Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable To Install Norton Antivirus


  • Please log in to reply
1 reply to this topic

#1 jiingming

jiingming

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 13 March 2008 - 09:33 PM

Hi guys,I had Norton antivirus 2008 installed on my system,All of a sudden it dissapeared and i am unable to remove/reinstall the program.The program is something alike another topic.

http://www.bleepingcomputer.com/forums/t/128830/unable-to-install-antivirusspyware-of-any-kind/

but the different is I download the Combofix and try to fix it.
They show "it's not a correct win32 application".
but my OS is XP sp2. Orz.......

then

I downloaded System Repair Engineer.
I opened it and I use Smart Scan then I had a log called SREngLOG.log
guys please help me!!!

SREng REPORT
---------------------------------
2008-03-14,10:31:46

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Runing Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
	<MsnMsgr><"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
	<Windows Security Tool><WinSecure.exe>  [N/A]
	<NTSpool><NTSpool.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
	<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
	<nwiz><nwiz.exe /install>  []
	<NvMediaCenter><RunDLL32.exe NvMCTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
	<CJIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync>  [(Verified)Microsoft Corporation]
	<PHIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync>  [(Verified)Microsoft Corporation]
	<HP Software Update><C:\Program Files\HP\HP Software Update\HPWuSchd2.exe>  []
	<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
	<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
	<QuickTime Task><"C:\Program Files\QuickTime\QTTask.exe" -atboottime>  [Apple Inc.]
	<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]
	<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
	<MFP Manager><"C:\Program Files\MFP Server Utilities\MFPAgent.exe" -CheckAutoRun>  [Edimax Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
	<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
	<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
	<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
Startup Folders
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[HP Digital Imaging Monitor]
  <C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>

==================================
Services
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><>
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple, Inc.>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[iPod 服務 / iPod Service][Stopped/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Auto Start]
  <C:\WINDOWS\system32\HPZipm12.exe><HP>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
  <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>

==================================
Drivers
[a347bus / a347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\a347bus.sys><>
[a347scsi / a347scsi][Running/Boot Start]
  <\SystemRoot\System32\Drivers\a347scsi.sys><>
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[MFP Server Enhanced Controller / ALIWEHCD][Running/Auto Start]
  <System32\Drivers\mfpec.sys><None>
[Composite Device / AliWGP][Running/Manual Start]
  <system32\DRIVERS\mfpcomp.sys><None>
[標準 IDE/ESDI 硬碟控制器 / atapi][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\atapi.sys><N/A>
[BUFFALO WLI-CB-XXX Series Wireless LAN Adapter / CBBCM43][Stopped/Manual Start]
  <system32\DRIVERS\CBG54.sys>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[EZUSB PC/SC Smart Card Reader / EZUSB][Stopped/Manual Start]
  <system32\DRIVERS\ezusb.sys><Castles Technology Co.,Ltd>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Running/Manual Start]
  <system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Running/Manual Start]
  <system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Running/Manual Start]
  <system32\DRIVERS\HPZius12.sys><HP>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Silicon Image SiI 3112 SATARaid Controller / SI3112r][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SI3112r.sys><Silicon Image, Inc.>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Megadrv3 / srosa][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\srosa.sys><N/A>
[MFP Server Detector / WUSBVBus][Running/Manual Start]
  <system32\DRIVERS\mfpvbus.sys><None>
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
  <system32\DRIVERS\yk51x86.sys><Marvell>

==================================
Browser Add-ons
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Symantec Intrusion Prevention]
  {6D53EC84-6AAE-4787-AEEE-F4628F01010C} <C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll, N/A>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live 登入小幫手]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Java Plug-in 1.6.0_05]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[參考資料(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[CKAVWebScan Object]
  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[Symantec AntiVirus scanner]
  {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\avsniff.dll, Symantec Corporation>
[Symantec RuFSI Utility Class]
  {644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[CTCBWebATM Control]
  {7067DEA7-8C20-4519-8615-B1829371D8B9} <C:\WINDOWS\DOWNLO~1\CTCBWE~1.OCX, >
[AcDcToday Control]
  {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} <C:\WINDOWS\DOWNLO~1\ACDCTO~1.OCX, Autodesk>
[SendOrder Class]
  {88B8A9C7-10A1-4535-8EEB-0D875349E5B8} <C:\WINDOWS\DOWNLO~1\axekey.dll, >
[Java Plug-in 1.6.0_05]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[TFBWebATM Control]
  {8E1D16E3-37B1-48B8-862E-9D646FC0C8FF} <C:\WINDOWS\DOWNLO~1\TFBWEB~1.OCX, >
[a-squared Scanner]
  {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} <C:\WINDOWS\DOWNLO~1\asquared.ocx, Emsi Software GmbH>
[Java Plug-in 1.6.0_03]
  {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_05]
  {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_05]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll, Sun Microsystems, Inc.>
[get_atlcom Class]
  {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} <C:\WINDOWS\Downloaded Program Files\gp.ocx, NOS Microsystems Ltd.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[XCSP Class]
  {F0754118-706B-4E14-8ED9-96E7A18DB894} <C:\WINDOWS\Downloaded Program Files\ESunCSP.dll, 玉山銀行>
[AcPreview Control]
  {F281A59C-7B65-11D3-8617-0010830243BD} <C:\WINDOWS\DOWNLO~1\ACPREV~1.OCX, Autodesk>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CKAVWebScan Object]
  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[Symantec AntiVirus scanner]
  {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\avsniff.dll, Symantec Corporation>
[SVG Document]
  {377B5106-3B4E-4A2D-8520-8767590CAC86} <C:\PROGRA~1\COMMON~1\Adobe\SVGVIE~1.0\NPSVG3.dll, Adobe Systems Incorporated>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[CKAVReportCtrl Object]
  {6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Symantec RuFSI Utility Class]
  {644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Symantec Intrusion Prevention]
  {6D53EC84-6AAE-4787-AEEE-F4628F01010C} <C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll, N/A>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[CTCBWebATM Control]
  {7067DEA7-8C20-4519-8615-B1829371D8B9} <C:\WINDOWS\DOWNLO~1\CTCBWE~1.OCX, >
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[SendOrder Class]
  {88B8A9C7-10A1-4535-8EEB-0D875349E5B8} <C:\WINDOWS\DOWNLO~1\axekey.dll, >
[TFBWebATM Control]
  {8E1D16E3-37B1-48B8-862E-9D646FC0C8FF} <C:\WINDOWS\DOWNLO~1\TFBWEB~1.OCX, >
[Windows Live 登入小幫手]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[a-squared Scanner]
  {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} <C:\WINDOWS\DOWNLO~1\asquared.ocx, Emsi Software GmbH>
[get_atlcom Class]
  {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} <C:\WINDOWS\Downloaded Program Files\gp.ocx, NOS Microsystems Ltd.>
[Msxml]
  {CFC399AF-D876-11D0-9C10-00C04FC99C8E} <%SystemRoot%\system32\msxml3.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[]
  {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[XCSP Class]
  {F0754118-706B-4E14-8ED9-96E7A18DB894} <C:\WINDOWS\Downloaded Program Files\ESunCSP.dll, 玉山銀行>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[匯出至 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 668 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 732 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 784 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.7]
	[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 828 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 840 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1000 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1096 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1188 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
[PID: 1228 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1356 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
[PID: 1432 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
	[C:\WINDOWS\system32\HPBMMON.DLL]  [Hewlett-Packard, 10.00.16]
	[C:\WINDOWS\system32\hpdomon.dll]  [Hewlett-Packard, 03.42.00]
	[C:\WINDOWS\system32\HPBHealr.dll]  [N/A, ]
	[C:\WINDOWS\system32\HpTcpMon.dll]  [Hewlett Packard, 5.01.00.011]
	[C:\WINDOWS\system32\hpzjrd01.dll]  [Hewlett Packard, 2.01.00.003]
	[C:\WINDOWS\system32\HPTcpMUI.dll]  [Microsoft Corporation, 5.01.00.011]
	[C:\WINDOWS\system32\hptcpmib.dll]  [Hewlett Packard, 5.01.00.011]
	[C:\WINDOWS\system32\hpzsnt12.dll]  [HP, 14.00.00.41711]
	[C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
	[C:\WINDOWS\system32\FXHL2ZIL.DLL]  [Fuji Xerox Co., Ltd., 1.000.501.13]
	[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
	[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzpm312.dll]  [HP, 2.335.5.0]
	[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku12.dll]  [HP, 2.335.5.0]
[PID: 1480 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1568 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe]  [Apple, Inc., 1, 14, 0, 0]
[PID: 1592 / SYSTEM][C:\WINDOWS\system32\drivers\CDAC11BA.EXE]  [Macrovision, 4.20.020]
[PID: 1644 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9131]
[PID: 1692 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\hpgwiamd.dll]  [Hewlett-Packard, 3.2.2.905]
[PID: 608 / Jack][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
	[C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
	[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
	[C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
	[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHT]  [Adobe Systems, Inc., 8.0.0.0]
	[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
	[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1332 / Jack][C:\WINDOWS\system32\RunDLL32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\NvMCTray.dll]  [NVIDIA Corporation, 6.14.10.9131]
	[C:\WINDOWS\system32\NVRSZHT.DLL]  [NVIDIA Corporation, 6.14.10.9131]
[PID: 1828 / Jack][C:\Program Files\MFP Server Utilities\MFPAgent.exe]  [Edimax Technology Co., Ltd., 1, 0, 6, 2]
[PID: 1684 / Jack][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1724 / Jack][C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe]  [Microsoft Corporation, 8.5.1302.1018]
	[C:\Program Files\Windows Live\Messenger\MSNCore.dll]  [Microsoft Corporation, 8.5.1302.1018]
	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
	[C:\Program Files\Windows Live\Messenger\msidcrl40.dll]  [Microsoft Corporation, 4.100.313.1]
	[C:\Program Files\Windows Live\Messenger\ContactsUX.dll]  [Microsoft Corporation, 8.5.1302.1018]
	[C:\Program Files\Windows Live\Messenger\msgslang.8.5.1302.1018.dll]  [Microsoft Corporation, 8.5.1302.1018]
	[C:\Program Files\Windows Live\Messenger\msgsres.dll]  [Microsoft Corporation, 8.5.1302.1018]
	[C:\Program Files\Windows Live\Messenger\MSGSWCAM.dll]  [Microsoft Corporation, 8.5.1302.1018]
	[C:\WINDOWS\system32\sirenacm.dll]  [Microsoft Corporation, 8.5.1302.1018]
	[C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 1900 / Jack][C:\WINDOWS\system32\ServoApp.exe]  [, 1, 1, 3, 1]
	[C:\WINDOWS\system32\ddschk.dll]  [, 1, 0, 0, 5]
[PID: 1124 / Jack][C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll]  [Hewlett-Packard Co., 50.0.206.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc]  [Hewlett-Packard Co., 50.0.206.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll]  [Hewlett-Packard Co., 53.0.20.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\WINDOWS\system32\hpzidr12.dll]  [HP, 9, 0, 0, 0]
	[C:\WINDOWS\system32\hpzipr12.dll]  [HP, 9, 0, 0, 0]
[PID: 2200 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2688 / Jack][C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.rsc]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
	[C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll]  [Hewlett-Packard Co., 53.0.13.000]
	[C:\WINDOWS\system32\hpzipr12.dll]  [HP, 9, 0, 0, 0]
	[C:\WINDOWS\system32\hpzidr12.dll]  [HP, 9, 0, 0, 0]
	[C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc]  [Hewlett-Packard Co., 53.0.13.000]
[PID: 3776 / Jack][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
	[C:\WINDOWS\system32\IEFRAME.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
	[C:\WINDOWS\system32\IEUI.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
	[C:\WINDOWS\system32\xmllite.dll]  [Microsoft Corporation, 1.00.1018.0]
	[C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
	[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
	[C:\Program Files\Internet Explorer\ieproxy.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
	[c:\program files\google\googletoolbar1.dll]  [Google Inc., 4, 0, 1601, 4978]
	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
	[C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll]  [Sun Microsystems, Inc., 6.0.50.13]
	[C:\Program Files\Java\jre1.6.0_05\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll]  [Microsoft Corporation, 4.200.520.1]
	[C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll]  [Microsoft Corporation, 4.200.520.1]
	[C:\WINDOWS\system32\ieapfltr.dll]  [Microsoft Corporation, 7.0.6000.16461]
	[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]
	[C:\WINDOWS\system32\MSTCIPHA.IME]  [Microsoft Corporation, 6.5.5515.0]
	[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
	[C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
	[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll]  [Microsoft Corporation, 1.1.4322.2407]
	[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll]  [Microsoft Corporation, 1.1.4322.2407]
	[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
	[C:\PROGRA~1\COMMON~1\MICROS~1\IME\SHARED2.0\MSCAND20.DLL]  [Microsoft Corporation, 9.0.5510.0]
	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHT]  [Adobe Systems, Inc., 8.0.0.0]
[PID: 4016 / Jack][C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe]  [Microsoft Corporation, 4.200.520.1]
	[C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll]  [Microsoft Corporation, 4.200.520.1]
	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
[PID: 1148 / Jack][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1144 / Jack][C:\PROGRA~1\MOZILL~1\FIREFOX.EXE]  [Mozilla Corporation, 1.8.1.12: 2008020121]
	[C:\PROGRA~1\MOZILL~1\js3250.dll]  [Netscape Communications Corporation, 4.0]
	[C:\PROGRA~1\MOZILL~1\nspr4.dll]  [Netscape Communications Corporation, 4.6.8]
	[C:\PROGRA~1\MOZILL~1\xpcom_core.dll]  [Mozilla Foundation, 1.8.1.12: 2008020121]
	[C:\PROGRA~1\MOZILL~1\plc4.dll]  [Netscape Communications Corporation, 4.6.8]
	[C:\PROGRA~1\MOZILL~1\plds4.dll]  [Netscape Communications Corporation, 4.6.8]
	[C:\PROGRA~1\MOZILL~1\smime3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]
	[C:\PROGRA~1\MOZILL~1\nss3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]
	[C:\PROGRA~1\MOZILL~1\softokn3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
	[C:\PROGRA~1\MOZILL~1\ssl3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]
	[C:\PROGRA~1\MOZILL~1\xpcom_compat.dll]  [Mozilla Foundation, 1.8.1.12: 2008020121]
	[C:\PROGRA~1\MOZILL~1\components\myspell.dll]  [Mozilla Foundation, 1.8.1.12: 2008020121]
	[C:\PROGRA~1\MOZILL~1\components\jar50.dll]  [Mozilla Foundation, 1.8.1.12: 2008020121]
	[C:\PROGRA~1\MOZILL~1\freebl3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.64]
	[C:\PROGRA~1\MOZILL~1\components\spellchk.dll]  [Mozilla Foundation, 1.8.1.12: 2008020121]
	[C:\PROGRA~1\MOZILL~1\plugins\npnul32.dll]  [mozilla.org, 1, 0, 0, 15]
[PID: 2064 / Jack][C:\Documents and Settings\Jack\桌面\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
	[C:\Documents and Settings\Jack\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
[E:\]
[autorun]
open=setup.exe
icon=setup.exe,0

==================================
HOSTS File
127.0.0.1	   localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1568, C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1644, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1828, C:\PROGRAM FILES\MFP SERVER UTILITIES\MFPAGENT.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1900, C:\WINDOWS\SYSTEM32\SERVOAPP.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1124, C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2688, C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
	[1452] C:\WINDOWS\system32\drivers\hldrrr.exe
	[3556] C:\WINDOWS\system32\wintems.exe

==================================


BC AdBot (Login to Remove)

 


m

#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:35 PM

Posted 15 March 2008 - 09:57 PM

Please read the following carefully before downloading the program indicated. If this procedure is not done as directed, it does not work!!
Also, in the event you already downloaded ComboFix, this is a new version, so please remove the version you have.


Download ComboFix
Save to the Desktop <<< Important!!
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image
  • Please do not rename ComboFix to any other name, but only to the one indicated: Combo-Fix
  • Close any open browsers, and close/disable all AntiVirus and AntiMalware programs so they do not interfere with the running of Combo-Fix.
  • Double click on Combo-Fix.exe and follow the prompts.

  • Combo-Fix disconnects the computer from the Internet as soon as it starts
  • Please do not attempt to re-connect to the Internet until Combo-Fix has completely finished.
  • If there is no Internet connection after running Combo-Fix, then restart the computer to restore the connection.

  • Do not click on the window while the program is running, it may cause the system to stall.
  • When finished, the program produces a report: C:\Combo-Fix.txt
~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please post the Combo-Fix.txt, and a new HijackThis log in your reply.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users