Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Me! My Ie6 Has Been Hijacked


  • This topic is locked This topic is locked
12 replies to this topic

#1 hello world

hello world

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 24 February 2008 - 06:36 AM

Help me! My IE6 has been hijacked.Every time I try to open a site.It opens the site which is not I wanted. Reinstalling IE7 doesn't solve this problem.A month later when I try to open a site,it says
Internet Explorer cannot display the webpage

Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.

I have tried spybot and rising antivarius software,but the problem remains.Please help me.Thank you in advance.
this is what I got when I scaned the computer .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:57, on 2008-2-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
e:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\UAService.exe
E:\Program Files\Lingoes\Translator2\Lingoes.exe
E:\Program Files\CCleaner\ccleaner.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\KVFW\kvfw.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
e:\Program Files\Rising\Rav\RAVMON.EXE
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\Program Files\千千静听龙卷风清爽美化版\TTPlayer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - E:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxtray] ; C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RavTask] "e:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] E:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] E:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
O8 - Extra context menu item: 使用迅雷下载 - E:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - E:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EB4A54D-1792-4534-961F-BBE4266F5681}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0EB4A54D-1792-4534-961F-BBE4266F5681}: NameServer = 192.168.1.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{0EB4A54D-1792-4534-961F-BBE4266F5681}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - (no file)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod 服务 (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - e:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7339 bytes

BC AdBot (Login to Remove)

 


m

#2 hello world

hello world
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 08 March 2008 - 12:19 AM

Is something wrong? why not help me?

#3 AriMan

AriMan

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:42 AM

Posted 15 March 2008 - 02:44 AM

Hello, hello world and welcome to BleepingComputer!

Apologies for the delay. The forum has been so very busy lately.
If you still need help and not getting help elsewhere.
I would be glad to help you with your computer problems.
Please post a brand new HijackThis log as a reply to this topic.
Thanks,

AriMan

#4 hello world

hello world
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 15 March 2008 - 03:16 AM

It's very kind of you. Thanks!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:50, on 2008-3-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
e:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\千千静听龙卷风清爽美化版\TTPlayer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - E:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxtray] ; C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RavTask] "e:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] E:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD

O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EB4A54D-1792-4534-961F-BBE4266F5681}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C871649F-CE3C-40CD-B5C0-48469A5491E9}: NameServer = 202.97.224.68 202.97.224.69
O17 - HKLM\System\CS3\Services\Tcpip\..\{0EB4A54D-1792-4534-961F-BBE4266F5681}: NameServer = 192.168.1.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{0EB4A54D-1792-4534-961F-BBE4266F5681}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - (no file)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod 服务 (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - e:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7118 bytes

#5 AriMan

AriMan

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:42 AM

Posted 16 March 2008 - 06:58 AM

Hi!, hello world

HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer
working as quickly as possible, and I will work hard to help see that happens.
I am currently looking over your log. As I am a trainee, everything that I post to you must be checked by an Admin or
Moderator.
Thus, there may be a small delay between posts, but it shouldn't be too long. I will post back shortly
with a potential fix.

I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does
    not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be
    sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
During the remainder of the fix, refrain from using the computer for
Surfing the internet
Recreational or Business related work
Uploading or downloading any Programs, files, or any File Sharing Activities
Basically follow my directions to the letter, so that in the end both of us will be smiling as to the wonderful job
we’ve accomplished together.

Ready Let’s Go!


Step <1>: Download combofix
  • Download combofix from any of these links and save it to Desktop:
    Link 1
    Link 2
    Link 3

    **Note: It is important that it is saved directly to your desktop**
  • Double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any
processes of findstr, find, sed or swreg, then combofix should continue.

If that happened we want to know, and also what process you had to end.


Step <2>: Run Highjack This
  • CLOSE all open windows and browsers/email, etc...
  • Doubleclick the Highjack This Icon (on the desktop) to start
  • Run HijackThis,
    select ‘none of the above just start the program’.
  • Click on the Scan button.
  • Click Save Log. Save the log file for submission in the next step.

Step <3>: Post Logs
  • a fresh HijackThis log
  • combofix report
  • Please reply to this thread. Do not start a new topic.

Awaiting Reply,
AriMan

#6 hello world

hello world
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 17 March 2008 - 09:24 AM

:thumbsup:
Thank you.There are many chinese characters,is this ok?

ComboFix 08-03-14.4 - 方强 2008-03-17 22:12:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.1.2052.18.244 [GMT 8:00]
執行位置: C:\Documents and Settings\方强.QQ65409685\桌面\ComboFix.exe
* 已建立新的還原點
.

(((((((((((((((((((((((((((((((((((((( 其他遭刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\方强.QQ65409685\Application Data\macromedia\Flash Player\#SharedObjects\TWVS83NG\www.inter-focus.cn
C:\Documents and Settings\方强.QQ65409685\Application Data\macromedia\Flash Player\#SharedObjects\TWVS83NG\www.inter-focus.cn\IFFLASHAD_PLAYER.sol
C:\Documents and Settings\方强.QQ65409685\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn
C:\Documents and Settings\方强.QQ65409685\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol
C:\WINDOWS\system32\bscuwxmv.dllbox
C:\WINDOWS\system32\danine.dll
C:\WINDOWS\system32\winrar.exe

.
(((((((((((((((((((((((((((( 2008-02-17 - 2008-03-17 之間建立的檔案 )))))))))))))))))))))))))))))))))
.

2008-03-14 22:57 . 2008-03-14 22:57 28 --a------ C:\WINDOWS\MapChina.INI
2008-03-14 22:28 . 2007-03-15 11:20 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-03-07 23:11 . 2008-03-07 23:11 21 --a------ C:\WINDOWS\progman.ini
2008-03-07 23:10 . 2008-03-07 23:10 58 --a------ C:\WINDOWS\swcmpc.ini
2008-02-29 22:11 . 2008-03-16 19:33 <DIR> dr-h----- C:\Documents and Settings\方强.QQ65409685\Recent
2008-02-29 22:11 . 2008-03-16 19:33 <DIR> dr-h----- C:\Documents and Settings\方强.QQ65409685\Recent
2008-02-29 22:04 . 2008-02-29 22:04 <DIR> d-------- C:\Program Files\Astro Gemini Software

.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 14:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-11 14:47 --------- d-----w C:\Documents and Settings\方强.QQ65409685\Application Data\Microsoft
2008-02-04 11:38 7,077,888 ----a-w C:\Documents and Settings\方强.QQ65409685\ntuser.dat
2008-02-04 11:38 7,077,888 ----a-w C:\Documents and Settings\方强.QQ65409685\ntuser.dat
2008-02-04 11:18 6,144 --sha-w C:\Program Files\Thumbs.db
2008-01-29 02:14 --------- d-----w C:\Program Files\CrystalStudio
2008-01-28 06:34 --------- d-----w C:\Program Files\Encore 4.5.3
2008-01-22 05:30 --------- d-----w C:\Program Files\Maxthon
2008-01-21 08:43 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-21 07:32 90,004,538 ----a-w C:\WINDOWS\system32\backup.dll
2008-01-21 07:30 12,131 ----a-w C:\WINDOWS\system32\backupie.dll
2008-01-18 15:08 237,168 ----a-w C:\WINDOWS\system32\bsmain.exe
2008-01-18 15:05 59,504 ----a-w C:\WINDOWS\system32\drivers\HookNtos.sys
2008-01-18 15:05 34,928 ----a-w C:\WINDOWS\system32\drivers\HOOKREG.sys
2008-01-18 15:05 30,448 ----a-w C:\WINDOWS\system32\drivers\HookHelp.sys
2008-01-18 15:05 162,288 ----a-w C:\WINDOWS\system32\drivers\HookSys.sys
2008-01-18 15:05 113,264 ----a-w C:\WINDOWS\system32\RavExt.dll
2008-01-15 08:47 10,316 ----a-w C:\Program Files\uninstal.log
2006-10-02 17:43 2,402,550 ----a-w C:\WINDOWS\inf\SET3B.tmp
2003-01-29 02:06 516,096 ----a-r C:\Program Files\TcAdaptiveBook_v2.exe
2003-01-28 07:39 695,296 ----a-w C:\Program Files\setup.ilg
2003-01-28 07:38 113 ----a-r C:\Program Files\Setup.ini
2003-01-28 07:36 435 ----a-w C:\Program Files\layout.bin
2003-01-28 07:35 438,525 ----a-w C:\Program Files\data1.cab
2003-01-28 07:35 146,122 ----a-w C:\Program Files\setup.inx
2003-01-28 07:35 126,991 ----a-w C:\Program Files\data1.hdr
2003-01-24 03:36 115 ----a-w C:\Program Files\AddressList.xml
2003-01-07 01:59 31,232 ----a-w C:\Program Files\Readme.doc
2002-12-18 07:31 766 ----a-r C:\Program Files\Icon 3.ico
2002-12-18 05:58 16,478 ----a-r C:\Program Files\MyMain.ico
2002-12-11 06:17 13,366,265 --s-a-w C:\Program Files\Encore Manual.pdf
2002-11-22 06:56 240 ----a-w C:\Program Files\Config.xml
2002-08-21 08:29 7,680 ----a-r C:\Program Files\Interop.AWSWAXLib.dll
2002-08-21 08:29 6,656 ----a-r C:\Program Files\AxInterop.AWSWAXLib.dll
2002-08-05 11:12 114,688 ----a-r C:\Program Files\SharpZipLib.dll
2002-07-25 06:11 2,649 ----a-w C:\Program Files\TcProfileHeader.xml
2001-08-18 06:00 18,944 ----a-r C:\Program Files\Interop.QuartzTypeLib.dll
2001-08-17 14:43 45,056 ----a-r C:\Program Files\AxInterop.SHDocVw.dll
2001-08-17 14:43 122,880 ----a-r C:\Program Files\Interop.SHDocVw.dll
2001-04-05 07:43 12,800 ----a-r C:\Program Files\Interop.StdFormat.dll
2000-08-21 03:22 49,152 ----a-r C:\Program Files\Interop.VBRUN.dll
1999-05-13 17:42 221,184 ----a-r C:\Program Files\Interop.MSComctlLib.dll
1999-05-13 17:42 135,168 ----a-r C:\Program Files\AxInterop.MSComctlLib.dll
1998-06-23 16:00 69,632 ----a-r C:\Program Files\Interop.MCI.dll
1998-06-23 16:00 53,248 ----a-r C:\Program Files\AxInterop.MCI.dll
2007-10-05 04:19 548,352 --sh--w C:\WINDOWS\serivce.dll
.

------- Sigcheck -------

2004-08-17 20:00 14336 a22d7b3594c381efb3395a072725fe95 C:\WINDOWS\system32\svchost.exe
2004-08-17 20:00 14336 a22d7b3594c381efb3395a072725fe95 C:\WINDOWS\system32\dllcache\svchost.exe

2005-03-03 02:20 573440 61973f67976ba2d42b6dc8f6148369e7 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 23:48 574464 178bf691f586bedb0c867e9fcc9a853b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 23:37 573952 fed05be1387e1c7b8120bf2df820762d C:\WINDOWS\system32\user32.dll
2007-03-08 23:37 573952 fed05be1387e1c7b8120bf2df820762d C:\WINDOWS\system32\dllcache\user32.dll

2004-08-17 20:00 82944 83357b710b42eb35d9519e61913c5e86 C:\WINDOWS\system32\ws2_32.dll
2004-08-17 20:00 82944 83357b710b42eb35d9519e61913c5e86 C:\WINDOWS\system32\dllcache\ws2_32.dll

2005-05-26 03:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-04-20 20:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2006-04-20 19:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 19:51 359808 7b9486fe26fd82bcda447fba700d47d3 C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-17 20:00 487424 a5153e6b7b02545f789af2fcd27fb325 C:\WINDOWS\system32\winlogon.exe
2004-08-17 20:00 487424 a5153e6b7b02545f789af2fcd27fb325 C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-17 20:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-17 20:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-17 20:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-17 20:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-03 02:11 2056576 7ef6b668225e360e1ea0b93332695f60 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-20 02:44 2059008 c74acf6a14cfaf1537a707649fb09c0a C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-03-01 00:06 2059008 50efb1208fa0f0d61a3e08f1ee416011 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-03-01 00:02 2057216 c48071f7e65731bd5e30b4267bfeb6bd C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-03-01 00:02 2057216 c48071f7e65731bd5e30b4267bfeb6bd C:\WINDOWS\system32\ntkrnlpa.exe
2007-03-01 00:02 2057216 c48071f7e65731bd5e30b4267bfeb6bd C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-03 02:12 2179200 874163d22bed8bff3ad2032d477da8d8 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-20 02:44 2181632 49975067fa0fefa4ca4c1745a118cbf3 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-03-01 00:06 2181760 e75ebd110107d138170eeeb64d531471 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-03-01 00:02 2179968 a0d6d93b135c9b358d70b1f2b2a511dd C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-03-01 00:02 2179968 a0d6d93b135c9b358d70b1f2b2a511dd C:\WINDOWS\system32\ntoskrnl.exe
2007-03-01 00:02 2179968 a0d6d93b135c9b358d70b1f2b2a511dd C:\WINDOWS\system32\dllcache\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 20:00 15360]
"Super Rabbit IEPro"="E:\Program Files\Super Rabbit\MagicSet\SRIECLI.exe" [2007-12-26 23:27 386048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58 1032192]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 15:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 15:50 114688]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 15:49 94208]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-17 20:00 208952]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2003-07-14 22:57 13368]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-17 20:00 455168]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-17 20:00 455168]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"RavTask"="e:\Program Files\Rising\Rav\RavTask.exe" [2008-01-18 23:05 211568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe,"
"UIHost"="LogonUI.EXE"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^「开始」菜单^程序^启动^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^「开始」菜单^程序^启动^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^方强.QQ65409685^「开始」菜单^程序^启动^MagicDisc.lnk]
path=C:\Documents and Settings\方强.QQ65409685\「开始」菜单\程序\启动\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^方强.QQ65409685^「开始」菜单^程序^启动^腾讯QQ.lnk]
backup=C:\WINDOWS\pss\腾讯QQ.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^方强^「开始」菜单^程序^启动^腾讯QQ.lnk]
backup=C:\WINDOWS\pss\腾讯QQ.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^方强^「开始」菜单^程序^启动^金山词霸 2006.lnk]
backup=C:\WINDOWS\pss\金山词霸 2006.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
-ra------ 2007-05-11 03:06 40048 e:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
-r-hs---- 2004-10-14 00:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
-ra------ 2007-02-16 10:54 282624 E:\Program Files\Ringz Studio\Storm Codec\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
-ra------ 2007-02-20 14:34 97357 e:\Program Files\Ringz Studio\Storm Codec\StormSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
e:\Program Files\TrojanHunter 4.7\THGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Virtual Drive]
-ra------ 2007-02-20 14:31 57344 e:\Program Files\FarStone\VirtualDrive\vdtask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"E:\\Program Files\\eMule\\emule.exe"=
"E:\\Program Files\\Maple 11\\jre\\bin\\java.exe"=
"E:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"E:\\MATLAB7\\bin\\win32\\MATLAB.exe"=
"E:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"=
"E:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"=

R0 RsNTGDI;RsNTGDI;C:\WINDOWS\system32\Drivers\RsNTGdi.sys [2007-10-14 14:55]
R1 HookCont;HookCont;C:\WINDOWS\system32\drivers\HookCont.sys [2007-11-16 09:56]
R1 HookNtos;HookNtos;C:\WINDOWS\system32\drivers\HookNtos.sys [2008-01-18 23:05]
R1 HookReg;HookReg;C:\WINDOWS\system32\drivers\HookReg.sys [2008-01-18 23:05]
R1 HookSys;HookSys;C:\WINDOWS\system32\drivers\HookSys.sys [2008-01-18 23:05]
R1 PnpWmkDrv;PnpWmkDrv;C:\WINDOWS\system32\drivers\PnpWmkDrv.sys [2006-09-12 10:49]
R2 cdant;cdant;C:\WINDOWS\system32\drivers\cdant.sys [2001-09-06 14:13]
R2 HdFw_slot;Network Fire Hydrant;C:\Program Files\KVFW\hdfw.sys [2006-10-03 16:52]
R2 RsCCenter;Rising Process Communication Center;"e:\Program Files\Rising\Rav\CCenter.exe" [2008-01-18 23:06]
R2 RsRavMon;Rising RealTime Monitor;"E:\PROGRAM FILES\RISING\RAV\Ravmond.exe" [2008-01-18 23:05]
S1 KRegEx;KRegEx;C:\PROGRA~1\KV2006\KRegEx.sys []
S1 PProtect;PProtect;C:\PROGRA~1\KV2006\PProtect.sys []
S3 KvMemon;KvMemon;C:\PROGRA~1\KV2006\KvMemon.sys []
S3 SmartCd;SmartCd;C:\WINDOWS\system32\Drivers\SmartCd.sys [2001-07-29 15:59]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 22:14:18
Windows 5.1.2600 Service Pack 2 NTFS

掃描隱藏的程序 ...

掃描隱藏的進程 ...

掃描隱藏的檔案 ...

掃描完成
隱藏檔案: 0

**************************************************************************
.
完成時間: 2008-03-17 22:15:20
ComboFix-quarantined-files.txt 2008-03-17 14:15:05
.
2007-10-14 06:31:29 --- E O F ---





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19, on 2008-3-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
e:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\KVFW\kvfw.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - E:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxtray] ; C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RavTask] "e:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] E:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O8 - Extra context menu item: 使用迅雷下载 - E:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - E:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EB4A54D-1792-4534-961F-BBE4266F5681}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0EB4A54D-1792-4534-961F-BBE4266F5681}: NameServer = 192.168.1.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{0EB4A54D-1792-4534-961F-BBE4266F5681}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - (no file)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod 服务 (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - e:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6895 bytes

#7 AriMan

AriMan

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:42 AM

Posted 18 March 2008 - 12:41 PM

Hi Hello World,

Step <1>: Uninstall one of your Anti Virus programs.
You are operating your computer with multiple Anti Virus programs running in memory at once:

Rising and
KVFW

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please uninstall one or the other so they do not conflict.


Step <2>: Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Step <3>: Run Kaspersky Online Scan
Please do an online scan with Kaspersky Online Scanner. Please use Internet Explorer as it uses ActiveX.

Click on Kaspersky Online Scanner and click Accept

You will be promted to install an ActiveX component from Kaspersky, so click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
  • Scan using the following Anti-Virus database:Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan select My Computer.
[*]The program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
[*]Now click on the Save as Text button and save the file to your desktop.
[/list]
Step <4>: Run Highjack This
  • CLOSE all open windows and browsers/email, etc...
  • Run HijackThis,
    select ‘none of the above just start the program’.
  • Click on the Scan button.
  • Click Save Log. Save the log file for submission in the next step.

Step <5>: Post log: Remember to come back here to this thread to reply
  • Malwarebytes' Anti-Malware log
  • Kaspersky’s log
  • Include a Fresh HijackThis log
Awaiting Reply,
AriMan

#8 hello world

hello world
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 20 March 2008 - 08:50 AM

Hello, Airman.There are some problems.
1 I cannot Update Malwarebytes' Anti-Malware,it cann't connect to the server even I permitted in the firewall.
2 I cannot browse web page via ie,it doesn't work at all.now I am using firefox,firefox is not covenient to use,
sometimes it makes the cpu on 100% load.All I want is make my IE work again.
Here is a new hijack this log,thank you for your advise.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49, on 2008-3-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
e:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\Explorer.EXE
e:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Lingoes\Translator2\Lingoes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - E:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxtray] ; C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RfwMain] "e:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 使用迅雷下载 - E:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - E:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EB4A54D-1792-4534-961F-BBE4266F5681}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0EB4A54D-1792-4534-961F-BBE4266F5681}: NameServer = 192.168.1.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{0EB4A54D-1792-4534-961F-BBE4266F5681}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - (no file)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod 服务 (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - e:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - e:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6756 bytes

#9 AriMan

AriMan

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:42 AM

Posted 23 March 2008 - 12:49 AM

Hi, hello world

Yes there is quite a bit of chinese to interpret here. Apologies for the delay, in replying.


Step <1>: Download and Run MGA Diagnostic Tool
Please run the MGA Diagnostic Tool and post back the report it creates:
Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.
    Note: Important- I am specifically requesting a PASTED COPY of the result

Step <2>: Download and Run DSS
Download Deckard's System Scanner (DSS) to your Desktop.
  • You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
Step <3>: Post Logs
  • MGA Diagnostic Report: Reminder- I am requesting a PASTED COPY of the result
  • Deckard's System Scanner: main.txt and extra.txt

Awaiting your reply,
AriMan

#10 hello world

hello world
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 23 March 2008 - 03:29 AM

Thank you.I am sorry , my xp is pirated.I have an ubuntu installed on my computer,it also has many problem,so I don't use it often.
Diagnostic Report (1.7.0069.0):
-----------------------------------------
WGA Data-->
Validation Status: Geographically blocked PID
Validation Code: 13
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-FRT9J-6CRCC-XPQ4G
Windows Product Key Hash: /n2VSkRETTTJ20MwDeR1tv62wYI=
Windows Product ID: 76481-640-0059266-23029
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.2.0.pro
CSVLK Server: N/A
CSVLK PID: N/A
ID: {4EDEFD0A-954F-4077-A1B2-4278576703B4}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A













Deckard's System Scanner v20071014.68
Run by 方强 on 2008-03-23 15:58:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 1 Restore Point(s) --
1: 2008-03-23 07:58:53 UTC - RP92 - Deckard's System Scanner Restore Point


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 0.19 GiB (less than 15%) free.


-- HijackThis (run as 方强.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00, on 2008-3-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
e:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\Explorer.EXE
e:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\方强.QQ65409685\桌面\dss.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\方强.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - E:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxtray] ; C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RfwMain] "e:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\RunOnce: [Rav] "e:\Program Files\Rising\Rav\Update\setup.exe" /ADD_REMOVE /ONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 使用迅雷下载 - E:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - E:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EB4A54D-1792-4534-961F-BBE4266F5681}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0EB4A54D-1792-4534-961F-BBE4266F5681}: NameServer = 192.168.1.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{0EB4A54D-1792-4534-961F-BBE4266F5681}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - (no file)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod 服务 (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - e:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - e:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6902 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070903-131027-891 O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
backup-20070903-131027-974 O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - (no file)
backup-20070903-151518-336 O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
backup-20070903-151518-387 O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20070903-151518-688 O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
backup-20070903-151518-741 O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\QQ\AddToNetDisk.htm
backup-20070903-151518-780 O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
backup-20070903-151518-826 O23 - Service: iPod 服务 (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
backup-20070903-151518-846 O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
backup-20070903-151518-893 O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
backup-20070903-151518-927 O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime
backup-20070903-151608-525 O23 - Service: iPod 服务 (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

-- File Associations -----------------------------------------------------------

.hlp - hlpfile - shell\open\command - C:\WINDOWS\winhlp32.exe %1
.inf - inffile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE %1
.ini - inifile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 FsVga - c:\windows\system32\drivers\fsvga.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 ISODrive (ISO CD-ROM Device Driver) - e:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 PnpWmkDrv - c:\windows\system32\drivers\pnpwmkdrv.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 BaseTDI - c:\windows\system32\drivers\basetdi.sys <Not Verified; Beijing Rising Technology Co., Ltd.; Rising PFW>
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 cdant - c:\windows\system32\drivers\cdant.sys <Not Verified; Far Stone Technology Inc.; Virtual Drive by Far Stone Technology Inc.>
R2 HookUrl - e:\program files\rising\rfw\hookurl.sys <Not Verified; Beijing Rising Technology Co., Ltd.; Personal FireWall>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R2 mProcRs - e:\program files\rising\rfw\mprocrs.sys <Not Verified; Beijing Rising Technology Co., Ltd.; Rising Personal FireWall>
R2 npkcrypt - e:\program files\tencent\qq\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R2 RsFwDrv - e:\program files\rising\rfw\rsfwdrv.sys <Not Verified; Beijing Rising Technology Co., Ltd.; Rising nt_fwdrv>
R2 s24trans (WLAN 传输) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 VMnetBridge (VMware Bridge Protocol) - c:\windows\system32\drivers\vmnetbridge.sys <Not Verified; VMware, Inc.; VMware bridge driver (32-bit)>
R2 VMnetuserif (VMware Network Application Interface) - c:\windows\system32\drivers\vmnetuserif.sys <Not Verified; VMware, Inc.; VMware network application interface driver (32-bit)>
R2 vmx86 (VMware vmx86) - c:\windows\system32\drivers\vmx86.sys <Not Verified; VMware, Inc.; VMware kernel driver>
R2 vstor2 (Vstor2 Virtual Storage Driver) - c:\program files\common files\vmware\vmware virtual image editing\vstor2.sys <Not Verified; VMware, Inc.; VMware Workstation>
R3 HSF_DPV - c:\windows\system32\drivers\hsf_dpv.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWAZL - c:\windows\system32\drivers\hsfhwazl.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>
R3 STHDA (SigmaTel High Definition Audio CODEC) - c:\windows\system32\drivers\sthda.sys <Not Verified; SigmaTel, Inc.; C-Major Audio>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys
R3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys <Not Verified; VMware, Inc.; VMware virtual network adapter driver (32-bit)>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S1 AVG Anti-Spyware Driver - e:\program files\avg anti-spyware\guard.sys (file missing)
S1 KRegEx - c:\progra~1\kv2006\kregex.sys (file missing)
S1 PProtect - c:\progra~1\kv2006\pprotect.sys (file missing)
S2 HdFw_slot (Network Fire Hydrant) - c:\program files\kvfw\hdfw.sys (file missing)
S3 catchme - e:\temp\catchme.sys (file missing)
S3 GEARAspiWDM - c:\windows\system32\drivers\gearaspiwdm.sys (file missing)
S3 KvMemon - c:\progra~1\kv2006\kvmemon.sys (file missing)
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
S3 SmartCd - c:\windows\system32\drivers\smartcd.sys
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
S3 vmusb (VMware USB Client Driver) - c:\windows\system32\drivers\vmusb.sys <Not Verified; VMware, Inc.; VMware USB driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 RfwService (Rising Personal Firewall Service) - e:\program files\rising\rfw\rfwsrv.exe <Not Verified; Beijing Rising Technology Co., Ltd.; Rising Personal FireWall 2007>
R2 UserAccess (SecuROM User Access Service) - c:\windows\system32\uaservice.exe
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>

S3 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 iPod Service (iPod 服务) - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S3 RfwProxySrv (Rising Proxy Service) - e:\program files\rising\rfw\rfwproxy.exe <Not Verified; Beijing Rising Technology Co., Ltd.; Rising Personal FireWall 2007>
S3 VMnetDHCP (VMware DHCP Service) - c:\windows\system32\vmnetdhcp.exe <Not Verified; VMware, Inc.; VMware Workstation>
S3 vmount2 (VMware Virtual Mount Manager Extended) - "c:\program files\common files\vmware\vmware virtual image editing\vmount2.exe" <Not Verified; VMware, Inc.; VMware Workstation>
S3 VMware NAT Service - c:\windows\system32\vmnat.exe <Not Verified; VMware, Inc.; VMware Workstation>
S4 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "c:\program files\windows media player\wmpnetwk.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Description:
Device ID: STORAGE\VOLUME\1&30A96598&0&SIGNATURE80OFFSET894637E00LENGTH16CC15200
Manufacturer:
Name:
PNP Device ID: STORAGE\VOLUME\1&30A96598&0&SIGNATURE80OFFSET894637E00LENGTH16CC15200
Service:


-- Files created between 2008-02-23 and 2008-03-23 -----------------------------

2008-03-19 12:41:09 13364 --a------ C:\WINDOWS\system32\drivers\basetdi.sys <Not Verified; Beijing Rising Technology Co., Ltd.; Rising PFW>
2008-03-19 12:37:09 0 d-------- C:\Documents and Settings\方强.QQ65409685\Application Data\Jiangmin
2008-03-19 12:08:49 0 d-------- C:\Documents and Settings\方强.QQ65409685\Application Data\Malwarebytes
2008-03-19 12:08:42 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-19 12:08:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-17 22:10:46 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-17 22:10:46 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-17 22:10:46 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-17 22:10:46 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-29 22:11:45 0 dr-h----- C:\Documents and Settings\方强.QQ65409685\Recent
2008-02-29 22:04:29 0 d-------- C:\Program Files\Astro Gemini Software


-- Find3M Report ---------------------------------------------------------------

2008-03-23 15:52:09 19841 --a------ C:\WINDOWS\system32\cid_store.dat
2008-03-14 22:26:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-04 19:18:52 6144 --ahs---- C:\Program Files\Thumbs.db
2008-01-29 10:14:38 0 d-------- C:\Program Files\CrystalStudio
2008-01-28 14:34:16 0 d-------- C:\Program Files\Encore 4.5.3
2008-01-21 20:07:38 20 --a------ C:\WINDOWS\system32\pub_store.dat
2008-01-21 15:32:27 90004538 --a------ C:\WINDOWS\system32\backup.dll
2008-01-21 15:30:07 12131 --a------ C:\WINDOWS\system32\backupie.dll
2008-01-15 21:27:40 92568 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-01-15 16:47:52 10316 --a------ C:\Program Files\uninstal.log
2008-01-12 14:06:12 27 --a------ C:\WINDOWS\system32\hosts


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 15:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 15:50]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 15:49]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-17 20:00]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2003-07-14 22:57]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-17 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-17 20:00]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48]
"RfwMain"="e:\Program Files\Rising\Rfw\rfwmain.exe" [2008-03-19 12:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 20:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Rav"="e:\Program Files\Rising\Rav\Update\setup.exe" /ADD_REMOVE /ONCE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileMenu"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoResolveSearch"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileMenu"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"e:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
; "C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"E:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
; "e:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
"e:\Program Files\TrojanHunter 4.7\THGuard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Virtual Drive]
; "e:\Program Files\FarStone\VirtualDrive\vdtask.exe"

*Newly Created Service* - HOOKURL
*Newly Created Service* - MBAMCATCHME



-- End of Deckard's System Scanner: finished at 2008-03-23 16:00:51 ------------














Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Chinese

CPU 0: Intel® Pentium® M processor 1.70GHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 503.37 MiB / 265.34 MiB
Pagefile Memory (total/avail): 1227.18 MiB / 1000.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1940.21 MiB

C: is Fixed (NTFS) - 10.01 GiB total, 0.19 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 10 GiB total, 1.22 GiB free.
F: is Fixed (NTFS) - 14.06 GiB total, 5.26 GiB free.
G: is Fixed (NTFS) - 15.87 GiB total, 0.21 GiB free.
H: is CDROM (CDFS)
I: is CDROM (No Media)
J: is CDROM (CDFS)
K: is CDROM (No Media)
M: is CDROM (Unformatted)
O: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541060G9AT00 - 55.89 GiB - 6 partitions
\PARTITION0 (bootable) - 可安装文件系统 - 10.01 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 45.88 GiB - E: - F: - G:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: 江民黑客防火墙 版本:9.0
v9.0 (Jiangmin) Disabled
FW: 瑞星个人防火墙 vrfw3.0 (北京瑞星科技有限公司)
AV: 江民杀毒软件
引擎版本:0.00.000
病毒库日期:04-00-00
v0.0.0 (Jiangmin) Disabled Outdated
AV: 瑞星杀毒软件下载版 v (Beijing Rising Tech. Co. Ltd.) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\\Program Files\\eMule\\emule.exe"="E:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"E:\\Program Files\\Maple 11\\jre\\bin\\java.exe"="E:\\Program Files\\Maple 11\\jre\\bin\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"E:\\Program Files\\Warcraft III\\Warcraft III.exe"="E:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Disabled:Warcraft III"
"E:\\MATLAB7\\bin\\win32\\MATLAB.exe"="E:\\MATLAB7\\bin\\win32\\MATLAB.exe:*:Enabled:MATLAB"
"E:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"="E:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe:*:Enabled:Proxy Switcher"
"E:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"="E:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe:*:Enabled:Thunder"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\方强.QQ65409685\Application Data
CLASSPATH=.;E:\Program Files\Java\j2re1.4.2_12\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FQ
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\方强.QQ65409685
include=E:\Program Files\Microsoft Visual Studio\VC98\atl\include;E:\Program Files\Microsoft Visual Studio\VC98\mfc\include;E:\Program Files\Microsoft Visual Studio\VC98\include
lib=E:\Program Files\Microsoft Visual Studio\VC98\mfc\lib;E:\Program Files\Microsoft Visual Studio\VC98\lib
LOGONSERVER=\\FQ
MSDevDir=E:\Program Files\Microsoft Visual Studio\Common\MSDev98
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;e:\watcom-1.3\binnt;e:\watcom-1.3\binw;e:\watcom-1.3\binnt;e:\watcom-1.3\binw;e:\MATLAB7\bin\win32;E:\Program Files\Ringz Studio\Storm Codec\QTSystem;E:\Program Files\Microsoft Visual Studio\Common\Tools\WinNT;E:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin;E:\Program Files\Microsoft Visual Studio\Common\Tools;E:\Program Files\Microsoft Visual Studio\VC98\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=E:\Program Files\Java\j2re1.4.2_12\lib\ext\QTJava.zip
Rav=C:\Documents and Settings\All Users\Application Data\Rising\Rav
Rfw=C:\Documents and Settings\All Users\Application Data\Rising\Rfw
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=E:\temp
TMP=e:\tmp
USERDOMAIN=FQ
USERNAME=方强
USERPROFILE=C:\Documents and Settings\方强.QQ65409685
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

方强.QQ65409685 (admin)
user.QQ65409685
Administrator.QQ65409685.000 (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adaptive Book --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3837DD82-7F4D-4A07-985C-684B55795B7D}\Setup.exe"
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Babylon --> C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe
Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
Cambridge Advanced Learner's Dictionary --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Cambridge\CAL001CP\Uninst.isu"
Cambridge Ed --> "c:\admgr3\Uninstal.exe"
CaRIne Crystallography 3.1 - Demo version --> C:\WINDOWS\uninst.exe -f"e:\program files\DeIsL1.isu" -c"e:\program files\_ISREG32.DLL"
CCleaner (remove only) --> "e:\Program Files\CCleaner\uninst.exe"
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
CrazyTalk Media Studio v4.5 Retail --> MsiExec.exe /X{0FA441DC-11F2-49BF-B9C0-0CB36DF9A9EF}
Crystal Studio Version 2.0 --> C:\PROGRA~1\CRYSTA~1\UNWISE.EXE C:\WINDOWS\INSTALL.LOG
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
EarMaster School 5 --> "C:\Program Files\EarMaster School 5\unins000.exe"
Encore 4.5.3 --> C:\WINDOWS\unvise32.exe C:\PROGRAM FILES\uninstal.log
FIPExpert 2.00 PE --> C:\WINDOWS\iun6002.exe "C:\Program Files\FIPExpert\irunin.ini"
Foxit Reader --> e:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
GNU Solfege 3.6.5 --> "e:\Program Files\GNU Solfege\unins000.exe"
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
GVOX Encore v4.55 --> C:\PROGRA~1\GVOX\Encore\UNWISE.EXE C:\PROGRA~1\GVOX\Encore\INSTALL.LOG
HappyEO电子琴3.06(专业版) --> E:\PROGRA~1\HAPPYE~1\UNWISE.EXE E:\PROGRA~1\HAPPYE~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Interactive MSE eText --> C:\WINDOWS\IsUninst.exe -f"C:\Interactive MSE eText\Uninst.isu"
Java 2 Runtime Environment, SE v1.4.2_12 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142120}
Learning Essentials for Microsoft Office --> MsiExec.exe /X{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}
Lingoes 2.1.0 --> "e:\Program Files\Lingoes\Translator2\unins000.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maple 11 --> "e:\Program Files\Maple 11\Uninstall_Maple 11\Uninstall Maple 11.exe"
MathType 5 --> "E:\Program Files\MathType\Setup.exe" -R
MATLAB Family of Products Release 14 --> e:\MATLAB7\uninstall\uninstall.exe e:\MATLAB7\
Maxthon Browser (remove only) --> C:\Program Files\Maxthon\MaxthonUINST.exe
McGraw-Hill --> C:\WINDOWS\IsUninst.exe -f"e:\Program Files\McGraw-Hill\Uninst.isu" -c"e:\Program Files\McGraw-Hill\Uninst.dll
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Math --> MsiExec.exe /I{07043840-959A-4B0D-8825-2C533F0DDB19}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110804-6000-11D3-8CFE-0150048383C9}
Microsoft Student 2007 for Learning Essentials --> RunDll32.exe advpack.dll, LaunchINFSectionEx C:\Program Files\Learning Essentials\1.0\en\US\Microsoft Student 2007\Uninstall\Uninstall.inf,Uninstall,,,N
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSm22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Studio 6.0 Enterprise Edition --> "E:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.2) --> e:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox V2.04 Pre 中文增强版 --> C:\Program Files\Mozilla Firefox\uninst.exe
Mozilla Thunderbird (2.0.0.0) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
MPlayer for Windows (Full Package) --> C:\Program Files\MPlayer for Windows\uninstall.exe
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Multi Media Toolbar --> C:\PROGRA~1\MULTI_~1\UNWISE.EXE C:\PROGRA~1\MULTI_~1\INSTALL.LOG
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Oxford Talking Dictionary --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Oxford\otd\isl_otd.log"
Periodic Table --> "e:\Program Files\SMI Corporation\Periodic Table\Remove.exe" /U:"e:\Program Files\SMI Corporation\Periodic Table\Remove.log"
Picasa 2 --> "e:\Program Files\Picasa2\Uninstall.exe"
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x804 APPDRVNT4
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SafeCast Shared Components --> C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x804 -remove -removeonly
Skype? 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Storm Codec --> e:\Program Files\Ringz Studio\Storm Codec\uninst7.02.01.exe
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TTComposer --> C:\WINDOWS\IsUn0804.exe -f"C:\Program Files\CentralMusic\TTComposer\Uninst.isu"
Unlocker 1.8.5 --> e:\Program Files\Unlocker\uninst.exe
VMware Workstation --> MsiExec.exe /I{98D1A713-438C-4A23-8AB6-41B37C4A2D47}
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR 压缩文件管理器 --> C:\Program Files\WinRAR\uninstall.exe
Wolfram Mathematica 6 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{38D69F3E-823F-4203-989D-4D47227AF920}
Wolfram Notebook Indexer 2.0 --> MsiExec.exe /I{F9B2E82F-B10A-454E-B19B-735CFF6A5DD2}
超级兔子 8.2 --> e:\Program Files\Super Rabbit\MagicSet\uninst.exe
江民黑客防火墙 --> MsiExec.exe /I{9A0E0977-E0CF-4F6C-9EE9-6C71B8A10D2E}
千千静听龙卷风清爽美化版 --> "C:\WINDOWS\千千静听龙卷风清爽美化版\uninstall.exe" "/U:C:\Program Files\千千静听龙卷风清爽美化版\Uninstall\uninstall.xml"
瑞星个人防火墙下载版 --> e:\Program Files\Rising\Rfw\Update\Setup.exe /UNINSTALL
瑞星杀毒软件下载版 --> e:\Program Files\Rising\Rav\Update\setup.exe /UNINSTALL
说明书图形插件安装程序 --> "C:\WINDOWS\unins000.exe"
虚拟光碟 --> C:\WINDOWS\uni_mgr.exe
迅雷5 --> "e:\Program Files\Thunder Network\Thunder\unins000.exe"
英特尔® PROSet/无线软件 --> C:\WINDOWS\Installer\iProInst.exe
中国电子地图 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD08D5BD-6359-4FFC-860C-80B9131AE334}\Setup.exe"


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2892 / Error
Event Submitted/Written: 03/23/2008 00:07:57 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
无法连接: Windows 无法连接到自动更新服务,因此不能按照设置的计划下载并安装更新。Windows 将继续尝试建立连接。

Event Record #/Type2890 / Warning
Event Submitted/Written: 03/22/2008 04:43:01 PM
Event ID/Source: 4 / bcm4sbxp
Event Description:
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type2888 / Error
Event Submitted/Written: 03/22/2008 04:22:50 PM
Event ID/Source: 29 / W32Time
Event Description:
时间服务提供程序 NtpClient 配置为从一个或多个时间源
获得时间,但是,没有一个源可以访问。在 14 分钟内不
会进行联系时间源的尝试。
NtpClient 没有准确时间的时间源。

Event Record #/Type2887 / Error
Event Submitted/Written: 03/22/2008 04:22:50 PM
Event ID/Source: 17 / W32Time
Event Description:
时间提供程序 NtpClient: 在 DNS 查询手动配置的对等机器 'time.windows.com,0x1' 时发生一个错误。
NtpClient 将在 ?(0x80072751) 分钟内重试 NDS 查询。
错误为: 套接字操作尝试一个无法连接的主机。 (0x80072751)

Event Record #/Type2884 / Error
Event Submitted/Written: 03/22/2008 04:08:20 PM
Event ID/Source: 29 / W32Time
Event Description:
时间服务提供程序 NtpClient 配置为从一个或多个时间源
获得时间,但是,没有一个源可以访问。在 14 分钟内不
会进行联系时间源的尝试。
NtpClient 没有准确时间的时间源。



-- End of Deckard's System Scanner: finished at 2008-03-23 16:00:51 ------------

#11 Elrond

Elrond

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 24 March 2008 - 04:15 AM

Hi Hello World.

I have some bad news for you. :thumbsup:
Many helpers will not help someone that has pirated software and you should know that this is the case.
The reasons are both moral and practical. I will not go into the maral questions in this case but the practical ones are important to you.
As long as you are using pirated Windows you can not update it and the result is that you will be reinfected very soon again.
Now to your specific case: I have had the help of a helper who reads Chinese. After looking over the logs we have come to the conclusion that you need to reformat and reinstall Windows. There are serious problems with the present instalation. Among other problems you are running it from a damaged Administrator account and if anything goes wrong with that account you will not be abel to get into Windows at all and nobody will be able to help you. You are also running out of disk space in a serious manner such that the programs will have problems.
Therefore our recomendation is that you get a legit copy of Windows XP and that you save your data and do a complete reinstallation of the OS. It could well be that you will have to reinstall your Linux installation as well. You are telling us that it has problems and that could well be connected with lack of disk space.
MVP Consumer Security 2006-2008

#12 hello world

hello world
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 24 March 2008 - 10:58 PM

Thank you all the same.

#13 Elrond

Elrond

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 25 March 2008 - 12:30 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
MVP Consumer Security 2006-2008




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users