Infected by trojans and virusq

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

6 Pages
1
2
3
→
Last »

You cannot start a new topic
This topic is locked

Infected by trojans and virusq

#1 Paul61112002

Member

Group: Members
Posts: 78
Joined: 01-November 08

Posted 01 November 2008 - 08:27 AM

Hello ,
My computer is infected with trojans and IE's homepage is "kidnapped".
Can anyone help me?
==========================================
Hijackthis log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:55, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\EPDOA\OAHotkey.EXE
C:\WINDOWS\Integrator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ken\桌面\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live 祅腊? - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: 發佈至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: 使用 Windows Live Writer 發佈至部落格(& :thumbsup:

- {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155309127156
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F88F32EC-72F6-45F2-B458-7DDA547717CB}: NameServer = 210.0.128.242 210.0.255.216
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 11785 bytes

#2 Buckeye_Sam

Malware Expert

Group: Malware Response Team
Posts: 17,382
Joined: 23-December 04
Gender:Male
Location:Pickerington, Ohio

Posted 01 November 2008 - 10:36 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

First let's get a more detailed log so we can determine the best plan of attack for you.

Please download OTViewIt by OldTimer to your desktop.
Double click on the OTViewIt.exe icon on your desktop.
Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.

Copy and Paste the logs into your next reply.

If I have helped you in any way, please consider a donation to help me continue the fight against malware.

Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!

========================================================

#3 Paul61112002

Member

Group: Members
Posts: 78
Joined: 01-November 08

Posted 01 November 2008 - 10:50 PM

Thank you for your help ~~
The following is my OTviewIT.Txt
=========================
OTViewIt logfile created on: 2/11/2008 11:46:39 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Ken\桌面
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

1022.07 Mb Total Physical Memory | 586.45 Mb Available Physical Memory | 57.38% Memory free
2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.16% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 98.42 Gb Free Space | 66.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAUL
Current User Name: Ken
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days

========== Processes ==========

[2005/08/03 21:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007/05/30 20:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2008/02/04 21:38:24 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
[2007/04/19 11:08:00 | 00,708,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\svcntaux.exe
[2007/04/19 11:08:06 | 01,302,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\swdsvc.exe
[2004/08/12 18:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
[2004/08/12 18:00:00 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
[2005/04/02 01:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
[2004/08/12 18:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2006/05/03 03:12:00 | 00,098,304 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[2006/07/14 21:48:17 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2004/08/12 18:00:00 | 00,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/02/04 21:38:24 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
[2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[2005/03/22 16:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/08/30 10:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2002/02/28 06:48:58 | 00,491,008 | ---- | M] (Roy) -- C:\EPDOA\OAHotkey.EXE
[2003/01/15 11:46:24 | 00,151,552 | ---- | M] (Dachshund Software) -- C:\WINDOWS\Integrator.exe
[2008/04/07 18:07:49 | 07,660,656 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/11/02 11:45:26 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken\桌面\OTViewIt.exe

========== (O23) Win32 Services ==========

[2006/09/11 19:52:24 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/03 21:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2007/05/30 20:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])
File not found -- -- (AVP [Auto | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2004/08/12 18:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
[2006/09/15 00:03:27 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2004/11/19 11:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/02/04 21:38:24 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe -- (NOD32krn [Auto | Running])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/04/19 11:08:00 | 00,708,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\svcntaux.exe -- (sdAuxService [Auto | Running])
[2007/04/19 11:08:06 | 01,302,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\swdsvc.exe -- (sdCoreService [Auto | Running])
[2004/08/12 18:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp [Auto | Running])
[2004/08/12 18:00:00 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP [Auto | Running])
[2004/08/12 18:00:00 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2005/04/02 01:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService [Auto | Running])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/06/05 13:02:13 | 00,137,088 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe -- (VideoAcceleratorEngine [On_Demand | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/11/02 23:09:48 | 00,897,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/08/12 18:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2008/02/04 21:38:25 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])
[2004/08/12 18:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2004/08/12 18:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2005/08/03 21:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/05/30 20:10:42 | 00,011,000 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [System | Running])
[2007/05/30 20:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln [System | Running])
[2002/10/07 13:22:06 | 00,018,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\CenixFMC.sys -- (CENIXFMC [On_Demand | Stopped])
[2004/12/14 05:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
[2004/08/12 18:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2004/08/12 18:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/04/22 03:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2005/04/21 02:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2006/07/14 23:42:57 | 00,223,128 | ---- | M] (DT Soft Ltd.) -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi [On_Demand | Stopped])
[2004/10/14 16:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2006/09/11 16:00:00 | 00,387,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys -- (eeCtrl [System | Running])
[2004/08/12 18:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga [System | Running])
[2006/09/02 19:04:42 | 00,010,345 | ---- | M] (Applied Networking Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped])
[2008/04/14 00:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/06/28 11:58:56 | 00,053,793 | ---- | M] (Compuware Corporation) -- C:\WINDOWS\system32\drivers\hid7906.sys -- (hid7906 [On_Demand | Stopped])
[2007/04/19 15:18:08 | 00,039,248 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfileflt.sys -- (IKFileFlt [System | Running])
[2007/04/19 15:18:12 | 00,052,304 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [System | Running])
[2007/04/19 15:18:16 | 00,059,984 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IkSysFlt [System | Running])
[2007/04/19 15:18:20 | 00,083,536 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
[2008/06/29 11:54:23 | 00,014,144 | ---- | M] (Hongtien) -- C:\WINDOWS\system32\drivers\IPvE.sys -- (IPvE [On_Demand | Stopped])
[2004/08/12 18:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/01/21 01:14:40 | 00,032,768 | ---- | M] (北京三七二一科技有限公司) -- C:\WINDOWS\system32\drivers\leoiobo.sys -- (leoiobo [Boot | Running])
[2004/08/12 18:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2007/06/19 10:52:57 | 00,011,192 | ---- | M] (Yahoo! China Corporation) -- C:\WINDOWS\system32\drivers\myxlljjp.sys -- (myxlljjp [Boot | Running])
[2004/08/12 18:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2008/02/04 21:38:24 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running])
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/08/12 18:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/10/27 04:12:48 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/12 18:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2004/08/12 18:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2004/08/12 18:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/06/05 13:02:13 | 00,034,304 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\sbbotdi.sys -- (sbbotdi [Auto | Running])
[2004/08/12 18:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2004/08/12 18:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2006/07/14 23:39:01 | 00,642,560 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2005/05/13 10:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2005/05/13 10:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2005/11/16 14:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2004/08/12 18:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2004/08/12 18:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2004/08/12 18:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2004/08/12 18:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2004/08/12 18:00:00 | 00,223,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [System | Running])
[2005/05/31 05:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2005/05/31 05:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2005/05/31 05:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2005/05/31 05:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2005/05/31 05:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2005/05/31 05:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2005/05/31 05:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2005/05/31 05:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2005/05/31 05:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2004/08/12 18:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running])
[2005/10/09 01:05:16 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
[2004/08/12 18:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2005/07/08 14:44:18 | 00,159,616 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\vax347b.sys -- (vax347b [Boot | Running])
[2004/04/30 09:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\vax347s.sys -- (vax347s [Boot | Running])
[2008/04/15 18:54:34 | 00,028,384 | ---- | M] () -- C:\WINDOWS\system32\drivers\vzchp.sys -- (vzchp [Boot | Running])
[2004/08/12 18:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Prev Search Page"=http://google.icq.com
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p

[HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Prev Search Page"=http://google.icq.com
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.6700.cn?tn=102760//www.microsoft.com/i

[HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=
"provider"=

[HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (265205 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9212 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{70DE7956-479D-4EB7-8641-2B45774C350E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{70DE7956-479D-4EB7-8641-2B45774C350E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"ISUSPM Startup"=c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup (Macrovision Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (Eset )
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2005/03/16 19:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2002/12/17 12:00:44 | 02,301,798 | ---- | M] () -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
[2002/09/21 12:26:40 | 01,874,381 | ---- | M] () -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
[2002/02/28 06:48:58 | 00,491,008 | ---- | M] (Roy) -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\OAhotkey.lnk = C:\EPDOA\OAHotkey.EXE
[2002/09/21 12:27:14 | 01,446,302 | ---- | M] () -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
File not found -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\粗箇QQ珆IP.lnk = C:\Program Files\粗箇QQ\CaiHong.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
&ㄏ? FlashGet 更: Reg Error: Value does not exist or could not be read. File not found
&ㄏノ FlashGet 更: C:\FlashGet\jc_link.htm File not found
&全部使用 FlashGet 下載: C:\FlashGet\jc_all.htm File not found
&妏蚚捃濘狟婥: Reg Error: Value does not exist or could not be read. File not found
&妏蚚捃濘狟婥窒蟈諉: Reg Error: Value does not exist or could not be read. File not found
&使用 FlashGet 下載: C:\FlashGet\jc_link.htm File not found
&使用迅雷下載: C:\Program Files\Thunder Network\Thunder\Program\geturl.htm [2006/11/22 23:54:24 | 00,003,144 | ---- | M] ()
&使用迅雷下載全部鏈接: C:\Program Files\Thunder Network\Thunder\Program\getAllurl.htm [2006/09/14 15:00:10 | 00,001,481 | ---- | M] ()
&?ㄏ? FlashGet 更: Reg Error: Value does not exist or could not be read. File not found
&场ㄏノ FlashGet 更: C:\FlashGet\jc_all.htm File not found
匯出至 Microsoft Office Excel(&X): Reg Error: Value does not exist or could not be read. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
!搜一搜: C:\Program Files\YiSou\yisou.dll File not found
Add to Windows &Live Favorites: File not found
匯出至 Microsoft Office Excel(&X): C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
!搜一搜: C:\Program Files\YiSou\yisou.dll File not found
Add to Windows &Live Favorites: File not found
匯出至 Microsoft Office Excel(&X): C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
!搜一搜: Reg Error: Key does not exist or could not be opened. File not found
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found
匯出至 Microsoft Office Excel(&X): Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
!搜一搜: Reg Error: Key does not exist or could not be opened. File not found
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found
匯出至 Microsoft Office Excel(&X): Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
&ㄏ? FlashGet 更: Reg Error: Value does not exist or could not be read. File not found
&ㄏノ FlashGet 更: C:\FlashGet\jc_link.htm File not found
&全部使用 FlashGet 下載: C:\FlashGet\jc_all.htm File not found
&妏蚚捃濘狟婥: Reg Error: Value does not exist or could not be read. File not found
&妏蚚捃濘狟婥窒蟈諉: Reg Error: Value does not exist or could not be read. File not found
&使用 FlashGet 下載: C:\FlashGet\jc_link.htm File not found
&使用迅雷下載: C:\Program Files\Thunder Network\Thunder\Program\geturl.htm [2006/11/22 23:54:24 | 00,003,144 | ---- | M] ()
&使用迅雷下載全部鏈接: C:\Program Files\Thunder Network\Thunder\Program\getAllurl.htm [2006/09/14 15:00:10 | 00,001,481 | ---- | M] ()
&?ㄏ? FlashGet 更: Reg Error: Value does not exist or could not be read. File not found
&场ㄏノ FlashGet 更: C:\FlashGet\jc_all.htm File not found
匯出至 Microsoft Office Excel(&X): Reg Error: Value does not exist or could not be read. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java 主控台 -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: 發佈至部落格 -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: 使用 Windows Live Writer 發佈至部落格(& :thumbsup:

-- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: 參考資料 -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{0062C9BD-B349-40DE-91A0-755F37ACD559} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{0A155D3C-68E2-4215-A47A-E800A446447A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [發佈至部落格] -> [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{507F9113-CD77-4866-BA92-0E86DA3D0B97} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{59BC54A2-56B3-44a0-93E5-432D58746E26} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [參考資料] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{9885224C-1217-4c5f-83C2-00002E6CEF2B} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FD00D911-7529-4084-9946-A29F1BDF4FE5} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [發佈至部落格] -> [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [參考資料] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [發佈至部落格] -> [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [參考資料] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{0062C9BD-B349-40DE-91A0-755F37ACD559} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{0A155D3C-68E2-4215-A47A-E800A446447A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [發佈至部落格] -> [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{507F9113-CD77-4866-BA92-0E86DA3D0B97} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{59BC54A2-56B3-44a0-93E5-432D58746E26} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [參考資料] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{9885224C-1217-4c5f-83C2-00002E6CEF2B} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FD00D911-7529-4084-9946-A29F1BDF4FE5} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
47 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{00000055-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/fhg.CAB -- Reg Error: Key does not exist or could not be opened.
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1155309127156 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{9D190AE6-C81E-4039-8061-978EBAD10073}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.0
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://www.adobe.com/products/acrobat/nos/gp.cab -- get_atlcom Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}: http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab -- Minesweeper Flags Class
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{0F94EF78-DE4B-40F7-8E55-A868CEC880FD} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" (HKLM) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/09/07 11:10:30 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command]
""=D:\setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[6 C:\Documents and Settings\Ken\桌面\*.tmp files]
[2008/11/02 11:45:13 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken\桌面\OTViewIt.exe
[2008/11/01 21:06:30 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ken\桌面\HiJackThis.exe
[2008/11/01 20:52:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\桌面\Hijackthis
[2008/11/01 06:40:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\dell
[2008/11/01 00:27:41 | 00,064,512 | -H-- | C] () -- C:\Documents and Settings\Ken\Application Data\dach100.dll
[2008/11/01 00:10:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Application Data\Talkback
[2008/10/31 23:57:22 | 00,002,422 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2008/10/31 23:29:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/31 23:24:00 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2008/10/31 23:24:00 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2008/10/31 23:23:56 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2008/10/31 23:23:45 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2008/10/31 23:23:42 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2008/10/31 23:23:42 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2008/10/31 23:23:41 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2008/10/31 23:23:41 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2008/10/31 23:23:36 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2008/10/31 23:23:32 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2008/10/31 23:23:32 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2008/10/31 23:23:31 | 00,424,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2008/10/31 23:23:31 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2008/10/31 23:23:30 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2008/10/31 23:23:29 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2008/10/31 23:23:29 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2008/10/31 23:23:29 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2008/10/31 23:23:29 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2008/10/31 23:23:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2008/10/31 23:23:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2008/10/31 23:23:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2008/10/31 23:23:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2008/10/31 23:23:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2008/10/31 23:23:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2008/10/31 23:23:28 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2008/10/31 23:23:28 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2008/10/31 23:23:28 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2008/10/31 23:23:20 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2008/10/31 23:23:19 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2008/10/31 23:23:16 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2008/10/31 23:23:16 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2008/10/31 23:23:16 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2008/10/31 23:23:16 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2008/10/31 23:23:12 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2008/10/31 23:23:12 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2008/10/31 23:23:08 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2008/10/31 23:23:08 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2008/10/31 23:23:08 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2008/10/31 23:23:03 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2008/10/31 23:23:03 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\plugin.ocx
[2008/10/31 23:23:03 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2008/10/31 23:23:03 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2008/10/31 23:22:54 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2008/10/31 23:22:45 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2008/10/31 23:22:28 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2008/10/31 23:22:27 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2008/10/31 23:22:27 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2008/10/31 23:22:25 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2008/10/31 23:22:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2008/10/31 23:22:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2008/10/31 23:22:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2008/10/31 23:22:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2008/10/31 23:22:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2008/10/31 23:22:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2008/10/31 23:22:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2008/10/31 23:22:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2008/10/31 23:22:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2008/10/31 23:22:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2008/10/31 23:22:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2008/10/31 23:22:17 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2008/10/31 23:22:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2008/10/31 23:22:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2008/10/31 23:22:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2008/10/31 23:22:16 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2008/10/31 23:22:15 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2008/10/31 23:22:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2008/10/31 23:22:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2008/10/31 23:22:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2008/10/31 23:22:15 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2008/10/31 23:21:54 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2008/10/31 23:21:53 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2008/10/31 23:21:53 | 00,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2008/10/31 23:21:53 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2008/10/31 23:21:52 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2008/10/31 23:21:51 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2008/10/31 23:21:49 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2008/10/31 23:21:49 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2008/10/31 23:21:49 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2008/10/31 23:21:49 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2008/10/31 23:21:37 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2008/10/31 23:21:32 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2008/10/31 23:21:32 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2008/10/31 23:21:32 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2008/10/31 23:21:32 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2008/10/31 23:21:30 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2008/10/31 23:21:30 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2008/10/31 23:21:29 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2008/10/31 23:21:29 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2008/10/31 23:21:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2008/10/31 23:21:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2008/10/31 23:21:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2008/10/31 23:21:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2008/10/31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2008/10/31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2008/10/31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2008/10/31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2008/10/31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2008/10/31 23:21:25 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2008/10/31 23:21:25 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2008/10/31 23:21:25 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2008/10/31 23:21:24 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2008/10/31 23:21:24 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2008/10/31 23:21:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2008/10/31 23:21:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2008/10/31 23:21:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2008/10/31 23:21:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2008/10/31 23:21:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2008/10/31 23:21:10 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2008/10/31 23:21:09 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2008/10/31 23:21:07 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2008/10/31 23:21:07 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2008/10/31 23:21:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2008/10/31 23:20:53 | 00,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2008/10/31 23:20:53 | 00,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2008/10/31 23:20:53 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2008/10/31 23:20:52 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2008/10/31 23:20:46 | 00,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2008/10/31 23:20:45 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2008/10/31 23:20:45 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2008/10/31 23:20:45 | 00,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2008/10/31 23:20:45 | 00,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2008/10/31 23:20:45 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2008/10/31 23:20:44 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2008/10/31 23:20:44 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2008/10/31 23:20:44 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2008/10/31 23:20:44 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2008/10/31 23:20:44 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2008/10/31 23:20:44 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2008/10/31 23:20:44 | 00,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2008/10/31 23:20:43 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2008/10/31 23:20:43 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2008/10/31 23:20:43 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2008/10/31 23:20:42 | 00,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2008/10/31 23:20:42 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2008/10/31 23:20:42 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2008/10/31 23:20:41 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2008/10/31 23:20:40 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2008/10/31 23:18:30 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2008/10/31 23:18:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2008/10/31 23:18:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2008/10/31 23:18:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2008/10/31 23:18:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2008/10/31 23:17:53 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2008/10/31 23:16:33 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2008/10/31 22:52:41 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2008/10/31 22:52:41 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2008/10/31 22:52:35 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME
[2008/10/31 22:52:35 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2008/10/31 22:52:35 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2008/10/31 22:52:35 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2008/10/31 22:52:35 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2008/10/31 22:52:20 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2008/10/31 22:52:20 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2008/10/31 22:52:20 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2008/10/31 22:52:20 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2008/10/31 22:52:03 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\desktop.ini
[2008/10/31 22:52:02 | 01,104,400 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2008/10/31 22:52:02 | 00,819,229 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2008/10/31 22:52:02 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2008/10/31 22:52:02 | 00,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2008/10/31 22:52:02 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2008/10/31 22:52:02 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2008/10/31 22:52:02 | 00,014,043 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2008/10/31 22:52:02 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2008/10/31 22:52:02 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2008/10/31 22:52:02 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2008/10/31 22:52:02 | 00,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2008/10/31 22:52:02 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2008/10/31 22:52:02 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2008/10/31 22:52:01 | 01,938,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2008/10/31 22:52:01 | 01,025,000 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2008/10/31 22:52:01 | 00,520,138 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2008/10/31 22:31:18 | 00,001,943 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/10/27 21:41:01 | 10,717,96224 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/26 21:08:51 | 00,014,912 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2008/10/26 21:00:28 | 03,787,274 | -H-- | C] () -- C:\Documents and Settings\Ken\Local Settings\Application Data\IconCache.db
[2008/10/26 20:23:42 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/10/26 20:23:42 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/10/26 20:23:42 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/10/26 20:23:42 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/26 20:23:42 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/10/26 20:23:42 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/10/26 20:23:42 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/10/26 20:23:42 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/10/26 20:23:42 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/10/26 20:21:07 | 00,083,208 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\RSIT.exe
[2008/10/26 19:53:45 | 02,995,773 | R--- | C] () -- C:\Documents and Settings\Ken\桌面\ComboFix.exe
[2008/10/24 14:47:23 | 20,594,416 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\xyj.exe
[2008/10/22 00:45:58 | 01,058,816 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\中國錢幣與書法.doc
[2008/10/22 00:44:19 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\古钱币上的书法艺术.doc
** - C:\Documents and Settings\Ken\桌面\古??上的?法??.doc
[2008/10/18 12:10:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\桌面\中化評論
[2008/10/15 23:29:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\桌面\Time management
[2008/10/07 23:59:22 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\Reference.doc
[2008/10/07 23:20:06 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\Part 2.doc
[2008/10/07 16:29:23 | 02,032,128 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\network01.ppt
[2008/10/05 15:21:38 | 00,000,491 | ---- | C] () -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\OAhotkey.lnk

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[6 C:\Documents and Settings\Ken\桌面\*.tmp files]
[2008/11/02 11:45:26 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken\桌面\OTViewIt.exe
[2008/11/02 11:42:36 | 00,000,066 | ---- | M] () -- C:\WINDOWS\anticrash.dat
[2008/11/02 11:42:36 | 00,000,061 | ---- | M] () -- C:\WINDOWS\hare.dat
[2008/11/02 11:42:35 | 00,064,512 | -H-- | M] () -- C:\Documents and Settings\Ken\Application Data\dach100.dll
[2008/11/02 11:42:33 | 00,000,060 | ---- | M] () -- C:\WINDOWS\zoom.dat
[2008/11/02 11:41:42 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/02 11:40:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/02 11:40:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/02 11:40:47 | 10,717,96224 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/02 08:39:00 | 00,000,250 | ---- | M] () -- C:\WINDOWS\tasks\查看 Windows Live Toolbar 的更新資訊.job
[2008/11/01 22:27:48 | 00,000,581 | ---- | M] () -- C:\Documents and Settings\Ken\My Documents\我的共用資料夾.lnk
[2008/11/01 22:26:56 | 00,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Windows Live Messenger .lnk
[2008/11/01 21:06:44 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ken\桌面\HiJackThis.exe
[2008/11/01 00:26:16 | 00,000,847 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/31 23:59:53 | 00,000,257 | -HS- | M] () -- C:\Documents and Settings\Ken\My Documents\desktop.ini
[2008/10/31 23:57:22 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2008/10/31 23:35:56 | 00,355,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/31 23:33:23 | 01,126,090 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/31 23:33:23 | 00,448,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/31 23:33:23 | 00,428,028 | ---- | M] () -- C:\WINDOWS\System32\prfh0404.dat
[2008/10/31 23:33:23 | 00,153,398 | ---- | M] () -- C:\WINDOWS\System32\prfc0404.dat
[2008/10/31 23:33:23 | 00,074,336 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/31 23:28:27 | 00,000,587 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/10/31 23:20:03 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\desktop.ini
[2008/10/31 23:19:57 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/10/31 23:19:55 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/10/31 23:19:55 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/10/31 23:19:37 | 00,004,205 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/31 23:18:30 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2008/10/31 23:18:30 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2008/10/31 23:18:02 | 00,001,210 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/31 23:16:48 | 00,023,152 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/31 23:15:22 | 00,000,505 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2008/10/31 23:13:36 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/10/31 22:57:27 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1
[2008/10/31 22:52:03 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/10/31 22:52:03 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/10/31 22:35:50 | 03,787,274 | -H-- | M] () -- C:\Documents and Settings\Ken\Local Settings\Application Data\IconCache.db
[2008/10/31 22:34:47 | 00,014,912 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2008/10/31 22:31:30 | 00,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/26 20:57:04 | 00,000,223 | -H-- | M] () -- C:\WINDOWS\winshell.dat
[2008/10/26 20:21:09 | 00,083,208 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\RSIT.exe
[2008/10/26 19:53:45 | 02,995,773 | R--- | M] () -- C:\Documents and Settings\Ken\桌面\ComboFix.exe
[2008/10/26 18:01:42 | 00,000,072 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\config.ini
[2008/10/24 14:48:16 | 20,594,416 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\xyj.exe
[2008/10/24 14:48:16 | 00,001,109 | ---- | M] () -- C:\WINDOWS\System32\cid_store.dat
[2008/10/24 00:33:57 | 00,000,135 | ---- | M] () -- C:\WINDOWS\System32\imon1.dat
[2008/10/22 00:45:59 | 01,058,816 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\中國錢幣與書法.doc
[2008/10/22 00:44:20 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\古钱币上的书法艺术.doc
** - C:\Documents and Settings\Ken\桌面\古??上的?法??.doc
[2008/10/21 23:49:37 | 00,265,205 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081026-201027.backup
[2008/10/21 23:49:37 | 00,265,205 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/21 23:47:27 | 00,265,205 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081021-234937.backup
[2008/10/08 23:05:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/10/08 23:05:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/10/08 03:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/07 23:59:22 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\Reference.doc
[2008/10/07 23:20:06 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\Part 2.doc
[2008/10/07 16:29:25 | 02,032,128 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\network01.ppt
[2008/10/05 15:21:38 | 00,000,491 | ---- | M] () -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\OAhotkey.lnk
[2008/10/05 15:20:45 | 00,000,040 | ---- | M] () -- C:\WINDOWS\EPDOA.ini
[2008/10/04 02:20:19 | 00,265,205 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081021-234726.backup
[2008/10/04 00:58:14 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
< End of report >

#4 Paul61112002

Member

Group: Members
Posts: 78
Joined: 01-November 08

Posted 01 November 2008 - 10:51 PM

And it is the extras.txt
=======================
OTViewIt Extras logfile created on: 2/11/2008 11:46:39 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Ken\桌面
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

1022.07 Mb Total Physical Memory | 586.45 Mb Available Physical Memory | 57.38% Memory free
2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.16% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 98.42 Gb Free Space | 66.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAUL
Current User Name: Ken
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=1
""=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=1
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2004/08/12 18:00:00 | 00,136,704 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/10/18 11:35:18 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/11/29 14:29:40 | 01,413,120 | ---- | M] (Thunder Networking Technologies,LTD) -- C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:*:Enabled:Thunder
[2005/12/07 16:45:30 | 00,447,488 | ---- | M] (Kingsoft Co, Ltd.) -- C:\Program Files\Kingsoft\PowerWord 2006\XDICT.EXE:*:Enabled:Kingsoft PowerWord 2006
[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/11/13 02:35:30 | 05,081,600 | ---- | M] () -- C:\Program Files\YouBe Casual Network\YouBe.exe:*:Enabled:YouBe Casual Network Client
[2007/06/05 13:02:13 | 01,922,936 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator
[2007/06/05 13:02:13 | 00,137,088 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorEngine
[2004/08/12 18:00:00 | 00,136,704 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/10/18 11:35:18 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [PNRP 定域機組命名空間提供者] -- C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [PNRP 名稱命名空間提供者] -- C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000024 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000025 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000026 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000027 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000028 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000029 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000030 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000031 -- C:\WINDOWS\system32\imon.dll (Eset )

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/23 12:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}"=Macromedia Dreamweaver MX 2004
"{09F1BC13-752E-4569-B6E3-CEF1695ACC7F}"=Powerword 2006
"{0B76561B-A254-44F2-B78D-E18705FBE9F0}"=Windows Presentation Foundation Language Pack (CHT)
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI 控制台
"{0C9B0475-F65F-45AB-8D88-2AE7C195E907}"=Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack
"{0DEE88A2-E250-4955-A5AF-EFC2C305E7C6}"=Windows Live installer
"{0F9196C6-58B4-445B-B56E-B1200FECC151}"=Microsoft Bootvis
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{20FF019B-1346-453F-B3BB-95795FA2E085}"=Windows Communication Foundation Language Pack - CHT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{2864C41B-EF2D-4640-95A2-526276524519}"=Borland C++Builder 6
"{2F10F540-4126-45B5-B14C-9B8D119205E6}"=Windows Workflow Foundation ZH-CHT Language Pack
"{2F353D44-73BB-4971-B31D-F7642E9E9531}"=Macromedia Flash MX 2004
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B6-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{358A2F50-8885-4EDE-BBB0-130A5834E0B4}"=Visual FoxPro 9.0 Baseline - English
"{36177F72-8181-45D7-95D1-EA5B008A4DC9}"=Macro Vibration Joystick
"{3748D2FC-83CB-445A-87D8-DE88080FBB4F}"=Power Voice II
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}"=Microsoft AppLocale
"{39F8BF57-47FA-4F8D-9404-1B41321743AF}"=AntiCrash 3.6.1
"{41925E73-4C04-479C-B2CA-C3EEA2A4CD3E}"=醇紌 (Windows Live Toolbar)
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}"=Dell CinePlayer
"{48976A2B-53A5-435E-AF7A-8D034ED24ECF}"=Wiseman Voice Engine
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{53984380-2AE6-458A-8C64-FEB40B747E8F}"=Civilization III
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}"=Sonic Activation Module
"{618CE1E3-AAE5-4E53-ABC7-01E1224D5870}"=Shin Sangokumusou 4 Special
"{636EFC48-221F-442B-9299-5E2A09B3D933}"=Windows Live Toolbar
"{6560D90C-5223-49A3-B78C-A48C31EAEC56}"=Windows Live Messenger
"{67C5EC16-0DC1-4045-A7FF-D7D0FFA4B54D}"=Microsoft .NET Framework 2.0 Language Pack - CHT
"{6BD5BA64-404E-4D4C-80D1-70EF72EC3D6D}"=Microsoft .NET Framework 3.0 Traditional Chinese Language Pack
"{772214C5-4CC2-40FA-8BD8-A98570D18C13}"=Windows Live 紇钩いみ
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}"=Intel® PROSet for Wired Connections
"{8D49763E-A43C-45CB-9561-5267627ED243}"=Windows Live Mail
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90110404-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0010-0804-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (Chinese (Simplified)) 12
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0804-0000-0000000FF1CE}"=Microsoft Office Proof (Chinese (Simplified)) 2007
"{90120000-001F-0804-0000-0000000FF1CE}_PRJPRO_{C0214747-76E6-4C82-ACE7-4F6FB84CE5A9}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0804-0000-0000000FF1CE}_VISPRO_{C0214747-76E6-4C82-ACE7-4F6FB84CE5A9}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0028-0804-0000-0000000FF1CE}"=Microsoft Office IME (Chinese (Simplified)) 2007
"{90120000-0028-0804-0000-0000000FF1CE}_PRJPRO_{5E9B9C9D-964B-4E00-BD68-A22AC484E835}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0028-0804-0000-0000000FF1CE}_VISPRO_{5E9B9C9D-964B-4E00-BD68-A22AC484E835}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0804-0000-0000000FF1CE}"=Microsoft Office Proofing (Chinese (Simplified)) 2007
"{90120000-003B-0000-0000-0000000FF1CE}"=Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C1877F6E-C1C8-486D-A697-86431029690C}"=Microsoft Office Project 2007 Service Pack 1 (SP1)
"{90120000-0051-0000-0000-0000000FF1CE}"=Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}"=Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-0054-0804-0000-0000000FF1CE}"=Microsoft Office Visio MUI (Chinese (Simplified)) 2007
"{90120000-0054-0804-0000-0000000FF1CE}_VISPRO_{C56C2A01-1BA3-401D-AB05-FF8E13B64DCE}"=Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-006E-0804-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Chinese (Simplified)) 2007
"{90120000-006E-0804-0000-0000000FF1CE}_PRJPRO_{AD8C9A1B-8EFE-42BE-93D0-7281302869D4}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0804-0000-0000000FF1CE}_VISPRO_{AD8C9A1B-8EFE-42BE-93D0-7281302869D4}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B4-0804-0000-0000000FF1CE}"=Microsoft Office Project MUI (Chinese (Simplified)) 2007
"{90120000-00B4-0804-0000-0000000FF1CE}_PRJPRO_{9051A408-D436-4670-B65C-EF793212AE7E}"=Microsoft Office Project 2007 Service Pack 1 (SP1)
"{9BAAE963-E16D-4E17-AFE6-1965F5AA0292}"=Visual FoxPro 9.0 Professional - English
"{9DE9E293-5D7B-4312-88C2-BDFAEC5310AE}"=Microsoft .NET Framework 3.0
"{9F16A9FF-3784-4F73-0082-2182D5A93311}"=Need For Speed Most Wanted
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}"=Macromedia Extension Manager
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}"=Dell Media Experience
"{AC76BA86-7AD7-1028-7B44-A81200000003}"=Adobe Reader 8.1.2 - Chinese Traditional
"{AC76BA86-7AD7-2447-0000-800000000003}"=Chinese Simplified Fonts Support For Adobe Reader 8
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live 祅腊も
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{B74D4E10-6884-0000-0000-000000000103}"=Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}"=Alky for Applications (Windows XP)
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}"=Microsoft SOAP Toolkit 3.0
"{C621DFA7-85D8-4CDF-89EA-B01001790038}"=InstallShield Express 5.0 Visual FoxPro Limited Edition
"{C77B594A-8A79-4F66-92BE-D834CABD45CB}"=Zoom 1.3.1
"{C8550C86-A712-4219-AD4C-038C9FD1D149}"=Ulead PhotoImpact 11
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}"=Microsoft Game Studios Common Redistributables Pack 1
"{D0DCD54F-C829-41A5-AF32-71E632BB0E2C}"=Kaspersky Internet Security 6.0
"{D0EFA98B-03A8-4F7C-B1C9-247994711331}"=Hare 1.5.1
"{D3655544-5CAA-4705-B54D-2CBCE176AFDB}"=Windows Live Toolbar 耎 (Windows Live Toolbar)
"{D41B0402-93A0-4242-9A9E-0FBD02A265CD}"=眶ヘ矗ボ浪跌竟 (Windows Live Toolbar)
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"=Microsoft Windows Application Compatibility Database
"{E583ED6F-BD99-4066-A420-C815BF692B69}"=Macromedia Fireworks MX 2004
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}"=
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}"=Adobe Stock Photos 1.0
"{EEABB513-CB07-4918-BF68-C340B505A221}"=Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"Ad-Aware SE Professional"=Ad-Aware SE Professional
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"ATI Display Driver"=ATI Display Driver
"AVGAntiSpyware75"=AVG Anti-Spyware 7.5
"Burn4Free"=Burn4Free CD and DVD
"Burn4Free Toolbar"=Burn4Free Toolbar
"ClocX"=ClocX (1.5b1)
"CSI-3 Dimensions of Murder"=CSI-3 Dimensions of Murder 1.0
"Dev-C++ 4"=Dev-C++ 4
"DSMT6"=MathType 6
"FlashGet"=FlashGet 1.9.6.1073
"getPlus®_ocx"=getPlus®_ocx
"HijackThis"=HijackThis 2.0.2
"Insaniquarium Deluxe 1.0"=Insaniquarium Deluxe 1.0
"InstallWIX_{D0DCD54F-C829-41A5-AF32-71E632BB0E2C}"=Kaspersky Internet Security 6.0
"Mechanics 96"=Mechanics 96
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - CHT"=Microsoft .NET Framework 2.0 粂ē甅ン - 羉砰いゅ
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.0 Traditional Chinese Language Pack"=Microsoft .NET Framework 3.0 羉砰いゅ粂ē甅ン
"Mozilla Firefox (2.0.0.14)"=Mozilla Firefox (2.0.0.14)
"NOD32"=NOD32防毒系統
"PRJPRO"=Microsoft Office Project Professional 2007
"PROSet"=Intel® PRO Network Connections Drivers
"QuickTime"=QuickTime
"RealPlayer 6.0"=RealPlayer
"SpeedBit Video Accelerator"=SpeedBit Video Accelerator
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20
"Taikou risshiden 4"=太閤立志傳Ⅳ
"thunder_is1"=迅雷5
"USB-706 Vibration Joystick"=USB-706 Vibration Joystick
"VISPRO"=Microsoft Office Visio Professional 2007
"Visual FoxPro 9.0 Professional - English"=Microsoft Visual FoxPro 9.0 Professional - English
"Windows Live Toolbar"=Windows Live Toolbar
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP"=XML Paper Specification Shared Components Language Pack 1.0
"Yayad"=Yayad
"沭鎢諷秶芞抎奪燴炵苀等儂唳2008"=沭鎢諷秶芞抎奪燴炵苀等儂唳2008

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{618CE1E3-AAE5-4E53-ABC7-01E1224D5870}"=真‧三國無雙４ Special

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{618CE1E3-AAE5-4E53-ABC7-01E1224D5870}"=真‧三國無雙４ Special

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31/10/2008 11:38:32 | Computer Name = PAUL | Source = Windows Product Activation | ID = 1009
Description = 您並未在限定期間內啟用Windows。如果要啟用 Windows，請打電話連絡客戶服務人員。

Error - 31/10/2008 11:41:24 | Computer Name = PAUL | Source = Windows Product Activation | ID = 1009
Description = 您並未在限定期間內啟用Windows。如果要啟用 Windows，請打電話連絡客戶服務人員。

Error - 31/10/2008 11:42:28 | Computer Name = PAUL | Source = Windows Product Activation | ID = 1009
Description = 您並未在限定期間內啟用Windows。如果要啟用 Windows，請打電話連絡客戶服務人員。

Error - 31/10/2008 11:45:30 | Computer Name = PAUL | Source = Windows Product Activation | ID = 1009
Description = 您並未在限定期間內啟用Windows。如果要啟用 Windows，請打電話連絡客戶服務人員。

Error - 31/10/2008 12:03:24 | Computer Name = PAUL | Source = Application Hang | ID = 1002
Description = 無回應的應用程式 IEXPLORE.EXE，版本 6.0.2900.2180。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址
0x00000000。

Error - 31/10/2008 12:04:00 | Computer Name = PAUL | Source = Application Error | ID = 1000
Description = 失敗的應用程式 iexplore.exe，版本 6.0.2900.2180，失敗的模組 unknown，版本 0.0.0.0，錯誤位址
0x02f20ff1。

Error - 31/10/2008 12:08:06 | Computer Name = PAUL | Source = Application Hang | ID = 1002
Description = 無回應的應用程式 IEXPLORE.EXE，版本 6.0.2900.2180。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址
0x00000000。

Error - 31/10/2008 12:08:47 | Computer Name = PAUL | Source = Application Hang | ID = 1002
Description = 無回應的應用程式 IEXPLORE.EXE，版本 6.0.2900.2180。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址
0x00000000。

Error - 31/10/2008 12:08:51 | Computer Name = PAUL | Source = Application Hang | ID = 1001
Description = 錯誤容器 126637809。

Error - 1/11/2008 9:22:39 | Computer Name = PAUL | Source = Application Hang | ID = 1002
Description = 無回應的應用程式 IEXPLORE.EXE，版本 6.0.2900.2180。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址
0x00000000。

[ System Events ]
Error - 31/10/2008 12:25:33 | Computer Name = PAUL | Source = Service Control Manager | ID = 7026
Description = 下列開機啟動或系統啟動驅動程式無法載入: 00 kl1 klif

Error - 1/11/2008 8:38:39 | Computer Name = PAUL | Source = sptd | ID = 262148
Description = 驅動程式在的資料結構中偵測內部錯誤。

Error - 1/11/2008 8:38:56 | Computer Name = PAUL | Source = Service Control Manager | ID = 7000
Description = Kaspersky Internet Security 6.0 服務無法啟動，因為發生下列錯誤: %%3

Error - 1/11/2008 8:39:04 | Computer Name = PAUL | Source = Service Control Manager | ID = 7026
Description = 下列開機啟動或系統啟動驅動程式無法載入: 00 kl1 klif

Error - 1/11/2008 20:20:52 | Computer Name = PAUL | Source = sptd | ID = 262148
Description = 驅動程式在的資料結構中偵測內部錯誤。

Error - 1/11/2008 20:21:15 | Computer Name = PAUL | Source = Service Control Manager | ID = 7000
Description = Kaspersky Internet Security 6.0 服務無法啟動，因為發生下列錯誤: %%3

Error - 1/11/2008 20:21:24 | Computer Name = PAUL | Source = Service Control Manager | ID = 7026
Description = 下列開機啟動或系統啟動驅動程式無法載入: 00 kl1 klif

Error - 1/11/2008 23:41:17 | Computer Name = PAUL | Source = sptd | ID = 262148
Description = 驅動程式在的資料結構中偵測內部錯誤。

Error - 1/11/2008 23:41:26 | Computer Name = PAUL | Source = Service Control Manager | ID = 7000
Description = Kaspersky Internet Security 6.0 服務無法啟動，因為發生下列錯誤: %%3

Error - 1/11/2008 23:41:30 | Computer Name = PAUL | Source = Service Control Manager | ID = 7026
Description = 下列開機啟動或系統啟動驅動程式無法載入: 00 kl1 klif

< End of report >

#5 Paul61112002

Member

Group: Members
Posts: 78
Joined: 01-November 08

Posted 02 November 2008 - 10:55 AM

I am sorry to get back.
Can anyone help me deal with the problem?

#6 Buckeye_Sam

Malware Expert

Group: Malware Response Team
Posts: 17,382
Joined: 23-December 04
Gender:Male
Location:Pickerington, Ohio

Posted 02 November 2008 - 11:15 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#7 Paul61112002

Member

Group: Members
Posts: 78
Joined: 01-November 08

Posted 02 November 2008 - 11:50 AM

ComboFix 08-11-01.06 - Ken 2008-11-03 0:40:28.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.886.1028.18.547 [GMT 8:00]
執行位置: C:\Documents and Settings\Ken\桌面\ComboFix.exe
* 成功創造新還原點
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ken\Application Data\dach100.dll

.
((((((((((((((((((((((((( 2008-10-02 至 2008-11-02 的新的檔案 )))))))))))))))))))))))))))))))
.

2008-11-02 15:56 . 2008-11-02 15:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-11-02 15:56 . 2008-11-02 15:56 1,409 --a------ C:\WINDOWS\QTFont.for
2008-11-01 06:40 . 2008-11-01 06:40 <DIR> d-------- C:\WINDOWS\dell
2008-11-01 00:10 . 2008-11-01 00:10 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\Talkback
2008-10-31 23:57 . 2008-10-31 23:57 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2008-10-31 23:35 . 2008-11-01 00:35 <DIR> d-------- C:\Documents and Settings\Lee Chi Ho
2008-10-31 23:24 . 2004-08-12 18:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2008-10-31 23:24 . 2004-08-12 18:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2008-10-31 23:22 . 2004-08-12 18:00 111,104 --a--c--- C:\WINDOWS\system32\dllcache\mtstocom.exe
2008-10-31 23:21 . 2004-08-12 18:00 331,264 --a--c--- C:\WINDOWS\system32\dllcache\aqueue.dll
2008-10-31 23:20 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-10-31 23:18 . 2008-10-31 23:18 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-31 23:17 . 2004-08-12 18:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-10-31 22:51 . 2004-08-12 18:00 1,104,400 -ra------ C:\WINDOWS\SET77.tmp
2008-10-31 22:51 . 2004-08-12 18:00 1,025,000 -ra------ C:\WINDOWS\SET74.tmp
2008-10-31 22:51 . 2004-08-12 18:00 14,043 -ra------ C:\WINDOWS\SET83.tmp
2008-10-31 22:31 . 2008-10-31 22:31 1,943 --a------ C:\WINDOWS\imsins.BAK
2008-10-26 21:08 . 2008-10-31 22:34 14,912 --a------ C:\WINDOWS\setupapi.old
2008-10-07 21:54 . 2008-10-07 21:55 1,871 --a------ C:\Documents and Settings\Ken\abc.bat

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 14:00 --------- d-----w C:\Program Files\sanguo2
2008-10-31 16:20 --------- d-----w C:\Program Files\Spyware Doctor
2008-10-26 11:37 --------- d-----w C:\Program Files\ESET
2008-10-03 18:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-11 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-08 09:28 --------- d-----w C:\Program Files\Nestopia
2008-09-08 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-06 15:58 --------- d-----w C:\Program Files\沭鎢諷秶芞抎奪燴炵苀
2008-09-06 14:18 --------- d-----w C:\Program Files\??管理系?
2008-09-02 07:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-27 16:50 0 ----a-w C:\Documents and Settings\Ken\jagex_runescape_preferences.dat
2007-03-03 16:45 686 ----a-w C:\Documents and Settings\Ken\清除系統LJ.bat
2004-01-25 01:47 110,296 ----a-w C:\Documents and Settings\Ken\bor.exe
.

((((((((((((((((((((((((((((( snapshot_2008-11-01_ 0.31.32.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 19:29:55 29,926 ----a-r C:\WINDOWS\Installer\{6560D90C-5223-49A3-B78C-A48C31EAEC56}\MsblIco.Exe
+ 2008-11-01 14:27:04 29,926 ----a-r C:\WINDOWS\Installer\{6560D90C-5223-49A3-B78C-A48C31EAEC56}\MsblIco.Exe
+ 2008-11-02 15:49:27 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_4bc.dat
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-15 1695232]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-14 180269]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 90112]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952]
"ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2007-08-30 205480]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-02-04 949376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-12 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-12 44544]

C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798]
Hare.lnk - C:\Program Files\Dachshund Software\Hare\Hare.exe [2002-09-21 1874381]
OAhotkey.lnk - C:\EPDOA\OAHotkey.EXE [2007-07-26 491008]
Zoom.lnk - C:\Program Files\Dachshund Software\Zoom\Zoom.exe [2002-09-21 1446302]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"=
"C:\\Program Files\\Kingsoft\\PowerWord 2006\\XDICT.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\YouBe Casual Network\\YouBe.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 myxlljjp;myxlljjp;C:\WINDOWS\system32\DRIVERS\myxlljjp.sys [2007-06-19 11192]
R0 vzchp;vzchp;C:\WINDOWS\system32\drivers\vzchp.sys [2008-04-15 28384]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-06-05 34304]
S3 CENIXFMC;Cenix Digicom Digital Voice Recorder Service;C:\WINDOWS\system32\Drivers\CENIXFMC.sys [2002-10-07 18660]
S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [2006-06-28 53793]
S3 IPvE;IPvE Adapter Driver;C:\WINDOWS\system32\DRIVERS\IPvE.sys [2008-06-29 14144]
S3 jgameenp;jgameenp;C:\DOCUME~1\Ken\LOCALS~1\Temp\jgameenp.sys [ ]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-12 14336]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-12 14336]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-12 14336]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-12 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - CATCHME
.
‘計劃任務’ 文件夾裡的內容

2008-11-02 C:\WINDOWS\Tasks\查看 Windows Live Toolbar 的更新資訊.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- 而外的掃描 -------
.
FireFox -: Profile - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 00:42:41
Windows 5.1.2600 Service Pack 2 NTFS

掃描被隱藏的進程。。。 ...

掃描被隱藏的啟動組。。。

掃描被隱藏的文件。。。

掃描完成
被隱藏的檔案: 0

**************************************************************************
.
--------------------- 運行進程下的動態鏈接庫 ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
完成時間: 2008-11-03 0:44:36
ComboFix-quarantined-files.txt 2008-11-02 16:44:09
ComboFix2.txt 2008-10-31 16:32:18
ComboFix3.txt 2008-10-27 14:06:36
ComboFix4.txt 2008-10-26 13:24:21
ComboFix5.txt 2008-11-02 16:35:58

Pre-Run: 105,453,273,088 位元組可用
Post-Run: 105,473,851,392 位元組可用

WindowsXP-KB310994-SP2-Home-BootDisk-CHT.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

165 --- E O F --- 2008-10-24 12:58:10

#8 Buckeye_Sam

Malware Expert

Group: Malware Response Team
Posts: 17,382
Joined: 23-December 04
Gender:Male
Location:Pickerington, Ohio

Posted 02 November 2008 - 03:08 PM

Please visit the online Jotti Virus Scanner

Click on button.
Copy and paste the following filepath in the box:

C:\Documents and Settings\Ken\bor.exe
Click on the button.
The scanner will check the file with various AV companies.
Copy and paste the results box into a reply to this thread.

If Jotti's too busy, try here:
Go here: http://www.virustotal.com/en/virustotalf.html

#9 Paul61112002

Member

Group: Members
Posts: 78
Joined: 01-November 08

Posted 03 November 2008 - 09:36 AM

Scanner results
Scan taken on 03 Nov 2008 14:34:18 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

#10 Buckeye_Sam

Malware Expert

Group: Malware Response Team
Posts: 17,382
Joined: 23-December 04
Gender:Male
Location:Pickerington, Ohio

Posted 03 November 2008 - 03:41 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Driver::
jgameenp

File::
C:\DOCUME~1\Ken\LOCALS~1\Temp\jgameenp.sys

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=-
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=-
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=-
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=-
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=-
[HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=-

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

=================

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

Follow the Instruction on the F-Secure page for proper installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

#11 Paul61112002

Member

Group: Members
Posts: 78
Joined: 01-November 08

Posted 04 November 2008 - 09:59 AM

ComboFix 08-11-03.06 - Ken 2008-11-04 22:40:30.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.886.1028.18.562 [GMT 8:00]
執行位置: c:\documents and settings\Ken\桌面\ComboFix.exe
Command switches used :: c:\documents and settings\Ken\桌面\CFScript.txt
* 成功創造新還原點
* Resident AV is active

FILE ::
c:\docume~1\Ken\LOCALS~1\Temp\jgameenp.sys
.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ken\Application Data\dach100.dll

.
((((((((((((((((((((((((((((((((((((((( 驅動/服務 )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_jgameenp

((((((((((((((((((((((((( 2008-10-04 至 2008-11-04 的新的檔案 )))))))))))))))))))))))))))))))
.

2008-11-04 22:49 . 2008-11-04 22:49 64,512 --ah----- c:\documents and settings\Ken\Application Data\dach100.dll
2008-11-02 15:56 . 2008-11-02 15:56 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-02 15:56 . 2008-11-02 15:56 1,409 --a------ c:\windows\QTFont.for
2008-11-01 06:40 . 2008-11-01 06:40 <DIR> d-------- c:\windows\dell
2008-11-01 00:10 . 2008-11-01 00:10 <DIR> d-------- c:\documents and settings\Ken\Application Data\Talkback
2008-10-31 23:57 . 2008-10-31 23:57 2,422 --a------ c:\windows\system32\wpa.bak
2008-10-31 23:35 . 2008-11-01 00:35 <DIR> d-------- c:\documents and settings\Lee Chi Ho
2008-10-31 23:24 . 2004-08-12 18:00 41,600 --a--c--- c:\windows\system32\dllcache\weitekp9.dll
2008-10-31 23:24 . 2004-08-12 18:00 31,232 --a--c--- c:\windows\system32\dllcache\weitekp9.sys
2008-10-31 23:22 . 2004-08-12 18:00 111,104 --a--c--- c:\windows\system32\dllcache\mtstocom.exe
2008-10-31 23:21 . 2004-08-12 18:00 331,264 --a--c--- c:\windows\system32\dllcache\aqueue.dll
2008-10-31 23:20 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll
2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\WindowsShell.Manifest
2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-10-31 23:18 . 2008-10-31 23:18 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-10-31 23:17 . 2004-08-12 18:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2008-10-31 22:51 . 2004-08-12 18:00 1,104,400 -ra------ c:\windows\SET77.tmp
2008-10-31 22:51 . 2004-08-12 18:00 1,025,000 -ra------ c:\windows\SET74.tmp
2008-10-31 22:51 . 2004-08-12 18:00 14,043 -ra------ c:\windows\SET83.tmp
2008-10-31 22:31 . 2008-10-31 22:31 1,943 --a------ c:\windows\imsins.BAK
2008-10-26 21:08 . 2008-10-31 22:34 14,912 --a------ c:\windows\setupapi.old
2008-10-07 21:54 . 2008-10-07 21:55 1,871 --a------ c:\documents and settings\Ken\abc.bat

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 14:00 --------- d-----w c:\program files\sanguo2
2008-10-31 16:20 --------- d-----w c:\program files\Spyware Doctor
2008-10-26 11:37 --------- d-----w c:\program files\ESET
2008-10-03 18:18 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-09-11 12:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-09-08 09:28 --------- d-----w c:\program files\Nestopia
2008-09-08 09:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-06 15:58 --------- d-----w c:\program files\沭鎢諷秶芞抎奪燴炵苀
2008-09-06 14:18 --------- d-----w c:\program files\??管理系?
2008-07-27 16:50 0 ----a-w c:\documents and settings\Ken\jagex_runescape_preferences.dat
2007-03-03 16:45 686 ----a-w c:\documents and settings\Ken\清除系統LJ.bat
2004-01-25 01:47 110,296 ----a-w c:\documents and settings\Ken\bor.exe
.

((((((((((((((((((((((((((((( snapshot_2008-11-01_ 0.31.32.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 19:29:55 29,926 ----a-r c:\windows\Installer\{6560D90C-5223-49A3-B78C-A48C31EAEC56}\MsblIco.Exe
+ 2008-11-01 14:27:04 29,926 ----a-r c:\windows\Installer\{6560D90C-5223-49A3-B78C-A48C31EAEC56}\MsblIco.Exe
+ 2008-11-04 14:47:24 16,384 ----atw c:\windows\temp\Perflib_Perfdata_120.dat
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-15 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-14 180269]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 90112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2007-08-30 205480]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-02-04 949376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-12 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-12 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-12 44544]

c:\documents and settings\Ken\「開始」功能表\程式集\啟動\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
AntiCrash.lnk - c:\program files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798]
Hare.lnk - c:\program files\Dachshund Software\Hare\Hare.exe [2002-09-21 1874381]
OAhotkey.lnk - c:\epdoa\OAHotkey.EXE [2007-07-26 491008]
Zoom.lnk - c:\program files\Dachshund Software\Zoom\Zoom.exe [2002-09-21 1446302]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"=
"c:\\Program Files\\Kingsoft\\PowerWord 2006\\XDICT.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\YouBe Casual Network\\YouBe.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 myxlljjp;myxlljjp;c:\windows\system32\DRIVERS\myxlljjp.sys [2007-06-19 11192]
R0 vzchp;vzchp;c:\windows\system32\drivers\vzchp.sys [2008-04-15 28384]
R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [2007-06-05 34304]
S3 CENIXFMC;Cenix Digicom Digital Voice Recorder Service;c:\windows\system32\Drivers\CENIXFMC.sys [2002-10-07 18660]
S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2006-06-28 53793]
S3 IPvE;IPvE Adapter Driver;c:\windows\system32\DRIVERS\IPvE.sys [2008-06-29 14144]
S3 p2pgasvc;Peer Networking Group Authentication;c:\windows\system32\svchost.exe [2004-08-12 14336]
S3 p2pimsvc;Peer Networking Identity Manager;c:\windows\system32\svchost.exe [2004-08-12 14336]
S3 p2psvc;Peer Networking;c:\windows\system32\svchost.exe [2004-08-12 14336]
S3 PNRPSvc;Peer Name Resolution Protocol;c:\windows\system32\svchost.exe [2004-08-12 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
.
‘計劃任務’ 文件夾裡的內容

2008-11-04 c:\windows\Tasks\查看 Windows Live Toolbar 的更新資訊.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 22:48:15
Windows 5.1.2600 Service Pack 2 NTFS

掃描被隱藏的進程。。。 ...

掃描被隱藏的啟動組。。。

掃描被隱藏的文件。。。

掃描完成
被隱藏的檔案: 0

**************************************************************************
.
--------------------- 運行進程下的動態鏈接庫 ---------------------

PROCESS: c:\windows\system32\lsass.exe
-> c:\program files\Eset\pr_imon.dll
.
------------------------ 其他運行進程 ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\conime.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\program files\Spyware Doctor\svcntaux.exe
c:\program files\Spyware Doctor\swdsvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wscntfy.exe
c:\windows\Integrator.exe
.
**************************************************************************
.
完成時間: 2008-11-04 22:54:08 - 電腦已重新啟動
ComboFix-quarantined-files.txt 2008-11-04 14:54:04
ComboFix2.txt 2008-11-02 16:44:37
ComboFix3.txt 2008-10-31 16:32:18
ComboFix4.txt 2008-10-27 14:06:36
ComboFix5.txt 2008-11-04 14:39:25

Pre-Run: 105,444,737,024 位元組可用
Post-Run: 105,441,628,160 位元組可用

175 --- E O F --- 2008-10-24 12:58:10

#12 Paul61112002

Member

Group: Members
Posts: 78
Joined: 01-November 08

Posted 04 November 2008 - 10:11 AM

When I use IE and enter the url,
another window is shown and I can't access to it.
What can I do??

#13 Paul61112002

Member

Group: Members
Posts: 78
Joined: 01-November 08

Posted 08 November 2008 - 11:07 AM

I am sorry to get back.
The problem has been made for 4 days.
Can anyone help me?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:06:33, on 9/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\EPDOA\OAHotkey.EXE
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Ken\桌面\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live 祅腊? - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: 發佈至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: 使用 Windows Live Writer 發佈至部落格(& :thumbsup:

#14 Buckeye_Sam

Malware Expert

Group: Malware Response Team
Posts: 17,382
Joined: 23-December 04
Gender:Male
Location:Pickerington, Ohio

Posted 08 November 2008 - 07:04 PM

I'm sorry. I missed your post for some reason.
Let's try a different scan.

Please do an online scan with Kaspersky WebScanner.

Please visit the Kaspersky Online Scanner website.
Click on the Accept button and install any components it needs.
The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.

#15 Paul61112002

Member

Group: Members
Posts: 78
Joined: 01-November 08

Posted 09 November 2008 - 07:51 AM

Thank you for your help~~

KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, November 9, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 09, 2008 06:40:09
Records in database: 1376307

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Files scanned 132476
Threat name 18
Infected objects 22
Suspicious objects 0
Duration of the scan 03:00:49

File name Threat name Threats count
C:\Downloads\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Program Files\ESET\infected\1YASYTDA.NQF Infected: Trojan-GameThief.Win32.OnLineGames.tqar 1

C:\Program Files\ESET\infected\2OLXCJCA.NQF Infected: Trojan-GameThief.Win32.Magania.ahhz 1

C:\Program Files\ESET\infected\2UCTWHCA.NQF Infected: Trojan-GameThief.Win32.OnLineGames.tptr 1

C:\Program Files\ESET\infected\5GXEWLCA.NQF Infected: Trojan.Win32.Agent.acve 1

C:\Program Files\ESET\infected\DYVOQCCA.NQF Infected: Trojan-GameThief.Win32.Magania.ahhz 1

C:\Program Files\ESET\infected\GPX12NAA.NQF Infected: Trojan-GameThief.Win32.OnLineGames.torg 1

C:\Program Files\ESET\infected\HJF2UBCA.NQF Infected: Trojan-Downloader.Win32.Adload.bge 1

C:\Program Files\ESET\infected\K4U1SMCA.NQF Infected: Trojan-Downloader.Win32.Adload.bge 1

C:\Program Files\ESET\infected\LPD2Z4CA.NQF Infected: Trojan-PSW.Win32.QQPass.dcg 1

C:\Program Files\ESET\infected\MKT1HYCA.NQF Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Program Files\ESET\infected\R5RG12BA.NQF Infected: Trojan.Win32.Multis.hk 1

C:\Program Files\ESET\infected\RP2X4WCA.NQF Infected: Trojan-Downloader.Win32.BHOSta.be 1

C:\Program Files\ESET\infected\WSRFFACA.NQF Infected: Backdoor.Win32.Agent.tpa 1

C:\Program Files\ESET\infected\XQUQ5PCA.NQF Infected: Trojan-GameThief.Win32.OnLineGames.tpnq 1

C:\Program Files\ESET\infected\YZSTSXCA.NQF Infected: not-a-virus:AdWare.Win32.Cinmus.sqo 1

C:\Program Files\ESET\infected\ZPSY5FCA.NQF Infected: not-a-virus:AdWare.Win32.Cinmus.sqo 1

C:\QooBox\Quarantine\C\WINDOWS\shishi.exe.vir Infected: Trojan-GameThief.Win32.WOW.cfu 1

C:\QooBox\Quarantine\C\WINDOWS\system\llwzjy081025.exe.vir Infected: Worm.Win32.AutoRun.rdr 1

C:\QooBox\Quarantine\C\WINDOWS\system\mvjaj32dla.dll.vir Infected: Worm.Win32.AutoRun.rci 1

C:\QooBox\Quarantine\C\WINDOWS\xm.exe.vir Infected: Trojan-PSW.Win32.QQPass.dxe 1

C:\WINDOWS\system32\drivers\leoiobo.sys Infected: Trojan.Win32.Agent.yjt 1

The selected area was scanned.