21 0 d-------- C:\Program Files\Apple Software Update 2008-04-29 19:27:37 73728 --a------ C:\WINDOWS\antiRK.dll <Not Verified; 奇虎网; 360安全?士文件粉碎模块> 2008-04-29 19:24:34 685568 --a------ C:\killer_rodog.exe <KILLER~1.EXE> <Not Verified; ; Killer.exe> 2008-04-28 23:48:43 0 d-------- C:\Program Files\Common Files\Adobe 2008-04-01 22:06:30 155648 -ra------ C:\WINDOWS\system32\downengine.dll <Not Verified; (?)???; ClubBox> 2008-03-27 20:31:48 20 --a------ C:\WINDOWS\system32\pub_store.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008/02/12 上午 01:10] "SoundMan"="SOUNDMAN.EXE" [2004/08/30 下午 01:48 C:\WINDOWS\SOUNDMAN.EXE] "snpstd"="C:\WINDOWS\vsnpstd.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008/03/28 下午 11:37] "PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2003/07/14 下午 10:57] "nwiz"="nwiz.exe" [2006/01/17 上午 10:19 C:\WINDOWS\system32\nwiz.exe] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006/01/17 上午 10:19] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2001/09/05 下午 08:00] "Grid Service"="C:\Program Files\GridService\peer.exe" [2007/12/14 下午 04:22] "ClubBox"="nwiz.exe" [2006/01/17 上午 10:19 C:\WINDOWS\system32\nwiz.exe] "CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2003/07/14 下午 10:57] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006/05/19 下午 06:07] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008/01/11 下午 10:16] "NvGraphicsInterface"="C:\winhost.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008/04/04 下午 02:43] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2001/09/05 下午 08:00] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Shell"="C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\shell32.dll",Control_RunDLL "C:\WINDOWS\TEMP\dat54.tmp" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a70331e-6b47-11db-a8bf-00508d7a8158}] AutoRun\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe open\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6173b824-3eef-11dd-83a8-00508d7a8158}] AutoRun\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe open\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{774cad9c-3a82-11dd-83a3-00508d7a8158}] AutoRun\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe open\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}] C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sic32.exe -- End of Deckard's System Scanner: finished at 2008-06-25 23:12:12 ------------ This post has been edited by audition: Jun 25 2008, 10:13 AM |
|
|
|
|
Jun 25 2008, 10:14 AM
Post
#4
|
|
|
Member Group: Members Posts: 18 Joined: 25-May 08 Member No.: 211,210 |
Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: Chinese CPU 0: AMD Athlon™ XP 2500+ Percentage of Memory in Use: 64% Physical Memory (total/avail): 511.48 MiB / 181.98 MiB Pagefile Memory (total/avail): 1250.07 MiB / 849.46 MiB Virtual Memory (total/avail): 2047.88 MiB / 1920.51 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 19.09 GiB total, 1.44 GiB free. D: is Fixed (FAT32) - 57.22 GiB total, 10.37 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) G: is Fixed (NTFS) - 146.48 GiB total, 39.83 GiB free. H: is Fixed (NTFS) - 151.61 GiB total, 111.29 GiB free. \\.\PHYSICALDRIVE0 - Maxtor 6Y080P0 - 76.33 GiB - 2 partitions \PARTITION0 (bootable) - 可安裝的檔案系統 - 19.09 GiB - C: \PARTITION1 - Unknown - 57.24 GiB - D: \\.\PHYSICALDRIVE1 - WDC WD32 01ABYS-01B9A SCSI Disk Device - 298.09 GiB - 2 partitions \PARTITION0 - 可安裝的檔案系統 - 146.48 GiB - G: \PARTITION1 - 可安裝的檔案系統 - 151.61 GiB - H: -- Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is disabled. AntiVirusDisableNotify is set. FirewallDisableNotify is set. FW: Norton Internet Security v2005 (Symantec Corporation) AV: Norton Internet Security v2005 (Symantec Corporation) Disabled [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Foxy\\Foxy.exe"="C:\\Program Files\\Foxy\\Foxy.exe:*:Enabled:Foxy" "C:\\Program Files\\uTorre |