Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Likely Got Adware.w32.expdwnldr Or Other Malware! Please Help Me


  • Please log in to reply
15 replies to this topic

#1 Stanley K

Stanley K

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 02 March 2008 - 04:48 AM

Hi there,

I got some symptoms.
1. My XP usually pop up a windows asking me to download anti-malware program. I google it which is possibly " Adware.W32.ExpDwnldr ".
2. A buble pop up from taskbar says
"Warning!
your computer might be at risk!
Warning!
security threat detected be sure to scan your computer for malware and viruses as soon as possible"
3.When I open folders in windows explore, some webapge sometimes automatically open in browser.
Those webpage told me download some antivirus program guarding my PC.

I didn't download anything or click "yes" on thos pop up windows.
Symptom3 kept bothering me for 2-3 weeks then disappeared. After that comes symptom 1,2.
But 2 days ago, those symptoms all disappeared. ( I installed some spyware malware program, but not sure if it's really found malwares. )

Below is my HijackThis log and Combo-Fix log.
Please help me!! Thanks a lot!!


================================================================================
====
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 01:18:24, on 2008/3/2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\conime.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\O2Micro Oz128 Driver\o2flash.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Program Files\NetLimiter\NetLimiter.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
D:\WINDOWS\explorer.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe
D:\tools\Maxthon\Maxthon.exe
D:\tools\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - D:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - D:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: (no name) - {D49933E1-37D6-4624-BC78-92F91A7DF3AD} - \
O3 - Toolbar: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - D:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CJIMETIPSYNC] D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NetLimiter] D:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] D:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用影音傳送帶下載 - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音傳送帶下載全部連結 - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - D:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 9247 bytes








================================================================================
=============
ComboFix 08-03-01.3 - Administrator 2008-03-02 1:00:38.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.1.1028.18.516 [GMT -8:00]
執行位置?: D:\Documents and Settings\Administrator\桌面\Combo-Fix.exe
* 已建立新的還原點

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( 其他遭刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\daSgo02

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF


(((((((((((((((((((((((((((( 2008-02-02 - 2008-03-02 之間建立的檔案 )))))))))))))))))))))))))))))))))
.

2008-03-01 20:55 . 2008-03-01 20:55 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-01 20:55 . 2008-03-01 20:55 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-03-01 20:54 . 2008-03-01 20:54 1,366,048 --a------ D:\mbam-setup.exe
2008-03-01 16:11 . 2008-03-01 16:11 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Raxco
2008-02-26 18:17 . 2008-02-27 12:48 <DIR> d-------- D:\Program Files\Uniblue
2008-02-26 18:17 . 2008-02-26 18:17 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Uniblue
2008-02-26 17:45 . 2008-02-27 12:48 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Uniblue
2008-02-26 17:45 . 2008-02-26 17:45 4,131,376 --a------ D:\registryboosteraff.exe
2008-02-26 13:22 . 2008-02-26 13:22 <DIR> d-------- D:\Program Files\ue_toolbar
2008-02-26 13:22 . 2008-02-26 13:24 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\ue_toolbar
2008-02-26 13:18 . 2008-02-26 13:20 <DIR> d-------- D:\Program Files\IDM Computer Solutions
2008-02-26 13:04 . 2008-02-26 13:04 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\LogiShrd
2008-02-26 13:04 . 2008-02-26 13:04 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Logitech
2008-02-26 13:02 . 2008-02-26 13:02 <DIR> d-------- D:\Program Files\Logitech
2008-02-26 13:02 . 2008-02-26 13:02 <DIR> d-------- D:\Program Files\Common Files\Logishrd
2008-02-26 13:02 . 2008-02-26 13:02 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Logitech
2008-02-26 13:02 . 2008-01-09 12:26 301,656 --a------ D:\WINDOWS\system32\BtCoreIf.dll
2008-02-26 13:02 . 2008-01-09 12:27 170,512 --a------ D:\WINDOWS\system32\kemutb.dll
2008-02-26 13:02 . 2008-01-09 12:28 141,840 --a------ D:\WINDOWS\system32\KemUtil.dll
2008-02-26 13:02 . 2008-01-09 12:28 117,264 --a------ D:\WINDOWS\system32\KemWnd.dll
2008-02-26 13:02 . 2008-01-09 12:28 76,304 --a------ D:\WINDOWS\system32\KemXML.dll
2008-02-25 18:59 . 2008-02-25 23:30 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-02-25 18:59 . 2008-02-25 18:59 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-25 18:59 . 2008-02-25 18:59 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-25 18:37 . 2008-02-25 18:41 3,960 --a------ D:\WINDOWS\system32\tmp.reg
2008-02-25 15:11 . 2008-02-25 15:11 <DIR> d-------- D:\WINDOWS\ERUNT
2008-02-25 15:02 . 2008-02-25 15:32 1,311,062 --a------ D:\SDFix.exe
2008-02-23 23:36 . 2008-02-23 23:36 2,701,304 --a------ D:\vcsetup.exe
2008-02-23 22:59 . 2008-02-24 01:22 1,821,192 --a------ D:\vcredist_x86.exe
2008-02-23 22:22 . 2008-03-02 01:03 20,432 --a------ D:\WINDOWS\system32\oodbs.lor
2008-02-23 21:02 . 2008-02-29 18:58 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\codeblocks
2008-02-23 20:32 . 2008-02-23 22:22 <DIR> d-------- D:\Program Files\7-Zip
2008-02-23 19:19 . 2008-02-23 19:19 1,024 --a------ D:\WINDOWS\system32\pwdremover.dat
2008-02-23 19:19 . 2008-02-24 17:42 85 --a------ D:\WINDOWS\winDecrypt.INI
2008-02-23 19:19 . 2008-02-24 17:42 36 --a------ D:\WINDOWS\verypdf.ini
2008-02-23 19:10 . 2008-02-23 19:11 220 --a------ D:\WINDOWS\apdfpr.ini
2008-02-23 18:59 . 2008-02-23 22:33 <DIR> d-------- D:\WINDOWS\system32\oodag
2008-02-23 18:50 . 2008-02-23 18:50 0 --a------ D:\WINDOWS\OODCNT.INI
2008-02-23 18:45 . 2008-02-23 18:45 <DIR> d-------- D:\Program Files\OO Software
2008-02-23 18:41 . 2008-02-23 18:41 0 --a------ D:\WINDOWS\system32\FOXIT_PDF
2008-02-23 18:25 . 2008-02-23 18:26 <DIR> d-------- D:\Program Files\Foxit Software
2008-02-23 17:31 . 2008-02-23 17:31 <DIR> d-------- D:\Documents and Settings\Administrator\X86
2008-02-23 14:02 . 2008-02-26 19:13 4,770 --a------ D:\WINDOWS\system32\PerfStringBackup.TMP
2008-02-23 12:50 . 2008-02-24 00:29 <DIR> d-------- D:\Program Files\Microsoft Visual Studio 9.0
2008-02-23 12:50 . 2008-02-23 12:51 <DIR> d-------- D:\Program Files\Common Files\Merge Modules
2008-02-23 12:50 . 2008-02-24 00:59 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-23 12:48 . 2008-02-23 12:48 <DIR> d-------- D:\Program Files\Microsoft SDKs
2008-02-23 12:47 . 2008-02-23 12:47 <DIR> d-------- D:\WINDOWS\system32\XPSViewer
2008-02-23 12:47 . 2008-02-23 12:47 <DIR> d-------- D:\Program Files\Reference Assemblies
2008-02-23 12:47 . 2008-02-23 12:47 <DIR> d-------- D:\Program Files\MSBuild
2008-02-23 12:46 . 2006-06-29 13:07 14,048 --------- D:\WINDOWS\system32\spmsg2.dll
2008-02-23 12:42 . 2008-02-23 12:47 <DIR> d-------- D:\WINDOWS\system32\NtmsData
2008-02-23 01:14 . 2008-02-23 20:31 357 --a------ D:\Documents and Settings\Administrator\.cb_layout.bin
2008-02-23 01:08 . 2008-02-23 02:12 <DIR> d-------- D:\Documents and Settings\Administrator\.CodeBlocks
2008-02-22 00:41 . 2005-05-03 18:43 69,632 --a------ D:\WINDOWS\Alcmtr.exe
2008-02-21 22:30 . 2008-02-21 22:30 <DIR> d-------- D:\Documents and Settings\Administrator\「開始」功
2008-02-21 22:28 . 2008-02-22 00:14 <DIR> d-------- D:\WINDOWS\SxsCaPendDel
2008-02-19 20:56 . 2008-02-19 20:56 <DIR> d-------- D:\Program Files\uTorrent
2008-02-19 20:56 . 2008-02-28 14:43 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\uTorrent
2008-02-19 09:24 . 2006-04-20 03:51 359,808 --a------ D:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
2008-02-19 09:24 . 2006-04-20 03:51 359,808 --a--c--- D:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL
2008-02-07 13:12 . 2008-02-07 13:12 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Softarium.com
2008-02-07 13:08 . 2008-02-07 12:55 20,736 --a------ D:\WINDOWS\system32\wmpkeys-1.1.0.1.msi
2008-02-07 02:02 . 2008-02-07 02:02 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ATI
2008-02-07 02:02 . 2008-02-07 02:02 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\ATI
2008-02-07 02:01 . 2008-02-07 02:01 0 --a------ D:\WINDOWS\ativpsrm.bin

.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 03:57 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Skype
2008-03-01 01:19 --------- d-----w D:\Documents and Settings\Administrator\Application Data\MxBoost
2008-02-27 20:50 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-02-27 20:49 --------- d-----w D:\Program Files\SopCast
2008-02-26 22:37 --------- d-----w D:\Documents and Settings\Administrator\Application Data\IDMComp
2008-02-26 21:18 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-02-26 21:02 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-02-26 01:13 --------- d-----w D:\Program Files\Common Files\Logitech
2008-02-25 20:12 --------- d-----w D:\Program Files\UltraEdit
2008-02-24 04:31 357 ----a-w D:\Documents and Settings\Administrator\.cb_layout.bin
2008-02-23 08:49 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Dev-Cpp
2008-02-22 08:41 --------- d-----w D:\Program Files\Realtek
2008-02-20 00:06 359,808 -c--a-w D:\WINDOWS\system32\drivers\tcpip.sys
2008-02-08 21:23 --------- d-----w D:\Program Files\Xi
2008-02-07 09:58 --------- d-----w D:\Program Files\ATI Technologies
2008-01-26 07:53 --------- d-----w D:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-01-09 05:23 --------- d-----w D:\Documents and Settings\All Users\Application Data\Fugazo
2008-01-03 07:05 --------- d-----w D:\Program Files\Common Files\InstallShield
2006-07-06 06:58 167,936 -c--a-w D:\Program Files\Common Files\FSCAPIATL.dll
.

------- Sigcheck -------

f4dd02b880dd00888187201cbbc3ffaf D:\WINDOWS\system32\drivers\tcpip.sys
-c--a-w 360,576 2006-04-20 12:18:35 D:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
-c----w 359,040 2004-07-12 00:00:00 D:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
-c--a-w 359,808 2008-02-20 00:06:39 D:\WINDOWS\system32\dllcache\tcpip.sys
-c--a-w 359,808 2008-02-20 00:06:39 D:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D49933E1-37D6-4624-BC78-92F91A7DF3AD}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-07-11 16:00 15360]
"MSI Configuration"="msiconf.exe" []
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-07-11 16:00 208952]
"MSPY2002"="D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-07-11 16:00 59392]
"SynTPEnh"="D:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-18 22:51 774233]
"IntelZeroConfig"="D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 00:47 819200]
"IntelWireless"="D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 00:44 970752]
"CJIMETIPSYNC"="D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2003-07-14 06:57 63040]
"PHIMETIPSYNC"="D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2003-07-14 06:57 95296]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 19:50 155648]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 D:\WINDOWS\KHALMNPR.Exe]
"FinePrint Dispatcher v5"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-08-25 11:26 442368]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 D:\WINDOWS\KHALMNPR.Exe]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-04 00:56 249896]
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"NetLimiter"="D:\Program Files\NetLimiter\NetLimiter.exe" [2004-03-31 05:23 823296]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16:32 16132608 D:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="D:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\System32\CTFMON.EXE" [2004-07-11 16:00 15360]

D:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
BTTray.lnk - D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-16 18:45:32 618557]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-26 13:02:37 789008]
VPN Client.lnk - D:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2007-09-04 09:24:37 6144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^HP Digital Imaging Monitor.lnk]
path=D:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\HP Digital Imaging Monitor.lnk
backup=D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActiveKeys.AAB635BD7D054a37A576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free-1]
--a--c--- 2007-09-14 12:50 446464 D:\Program Files\IPEVO\Free-1 USB Phone\Free-1 USB Phone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcNotifier]
--a------ 2007-11-20 13:10 172032 D:\Documents and Settings\Administrator\Local Settings\Application Data\VTShared\GCNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 02:08 2512392 D:\WINDOWS\system32\oodtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\OPNET EDU\\9.1.A\\sys\\pc_intel_win32\\bin\\itguru.exe"=
"D:\\Program Files\\Gamania\\PopKart\\M01\\Patcher.exe"=
"D:\\Program Files\\Gamania\\PopKart\\M01\\NMService.exe"=
"D:\\Program Files\\Gamania\\PopKart\\M01\\KartRider.exe"=
"D:\\Program Files\\Gamania\\PopKart\\M01\\GameGuard.des"=
"D:\\Program Files\\StarNet\\X-Win32 8.1\\xwin32.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8275:TCP"= 8275:TCP:BitComet 8275 TCP
"8275:UDP"= 8275:UDP:BitComet 8275 UDP
"36456:TCP"= 36456:TCP:TCP 36456

R0 O2MDRDR;O2MDRDR;D:\WINDOWS\system32\DRIVERS\o2media.sys [2007-04-02 18:04]
R0 O2SDRDR;O2SDRDR;D:\WINDOWS\system32\DRIVERS\o2sd.sys [2007-04-02 00:11]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);D:\WINDOWS\system32\DRIVERS\snp2uvc.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1678bada-8dce-11dc-a986-001b77591b67}]
\Shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6fcbaaa-6fd6-11dc-a981-0016d35b6357}]
\Shell\AutoRun\command - H:\ntdelect.com
\Shell\explore\Command - H:\ntdelect.com
\Shell\open\Command - H:\ntdelect.com

.
排程工作資料夾的內容
"2008-02-27 02:45:30 D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-27 02:45:30 D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-27 02:17:57 D:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 01:04:42
Windows 5.1.2600 Service Pack 2 NTFS

掃描隱藏的程序...

掃描隱藏的進程...

掃描隱藏的檔案...

掃描完成
隱藏檔案?: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: D:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> D:\Program Files\NetLimiter\nl_lsp.dll
-> D:\WINDOWS\system32\nl_msgc.dll
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\conime.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\O2Micro Oz128 Driver\o2flash.exe
D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
完成時間?: 2008-03-02 1:07:43 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-03-02 09:07:40

BC AdBot (Login to Remove)

 


m

#2 Stanley K

Stanley K
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 15 March 2008 - 01:07 PM

Can somebody help me, please

#3 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 18 March 2008 - 01:20 PM

Stanley K

Sorry for the delay.

Could you post a fresh Hijackthis log?
Posted Image
Microsoft MVP - Windows Security

#4 Stanley K

Stanley K
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 26 March 2008 - 03:17 PM

thank you!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:11:50PM, on 2008/3/26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\WINDOWS\system32\oodag.exe
D:\Program Files\O2Micro Oz128 Driver\o2flash.exe
D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Program Files\NetLimiter\NetLimiter.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\conime.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
D:\tools\Maxthon\Maxthon.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Xi\NetTransport 2\NetTransport.exe
D:\tools\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - D:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - D:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: (no name) - {D49933E1-37D6-4624-BC78-92F91A7DF3AD} - \
O3 - Toolbar: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - D:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CJIMETIPSYNC] D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NetLimiter] D:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] D:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用影音傳送帶下載 - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音傳送帶下載全部連結 - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - D:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Program Files\Windows Live\installer\WLSetupSvc.exe

#5 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 26 March 2008 - 04:33 PM

Stanley K

1. Open NotePad (not wordpad). Copy and paste the following into Notepad (Not the word code)
Folder::
D:\Documents and Settings\All Users\Application Data\Raxco

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D49933E1-37D6-4624-BC78-92F91A7DF3AD}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSI Configuration"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6fcbaaa-6fd6-11dc-a981-0016d35b6357}]
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe
Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
2. Rerun Hijackthis and post a fresh Hijackthis log as well
Posted Image
Microsoft MVP - Windows Security

#6 Stanley K

Stanley K
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 26 March 2008 - 09:38 PM

thank for fast reply !!

###############################################################
## Combofix log
###############################################################
ComboFix 08-03-25.4 - Administrator 2008-03-26 19:24:07.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.1.1028.18.489 [GMT -7:00]
執行位置?: D:\Documents and Settings\Administrator\桌面\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((( 2008-02-27 - 2008-03-27 之間建立的檔案 )))))))))))))))))))))))))))))))))
.

2008-03-25 17:13 . 2008-03-25 20:44 <DIR> d-------- D:\Program Files\Crystal Squid
2008-03-17 19:43 . 2008-03-17 19:43 21,361 --a------ D:\WINDOWS\system32\drivers\AegisP.sys
2008-03-17 19:43 . 2008-03-17 19:43 21,361 --a------ D:\WINDOWS\AegisP.sys
2008-03-17 19:43 . 2008-03-17 19:43 13,984 --a------ D:\WINDOWS\AegisP.inf
2008-03-17 19:43 . 2008-03-17 19:43 10,640 --a------ D:\WINDOWS\AegisP.cat
2008-03-17 19:42 . 2008-03-17 19:42 <DIR> d-------- D:\Documents and Settings\NetworkService\Application Data\Intel
2008-03-17 19:42 . 2008-03-17 19:42 <DIR> d-------- D:\Documents and Settings\LocalService\Application Data\Intel
2008-03-17 19:42 . 2008-03-17 19:42 <DIR> d-------- D:\Documents and Settings\Guest\Application Data\Intel
2008-03-17 19:41 . 2008-03-17 19:41 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Intel
2008-03-17 19:41 . 2008-03-17 19:41 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Intel
2008-03-17 19:16 . 2008-03-17 19:16 <DIR> d-------- D:\Program Files\EVEREST Corporate + Ultimate Edition
2008-03-10 12:00 . 2008-03-10 12:00 <DIR> d-------- D:\Program Files\Real Alternative
2008-03-06 16:53 . 2008-03-06 16:53 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-03-06 16:53 . 2008-03-06 16:53 1,409 --a------ D:\WINDOWS\QTFont.for
2008-03-05 21:21 . 2008-03-05 21:22 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\TortoiseSVN
2008-03-05 21:09 . 2008-03-05 21:09 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Subversion
2008-03-05 20:53 . 2008-03-05 20:53 <DIR> d-------- D:\Program Files\TortoiseSVN
2008-03-05 16:51 . 2007-07-30 20:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2008-03-05 16:51 . 2007-07-30 20:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll
2008-03-05 16:51 . 2007-07-30 20:18 25,976 --a------ D:\WINDOWS\system32\mucltui.dll.mui
2008-03-01 21:55 . 2008-03-01 21:55 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-01 21:55 . 2008-03-01 21:55 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-03-01 21:54 . 2008-03-01 21:54 1,366,048 --a------ D:\mbam-setup.exe
2008-03-01 12:26 . 2008-03-01 12:26 812,344 --a------ D:\HJTInstall.exe

.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 02:14 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Skype
2008-03-26 05:01 --------- d-----w D:\Program Files\Java
2008-03-26 03:03 --------- d-----w D:\Documents and Settings\Administrator\Application Data\uTorrent
2008-03-25 04:53 --------- d-----w D:\Documents and Settings\Administrator\Application Data\ue_toolbar
2008-03-23 02:29 4,770 ----a-w D:\WINDOWS\system32\PerfStringBackup.TMP
2008-03-20 07:51 --------- d-----w D:\Program Files\GlobalSCAPE
2008-03-20 07:50 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-03-20 02:05 --------- d-----w D:\Documents and Settings\Administrator\Application Data\MxBoost
2008-03-18 02:46 --------- d-----w D:\Program Files\SUPERAntiSpyware
2008-03-17 03:07 --------- d-----w D:\Documents and Settings\Administrator\Application Data\codeblocks
2008-03-03 11:27 --------- d-----w D:\Program Files\IDM Computer Solutions
2008-02-27 20:50 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-02-27 20:49 --------- d-----w D:\Program Files\SopCast
2008-02-27 20:48 --------- d-----w D:\Program Files\Uniblue
2008-02-27 20:48 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Uniblue
2008-02-27 02:17 --------- d-----w D:\Documents and Settings\All Users\Application Data\Uniblue
2008-02-27 01:45 4,131,376 ----a-w D:\registryboosteraff.exe
2008-02-26 22:37 --------- d-----w D:\Documents and Settings\Administrator\Application Data\IDMComp
2008-02-26 21:22 --------- d-----w D:\Program Files\ue_toolbar
2008-02-26 21:18 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-02-26 21:04 --------- d-----w D:\Documents and Settings\All Users\Application Data\LogiShrd
2008-02-26 21:04 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Logitech
2008-02-26 21:02 --------- d-----w D:\Program Files\Logitech
2008-02-26 21:02 --------- d-----w D:\Program Files\Common Files\Logishrd
2008-02-26 21:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\Logitech
2008-02-26 02:59 --------- d-----w D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-26 02:59 --------- d-----w D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-26 02:41 3,960 ----a-w D:\WINDOWS\system32\tmp.reg
2008-02-26 01:13 --------- d-----w D:\Program Files\Common Files\Logitech
2008-02-25 23:32 1,311,062 ----a-w D:\SDFix.exe
2008-02-25 20:12 --------- d-----w D:\Program Files\UltraEdit
2008-02-24 09:22 1,821,192 ----a-w D:\vcredist_x86.exe
2008-02-24 08:59 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-24 08:29 --------- d-----w D:\Program Files\Microsoft Visual Studio 9.0
2008-02-24 07:36 2,701,304 ----a-w D:\vcsetup.exe
2008-02-24 04:31 357 ----a-w D:\Documents and Settings\Administrator\.cb_layout.bin
2008-02-24 02:45 --------- d-----w D:\Program Files\OO Software
2008-02-24 02:26 --------- d-----w D:\Program Files\Foxit Software
2008-02-23 20:51 --------- d-----w D:\Program Files\Common Files\Merge Modules
2008-02-23 20:48 --------- d-----w D:\Program Files\Microsoft SDKs
2008-02-23 20:47 --------- d-----w D:\Program Files\Reference Assemblies
2008-02-23 20:47 --------- d-----w D:\Program Files\MSBuild
2008-02-23 08:49 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Dev-Cpp
2008-02-22 08:41 --------- d-----w D:\Program Files\Realtek
2008-02-20 04:56 --------- d-----w D:\Program Files\uTorrent
2008-02-20 00:06 359,808 -c--a-w D:\WINDOWS\system32\drivers\tcpip.sys
2008-02-08 21:23 --------- d-----w D:\Program Files\Xi
2008-02-07 21:12 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Softarium.com
2008-02-07 10:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\ATI
2008-02-07 10:02 --------- d-----w D:\Documents and Settings\Administrator\Application Data\ATI
2008-02-07 09:58 --------- d-----w D:\Program Files\ATI Technologies
2008-01-09 19:28 76,304 ----a-w D:\WINDOWS\system32\KemXML.dll
2008-01-09 19:28 141,840 ----a-w D:\WINDOWS\system32\KemUtil.dll
2008-01-09 19:28 117,264 ----a-w D:\WINDOWS\system32\KemWnd.dll
2008-01-09 19:27 170,512 ----a-w D:\WINDOWS\system32\kemutb.dll
2008-01-09 19:26 301,656 ----a-w D:\WINDOWS\system32\BtCoreIf.dll
2006-07-06 06:58 167,936 -c--a-w D:\Program Files\Common Files\FSCAPIATL.dll
.

------- Sigcheck -------

2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 D:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2004-07-11 17:00 359040 9f4b36614a0fc234525ba224957de55c D:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2008-02-19 17:06 359808 f4dd02b880dd00888187201cbbc3ffaf D:\WINDOWS\system32\dllcache\tcpip.sys
2008-02-19 17:06 359808 f4dd02b880dd00888187201cbbc3ffaf D:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-07-11 17:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-07-11 17:00 208952]
"MSPY2002"="D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-07-11 17:00 59392]
"SynTPEnh"="D:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-18 23:51 774233]
"CJIMETIPSYNC"="D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2003-07-14 07:57 63040]
"PHIMETIPSYNC"="D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2003-07-14 07:57 95296]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 20:50 155648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 D:\WINDOWS\KHALMNPR.Exe]
"FinePrint Dispatcher v5"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-08-25 12:26 442368]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 D:\WINDOWS\KHALMNPR.Exe]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-04 01:56 249896]
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"NetLimiter"="D:\Program Files\NetLimiter\NetLimiter.exe" [2004-03-31 06:23 823296]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 17:32 16132608 D:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="D:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 20:51 53248]
"IntelZeroConfig"="D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 14:18 995328]
"IntelWireless"="D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 14:13 1101824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\System32\CTFMON.EXE" [2004-07-11 17:00 15360]

D:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
BTTray.lnk - D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-16 19:45:32 618557]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-19 12:35:12 789008]
VPN Client.lnk - D:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2007-09-04 10:24:37 6144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^HP Digital Imaging Monitor.lnk]
path=D:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\HP Digital Imaging Monitor.lnk
backup=D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActiveKeys.AAB635BD7D054a37A576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free-1]
--a--c--- 2007-09-14 13:50 446464 D:\Program Files\IPEVO\Free-1 USB Phone\Free-1 USB Phone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcNotifier]
--a------ 2007-11-20 14:10 172032 D:\Documents and Settings\Administrator\Local Settings\Application Data\VTShared\GCNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 03:08 2512392 D:\WINDOWS\system32\oodtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\OPNET EDU\\9.1.A\\sys\\pc_intel_win32\\bin\\itguru.exe"=
"D:\\Program Files\\StarNet\\X-Win32 8.1\\xwin32.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8275:TCP"= 8275:TCP:BitComet 8275 TCP
"8275:UDP"= 8275:UDP:BitComet 8275 UDP
"36456:TCP"= 36456:TCP:TCP 36456

R0 O2MDRDR;O2MDRDR;D:\WINDOWS\system32\DRIVERS\o2media.sys [2007-04-02 19:04]
R0 O2SDRDR;O2SDRDR;D:\WINDOWS\system32\DRIVERS\o2sd.sys [2007-04-02 01:11]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1678bada-8dce-11dc-a986-001b77591b67}]
\Shell\AutoRun\command - H:\LaunchU3.exe

.
排程工作資料夾的內容
"2008-03-08 02:45:00 D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-27 02:45:30 D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-27 02:17:57 D:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 19:24:49
Windows 5.1.2600 Service Pack 2 NTFS

掃描隱藏的程序...

掃描隱藏的進程...

掃描隱藏的檔案...

掃描完成
隱藏檔案?: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: D:\WINDOWS\system32\lsass.exe
-> D:\Program Files\NetLimiter\nl_lsp.dll
-> D:\WINDOWS\system32\nl_msgc.dll

PROCESS: D:\WINDOWS\explorer.exe
-> D:\Program Files\TortoiseSVN\iconv\_tbl_simple.so
-> D:\Program Files\TortoiseSVN\iconv\cp950.so
-> D:\Program Files\TortoiseSVN\iconv\utf-8.so
.
完成時間?: 2008-03-26 19:25:12
ComboFix-quarantined-files.txt 2008-03-27 02:25:04
ComboFix2.txt 2008-03-27 02:22:36
ComboFix3.txt 2008-03-02 09:07:44






###############################################################
## hijackthis log
###############################################################
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:25:40PM, on 2008/3/26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\WINDOWS\system32\oodag.exe
D:\Program Files\O2Micro Oz128 Driver\o2flash.exe
D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Program Files\NetLimiter\NetLimiter.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
D:\WINDOWS\system32\conime.exe
D:\WINDOWS\explorer.exe
D:\tools\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - D:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - D:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - D:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CJIMETIPSYNC] D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NetLimiter] D:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] D:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用影音傳送帶下載 - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音傳送帶下載全部連結 - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - D:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Program Files\Windows Live\installer\WLSetupSvc.exe

#7 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 27 March 2008 - 08:39 AM

Stanley K

You are most welcome

Run an online virus scan called Kaspersky from HERE.1. Click on "Kaspersky Online Scanner"
2. A new smaller window will pop up. Press on "Accept". After reading the contents.
3. Now Kaspersky will update the anti-virus database. Let it run.
4. Click on "Next"->>"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
5. Then click on "My Computer". And the scan will start.
6. When the scan is complete Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.
Copy and post the results of the Kaspersky Online scan
Posted Image
Microsoft MVP - Windows Security

#8 Stanley K

Stanley K
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 27 March 2008 - 10:16 PM

thanks again. according to previous combofix script, did my computer infect any virus/ trojan/ malware?


###############################################################
## kaspersky log
###############################################################
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 27, 2008 7:55:52 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/03/2008
Kaspersky Anti-Virus database records: 667680
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 160096
Number of viruses found: 7
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 03:36:21

Infected Object Name / Virus Name / Last Action
C:\ProgramData\Symantec\SRTSP\SrtETmp\2AC7023C.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Object is locked skipped
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Object is locked skipped
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Object is locked skipped
D:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\scudsong@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\scudsong@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\scudsong@hotmail.com\SharingMetadata\Working\database_6C4C_9243_4C92_84A\dfsr.db Object is locked skipped
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\scudsong@hotmail.com\SharingMetadata\Working\database_6C4C_9243_4C92_84A\fsr.log Object is locked skipped
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\scudsong@hotmail.com\SharingMetadata\Working\database_6C4C_9243_4C92_84A\fsrtmp.log Object is locked skipped
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\scudsong@hotmail.com\SharingMetadata\Working\database_6C4C_9243_4C92_84A\tmp.edb Object is locked skipped
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\scudsong@hotmail.com\real\members.stg Object is locked skipped
D:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Administrator\Local Settings\temp\fla1230.tmp Object is locked skipped
D:\Documents and Settings\Administrator\Local Settings\temp\Perflib_Perfdata_2364.dat Object is locked skipped
D:\Documents and Settings\Administrator\Local Settings\temp\~DF9B6D.tmp Object is locked skipped
D:\Documents and Settings\Administrator\Local Settings\temp\~DF9B79.tmp Object is locked skipped
D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
D:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Administrator\桌面\vnc-4_1_2-x86_win32_viewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ExtendedDB\CATFILE.CDX Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ExtendedDB\CATFILE.DB3 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ExtendedDB\CATID.CDX Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ExtendedDB\CATID.DB1 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ExtendedDB\CATPATH.CDX Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ExtendedDB\CATPATH.DB2 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ExtendedDB\FILEID.CDX Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ExtendedDB\FILEID.DBD Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ExtendedDB\IDUNIQUE.CDX Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ExtendedDB\IDUNIQUE.DBU Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ExtendedDB\LOCKDATA.CDX Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ExtendedDB\LOCKDATA.DBL Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ExtendedDB\PATHID.CDX Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ExtendedDB\PATHID.DBP Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ExtendedDB\TIMELINE.CDX Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ExtendedDB\TIMELINE.DBT Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ImageDB.ddf Object is locked skipped
D:\Documents and Settings\Cool\Application Data\ACD Systems\ImageDB\ImageDB.dtf Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Adobe\Acrobat\6.0\AdobeComFnt06.lst Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Adobe\Acrobat\6.0\TMGrpPrm.sav Object is locked skipped
D:\Documents and Settings\Cool\Application Data\desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\Application Data\GRETECH\GomPlayer\ad.ini Object is locked skipped
D:\Documents and Settings\Cool\Application Data\GRETECH\GomPlayer\dvdbookmark.bmk Object is locked skipped
D:\Documents and Settings\Cool\Application Data\GRETECH\GomPlayer\GrVersion.ini Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Intel\Wireless\Settings\AlertHistory.bin Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Intel\Wireless\Settings\Settings.ini Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Intel\Wireless\WLANProfiles\Profiles.enc Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Intel\Wireless\WLANProfiles\Profiles.enc.bak Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Lavasoft\Ad-Aware\settings.awc Object is locked skipped
D:\Documents and Settings\Cool\Application Data\LockTime\NetLimiter\history\apphist.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\LockTime\NetLimiter\history\nethist.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\LockTime\NetLimiter\stats\nlstat0000.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\LockTime\NetLimiter\stats\nlstat0001.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\LockTime\NetLimiter\stats\nlstat0002.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\LockTime\NetLimiter\stats\nlstat0003.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\LockTime\NetLimiter\stats\nlstat0004.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\LockTime\NetLimiter\stats\nlstat0005.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\LockTime\NetLimiter\stats\nlstat0006.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\LockTime\NetLimiter\stats\nlstat0007.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\LockTime\NetLimiter\stats\nlstat0008.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\LockTime\NetLimiter\stats\nlstat0009.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\LockTime\NetLimiter\stats\nlstat000A.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\LockTime\NetLimiter\stats\nlstat000B.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Logitech\SetPoint\gamelist.xml Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Logitech\SetPoint\Last_user.xml Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Logitech\SetPoint\user.xml Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Macromedia\Flash Player\#SharedObjects\3EAMJLPR\bankofamerica.com\sas\sas-docs\html\pmfso.swf\PassMark.sol Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Macromedia\Flash Player\#SharedObjects\3EAMJLPR\losangeles.angels.mlb.com\flash\team_video\team_video_v2.swf\mlb_homepage_video.sol Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Macromedia\Flash Player\#SharedObjects\3EAMJLPR\pagead2.googlesyndication.com\pagead\googleadplayer.swf\mediaPlayerUserSettings.sol Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Macromedia\Flash Player\#SharedObjects\3EAMJLPR\skype.com\#ui\preferences.sol Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Macromedia\Flash Player\#SharedObjects\3EAMJLPR\us.js2.yimg.com\us.yimg.com\lib\map\swf\loader.mxml_200707231353.swf\YMaps.sol Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Macromedia\Flash Player\#SharedObjects\3EAMJLPR\video.google.com\googleplayer.swf\mediaPlayerUserSettings.sol Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Macromedia\Flash Player\#SharedObjects\3EAMJLPR\www.youtube.com\soundData.sol Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bankofamerica.com\settings.sol Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#losangeles.angels.mlb.com\settings.sol Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pagead2.googlesyndication.com\settings.sol Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#us.js2.yimg.com\settings.sol Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.google.com\settings.sol Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#youtube.com\settings.sol Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Macromedia\Flash Player\youtube.com\soundData.sol Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Media Player Classic\default.mpcpl Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Address Book\Cool.wab Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Address Book\Cool.wab~ Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config.cch Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Excel\Excel11.xlb Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\IME\MSTCICJ\CCoolHx.IMD Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\IME\MSTCIPH\TCOOL-NBHx.IMD Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\IME\MSTCIPH\TCOOL-NBHx.IMD.bak Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\IME\MSTCIPH\TCOOL-NBLx.IMD Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\IME\MSTCIPH\TCOOL-NBLx.IMD.bak Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\IMJP8_1\imjp81u.dic Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Installer\{5058B085-AA79-41E5-A726-681B4C4B846E}\ACDSeeDesktopShortcut.exe Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Installer\{5058B085-AA79-41E5-A726-681B4C4B846E}\ACDSeePMFolderShortcut.exe Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Installer\{5058B085-AA79-41E5-A726-681B4C4B846E}\ARPPRODUCTICON.exe Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Installer\{5058B085-AA79-41E5-A726-681B4C4B846E}\FADesktopShortcut.exe Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Installer\{5058B085-AA79-41E5-A726-681B4C4B846E}\FAPMShortcut.exe Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Installer\{5058B085-AA79-41E5-A726-681B4C4B846E}\FotoCanvasDesktopShortcut.exe Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Installer\{5058B085-AA79-41E5-A726-681B4C4B846E}\FotoCanvasPMFolderShortcut.exe Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Installer\{5058B085-AA79-41E5-A726-681B4C4B846E}\Help.ico Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Installer\{5058B085-AA79-41E5-A726-681B4C4B846E}\NewShortcut2.url Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Installer\{5058B085-AA79-41E5-A726-681B4C4B846E}\NewShortcut3.url Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Installer\{5058B085-AA79-41E5-A726-681B4C4B846E}\_1E3FD94C_7A05_4A68_91B9_255E3AE80A4B Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Installer\{78764173-3805-4916-B3CE-B433702B8870}\1028.MST Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Installer\{78764173-3805-4916-B3CE-B433702B8870}\ARPPRODUCTICON.exe Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Installer\{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}\ARPPRODUCTICON.exe Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Professional.lnk Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Professional.lnk Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Medic.lnk Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Internet Explorer\Quick Launch\啟動 Internet Explorer 瀏覽器.lnk Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Internet Explorer\Quick Launch\顯示桌面.scf Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Media Player\013DC4D0.wpl Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\MSN Messenger\4073228533\sqmnoopt00.sqm Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\MSN Messenger\4073228533\sqmnoopt01.sqm Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\MSN Messenger\4073228533\sqmnoopt02.sqm Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\MSN Messenger\4073228533\sqmnoopt03.sqm Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\MSN Messenger\4073228533\sqmnoopt04.sqm Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\MSN Messenger\4073228533\sqmnoopt05.sqm Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\MSN Messenger\4073228533\sqmnoopt06.sqm Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\MSN Messenger\4073228533\sqmnoopt07.sqm Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\MSN Messenger\4073228533\sqmnoopt08.sqm Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Office\Excel11.pip Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Office\MSO1033.acl Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Office\Word11.pip Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Proof\CUSTOM.DIC Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
D:\Documents and Settings\Cool\Application Data\MSN6\msndata.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\scudsong\call256.dbb Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\scudsong\callmember256.dbb Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\scudsong\chat256.dbb Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\scudsong\chat512.dbb Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\scudsong\chatmember256.dbb Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\scudsong\chatmsg256.dbb Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\scudsong\chatmsg512.dbb Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\scudsong\chatsync\e9\e98b845c102e9697.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\scudsong\config.lck Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\scudsong\config.xml Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\scudsong\contactgroup256.dbb Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\scudsong\dyncontent\bundle.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\scudsong\index2.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\scudsong\profile256.dbb Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\scudsong\user1024.dbb Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\scudsong\user16384.dbb Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\scudsong\user256.dbb Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\shared.lck Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Skype\shared.xml Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\11\58ee014b-516682bf Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\11\58ee014b-516682bf.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\13\38e67f8d-39bb2694 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\13\38e67f8d-39bb2694.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\14\5187b38e-7d6cb4e4 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\14\5187b38e-7d6cb4e4.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\16\374252d0-7cb628bd Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\16\374252d0-7cb628bd.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\17\2fe62751-50f9c3a8 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\17\2fe62751-50f9c3a8.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\20\1c497d54-20148ebd Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\20\1c497d54-20148ebd.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\21\f90e95-4d778dbb Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\21\f90e95-4d778dbb.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\22\2c0e1016-6a02c9a1 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\22\2c0e1016-6a02c9a1.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\24\4ae0d558-2d66d72b Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\24\4ae0d558-2d66d72b.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\24\4ae0d558-7e79f96f Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\24\4ae0d558-7e79f96f.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\27\3892ad5b-12c6ee2c Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\27\3892ad5b-12c6ee2c.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\27\3b5e749b-740a1564 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\27\3b5e749b-740a1564.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\28\36e0aedc-3318399e Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\28\36e0aedc-3318399e.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\3\2e2b79c3-7bf484ca Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\3\2e2b79c3-7bf484ca.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\3\40b9883-7ab182c0 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\3\40b9883-7ab182c0.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\30\687b9ade-4a99e992 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\30\687b9ade-4a99e992.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\30\dcb80de-6407684a Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\30\dcb80de-6407684a.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\32\7aa82ea0-41f3a90d Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\32\7aa82ea0-41f3a90d.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\33\739f5621-7c74b4e7 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\33\739f5621-7c74b4e7.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\43\76166feb-73c88e98 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\43\76166feb-73c88e98.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\44\1982abac-40da272c Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\44\1982abac-40da272c.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\45\475cf02d-16778c82 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\45\475cf02d-16778c82.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\5\38a0d205-5755b328 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\5\38a0d205-5755b328.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\54\4444ab76-19f44301 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\54\4444ab76-19f44301.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\55\1501d537-23e24e8a Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\55\1501d537-23e24e8a.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\55\18308f37-6ea8d59f Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\55\18308f37-6ea8d59f.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\58\1ca3c23a-1ff5a3e4 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\58\1ca3c23a-1ff5a3e4.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\58\39ae33fa-56ac2090 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\58\39ae33fa-56ac2090.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\7\45d169c7-2cebc0ff Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\7\45d169c7-2cebc0ff.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\8\244a1f48-4c111b69 Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\8\244a1f48-4c111b69.idx Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\Deployment\security\auth.dat Object is locked skipped
D:\Documents and Settings\Cool\Application Data\Sun\Java\jre1.6.0_02\jre1.6.0_02.msi Object is locked skipped
D:\Documents and Settings\Cool\Favorites\Desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\Favorites\GooTube FLV Retriever.url Object is locked skipped
D:\Documents and Settings\Cool\Favorites\my del.icio.us.url Object is locked skipped
D:\Documents and Settings\Cool\Favorites\post to del.icio.us.url Object is locked skipped
D:\Documents and Settings\Cool\Favorites\連結\Windows Media.url Object is locked skipped
D:\Documents and Settings\Cool\Favorites\連結\Windows.url Object is locked skipped
D:\Documents and Settings\Cool\Favorites\連結\免費的 Hotmail.url Object is locked skipped
D:\Documents and Settings\Cool\Favorites\連結\自訂連結.url Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\History\desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\History\History.IE5\MSHist012007072320070730\index.dat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\History\History.IE5\MSHist012007073020070806\index.dat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\History\History.IE5\MSHist012007080620070813\index.dat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\History\History.IE5\MSHist012007080720070808\index.dat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\History\History.IE5\MSHist012007081320070814\index.dat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\History\History.IE5\MSHist012007081420070815\index.dat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\History\History.IE5\MSHist012007081620070817\index.dat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\129217.mst Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\3DE6BB88.TMP Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Arabic.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\btwinlog.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Cddb\14784512\cddb.ds Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Cddb\14784512\L0000001.FCS Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Cddb\14784512\S0000000.FCS Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Cddb\14784512\S0000001.FCS Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\control.xml Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Czech.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Danish.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Dutch.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\English.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\f773b.mst Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\f773c.mst Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\f773d.mst Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Finnish.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\French.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\German.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\gomtemp.smi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Greek.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Hebrew.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Hungarian.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\IMT9C.xml Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\IMT9D.xml Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\IMT9E.xml Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\IMTB1.xml Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\IMTB2.xml Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\IMTB3.xml Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\IMTBD.xml Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\IMTBE.xml Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\IMTBF.xml Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\isp4.tmp\_Setup.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Italian.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Japanese.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\jar_cache22155.tmp Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\java_install.log Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\java_install_reg.log Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\jusched.log Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Korean.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Microsoft Office 2003 Setup(0001).txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Microsoft Office 2003 Setup(0001)_Task(0001).txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\MSIfc978.LOG Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\MSIff683.LOG Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Norwegian.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\offcln11.log Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Polish.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Portuguese(Brazil).bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Portuguese.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\RtkBtMnt.exe Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Russian.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\mCore.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\mDriver.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\mDrWiFi.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\mGina.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\mHelp.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\mIWA.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\mLogView.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\mMHouse.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\mPfMgr.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\mPfWiz.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\mProSafe.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\mSCfg.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\mSSO.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\msxml6.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\mToolkit.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\mWlsSafe.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\mWMI.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProData\mZConfig.msi Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\sefC59.tmp\iProInst.exe Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\SimChin.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Spanish.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\SWEDISH.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Thai.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\TradChin.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\Turkish.bin Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\_isdelet.ini Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\{6D98904E-CB08-4545-A71C-5ADF26324ADB}\setup.isn Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\{7D93B98E-FB19-4ABD-9D00-FCA5E3AC1DA9}\setup.isn Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\{E129106B-0930-452A-A493-363A497A89FA}\setup.isn Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\~DF38B.tmp Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\~DFD4F0.tmp Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\5000xzvp.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\5000XZVP.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\852.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\852.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\855.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\855.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\865.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\865.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\915.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\915.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\915M.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\915M.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\945.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\945.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\945gm.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\945GM.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\965g.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\965g.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\965m.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\965m.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\crestln.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\dmi_pci.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\dmi_pci.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\E7220.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\E7220.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\e7230.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\E7230.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\E7520.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\E7520.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\E8500.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\E8500.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\esb2id2.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ESB2id2.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\esb2ide.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ESB2ide.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\esb2usb.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ESB2usb.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich5core.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich5core.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich5id2.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich5id2.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich5ide.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich5ide.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich5usb.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich5usb.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich6core.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich6core.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich6id2.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich6id2.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich6ide.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich6ide.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich6usb.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich6usb.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich7core.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich7core.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich7id2.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich7id2.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich7ide.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich7ide.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich7usb.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich7usb.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich8core.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich8core.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich8id2.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich8id2.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich8ide.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich8ide.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich8smb.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich8smb.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich8usb.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ich8usb.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ichxdev.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\All\ichXdev.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\difxapi.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Help.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\IIF2.ini Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\ARA\ChipsetARA.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\ARA\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\ARB\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\CHS\ChipsetCHS.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\CHS\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\CHT\ChipsetCHT.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\CHT\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\CSY\ChipsetCSY.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\CSY\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\DAN\ChipsetDAN.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\DAN\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\DEU\ChipsetDEU.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\DEU\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\ELL\ChipsetELL.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\ELL\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\ENG\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\ENU\ChipsetENU.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\ENU\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\ESP\ChipsetESP.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\ESP\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\FIN\ChipsetFIN.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\FIN\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\FRA\ChipsetFRA.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\FRA\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\FRC\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\HEB\ChipsetHEB.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\HEB\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\HUN\ChipsetHUN.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\HUN\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\ITA\ChipsetITA.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\ITA\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\JPN\ChipsetJPN.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\JPN\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\KOR\ChipsetKOR.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\KOR\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\NLD\ChipsetNLD.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\NLD\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\NOR\ChipsetNOR.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\NOR\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\PLK\ChipsetPLK.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\PLK\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\PTB\ChipsetPTB.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\PTB\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\PTG\ChipsetPTG.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\PTG\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\RUS\ChipsetRUS.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\RUS\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\SVE\ChipsetSVE.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\SVE\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\THA\ChipsetTHA.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\THA\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\TRK\ChipsetTRK.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Lang\CHIP\TRK\license.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\readme.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Setup.exe Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\5000xzvp.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\5000XZVP.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\945.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\945.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\945gm.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\945GM.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\965g.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\965g.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\965m.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\965m.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\dmi_pci.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\dmi_pci.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\esb2id2.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ESB2id2.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\esb2ide.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ESB2ide.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\esb2usb.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ESB2usb.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich7core.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich7core.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich7id2.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich7id2.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich7ide.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich7ide.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich7usb.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich7usb.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich8ahci.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich8ahci.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich8core.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich8core.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich8id2.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich8id2.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich8ide.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich8ide.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich8smb.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich8smb.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich8usb.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ich8usb.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ichxdev.cat Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\ichXdev.inf Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\Vista\INFAnswr.txt Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\x64\Difx64.exe Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temp\暫時目錄 1 用於 infinst_autol.zip\x64\difxapi.dll Object is locked skipped
D:\Documents and Settings\Cool\Local Settings\Temporary Internet Files\Content.IE5\01MRGPER\0000005213_000000000000000471336[1].swf Object is locked skipped
(skipped)
D:\Documents and Settings\Cool\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\My Documents\desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\My Documents\My Music\Desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\My Documents\My Music\範例音樂.lnk Object is locked skipped
D:\Documents and Settings\Cool\My Documents\My Pictures\Desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\My Documents\My Pictures\Thumbs.db Object is locked skipped
D:\Documents and Settings\Cool\My Documents\My Pictures\範例圖片.lnk Object is locked skipped
D:\Documents and Settings\Cool\My Documents\My Videos\Desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\My Documents\我的共用資料夾.lnk Object is locked skipped
D:\Documents and Settings\Cool\NetHood\SharedDocs (位於 COOL-PC (Mychat-f3561bc6))\Desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\NetHood\SharedDocs (位於 COOL-PC (Mychat-f3561bc6))\target.lnk Object is locked skipped
D:\Documents and Settings\Cool\NetHood\__JapanDrama (位於 COOL-PC (Mychat-f3561bc6))\Desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\NetHood\__JapanDrama (位於 COOL-PC (Mychat-f3561bc6))\target.lnk Object is locked skipped
D:\Documents and Settings\Cool\ntuser.dat Object is locked skipped
D:\Documents and Settings\Cool\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Cool\ntuser.ini Object is locked skipped
D:\Documents and Settings\Cool\Recent\Desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\Recent\我已接收的檔案.lnk Object is locked skipped
D:\Documents and Settings\Cool\SendTo\Bluetooth\desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\SendTo\Bluetooth\其他....lnk Object is locked skipped
D:\Documents and Settings\Cool\SendTo\desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\SendTo\Skype.lnk Object is locked skipped
D:\Documents and Settings\Cool\SendTo\壓縮的 (zipped) 資料夾.ZFSendToTarget Object is locked skipped
D:\Documents and Settings\Cool\SendTo\我的文件.mydocs Object is locked skipped
D:\Documents and Settings\Cool\SendTo\桌面當作捷徑.DeskLink Object is locked skipped
D:\Documents and Settings\Cool\SendTo\郵件收件者.MAPIMail Object is locked skipped
D:\Documents and Settings\Cool\Templates\amipro.sam Object is locked skipped
D:\Documents and Settings\Cool\Templates\excel.xls Object is locked skipped
D:\Documents and Settings\Cool\Templates\excel4.xls Object is locked skipped
D:\Documents and Settings\Cool\Templates\lotus.wk4 Object is locked skipped
D:\Documents and Settings\Cool\Templates\powerpnt.ppt Object is locked skipped
D:\Documents and Settings\Cool\Templates\presenta.shw Object is locked skipped
D:\Documents and Settings\Cool\Templates\quattro.wb2 Object is locked skipped
D:\Documents and Settings\Cool\Templates\sndrec.wav Object is locked skipped
D:\Documents and Settings\Cool\Templates\winword.doc Object is locked skipped
D:\Documents and Settings\Cool\Templates\winword2.doc Object is locked skipped
D:\Documents and Settings\Cool\Templates\wordpfct.wpd Object is locked skipped
D:\Documents and Settings\Cool\Templates\wordpfct.wpg Object is locked skipped
D:\Documents and Settings\Cool\UserData\index.dat Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\ACD Systems\ACD FotoCanvas 2.0 Help.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\ACD Systems\ACDSee 5.0 Help.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\ACD Systems\ACDSee 5.0.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\CCleaner\CCleaner Homepage.url Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\CCleaner\CCleaner.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\CCleaner\Uninstall CCleaner.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\Internet Explorer.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\Lavasoft Ad-Aware SE Professional\Ad-Aware SE Manual.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\Lavasoft Ad-Aware SE Professional\Ad-Aware SE Professional.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\Lavasoft Ad-Aware SE Professional\Ad-Watch SE Professional.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\Lavasoft Ad-Aware SE Professional\RegHance.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\Lavasoft Ad-Aware SE Professional\Uninstall Ad-Aware SE Professional.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\Outlook Express.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\Remote Assistance.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\Windows Media Player.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\WinRAR\RAR 指令平台操作手冊.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\WinRAR\WinRAR 說明.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\WinRAR\WinRAR.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\啟動\desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\超級兔子魔法設定\使用說明.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\超級兔子魔法設定\線上註冊.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\超級兔子魔法設定\訪問超級兔子.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\超級兔子魔法設定\註冊說明.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\超級兔子魔法設定\超級兔子優化王.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\超級兔子魔法設定\超級兔子系統救援.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\超級兔子魔法設定\超級兔子魔法設定.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\附屬應用程式\desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\附屬應用程式\TrueType 造字程式.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\附屬應用程式\Windows 檔案總管.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\附屬應用程式\協助工具\desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\附屬應用程式\協助工具\公用程式管理員.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\附屬應用程式\協助工具\放大鏡.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\附屬應用程式\協助工具\螢幕小鍵盤.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\附屬應用程式\同步處理.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\附屬應用程式\命令提示字元.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\附屬應用程式\娛樂\desktop.ini Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\附屬應用程式\娛樂\Windows Media Player.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\附屬應用程式\導覽 Windows XP.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\附屬應用程式\程式相容性精靈.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\附屬應用程式\記事本.lnk Object is locked skipped
D:\Documents and Settings\Cool\「開始」功能表\程式集\附屬應用程式\通訊錄.lnk Object is locked skipped
D:\Documents and Settings\Cool\桌面\Windows Live Messenger.lnk Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\RECYCLER\S-1-5-21-1482476501-926492609-725345543-1003\Dd48.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-1482476501-926492609-725345543-500\Dd201\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\WINDOWS\CSC\00000001 Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
D:\WINDOWS\SchedLgU.Txt Object is locked skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS\Sti_Trace.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
D:\WINDOWS\system32\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
D:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\default Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\Internet.evt Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\software Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\system Object is locked skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
D:\WINDOWS\system32\h323log.txt Object is locked skipped
D:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
D:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\wiadebug.log Object is locked skipped
D:\WINDOWS\wiaservc.log Object is locked skipped
D:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\Applications\Media_Graphic_Burn\_Video_codec\Divx5.03\DivXPro503GAINBundle.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
E:\Applications\Media_Graphic_Burn\_Video_codec\Divx5.03\DivXPro503GAINBundle.exe Vise: infected - 1 skipped
E:\Applications\Networking\_FTP_Softs\Servu\FTP Serv-U 4.0.0.4\ServUSetup.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.40 skipped
E:\Applications\Networking\_FTP_Softs\Servu\FTP Serv-U 4.0.0.4\ServUSetup.exe ZIP: infected - 1 skipped
E:\Applications\Networking\_FTP_Softs\Servu\Serv-U32.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.20.a skipped
E:\Applications\Networking\網路芳鄰tool\legion網HD.zip/Legion.ex_/Legion.ex_ Infected: not-a-virus:NetTool.Win32.Legion.21 skipped
E:\Applications\Networking\網路芳鄰tool\legion網HD.zip/Legion.ex_ Infected: not-a-virus:NetTool.Win32.Legion.21 skipped
E:\Applications\Networking\網路芳鄰tool\legion網HD.zip ZIP: infected - 2 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

#9 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 28 March 2008 - 04:23 PM

Stanley K

Not much there. What is on your E:\ Drive? Is it a USB storage device?

Are you still getting the "You are infected warnings?
Posted Image
Microsoft MVP - Windows Security

#10 Stanley K

Stanley K
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 28 March 2008 - 06:30 PM

E:\ Drive is a NTFS partition, not a USB storage device.

Since March 2nd I use ComboFix scan and delete some suspected file, I never got any warning thereafter (no pop up website, or any other symptom as I said above.)

#11 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 31 March 2008 - 08:35 AM

Stanley K

We are going to have to delete a file from E:\ manually because I cannot read the entire file path. Probably because of some characters in the folder name prevent the forum software from displaying it correctly.

Using Windows Explorer(Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Locate and Delete the following filesE:\Applications\Networking\????tool\legion?HD.zip/Legion.ex_/Legion.ex_
E:\Applications\Networking\????tool\legion?HD.zip ZIP

The Question marks indicate the characters that will not display properly. But I am cofident that you know what the 4 missing charaters are.

Close Windows Explorer ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log.
Posted Image
Microsoft MVP - Windows Security

#12 Stanley K

Stanley K
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 31 March 2008 - 06:11 PM

I've followed the instructions deleting the files.

Here is the Hijackthis log.
Thank you again, bamajim.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:05:53PM, on 2008/3/31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\oodag.exe
D:\Program Files\O2Micro Oz128 Driver\o2flash.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\NetLimiter\NetLimiter.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\System32\svchost.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
D:\WINDOWS\system32\conime.exe
D:\tools\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - D:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - D:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - D:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CJIMETIPSYNC] D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NetLimiter] D:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] D:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用影音傳送帶下載 - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音傳送帶下載全部連結 - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - D:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Program Files\Windows Live\installer\WLSetupSvc.exe

#13 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 01 April 2008 - 09:09 AM

Stanley K

Looks good, how's your PC running now?
Posted Image
Microsoft MVP - Windows Security

#14 Stanley K

Stanley K
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 01 April 2008 - 02:33 PM

Everthing goes fine! I appreciate for your help!

#15 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 03 April 2008 - 09:01 AM

Stanley K

Glad to hear it, and you are most welcome

You may now remove/delete/uninstall the tools we used to clean your PC

Now that your log is clean

There are some final notes:
Disable and Enable System RestoreLets create a clean System Restore point
the instructions are here
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:Download the latest version of
Java Runtime Environment (JRE) 6.u5.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u5-windowsi586-p.exe to install the newest version.
Update your Anti Virus Software

Use and maintain a Firewall

Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basisTo a disc or a USB key, not your Hardrive
You may want to read this article"So how did I get infected in the first place" by Tony Klein

surf safe
Posted Image
Microsoft MVP - Windows Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users