Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Unknown Virus That Makes Computer Screen Turn To Backgroud Only On Startup


  • This topic is locked This topic is locked
2 replies to this topic

#1 chrono314

chrono314

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 05 July 2008 - 09:26 AM

I'm visiting in China and found their computer filled with trojans/viruses/worms, how can I get rid of them? The computer sometimes turns to a background on startup and freezes frequently. It is a custom installed computer model. If anyone can help me get rid of these things, I would really appreciate it. Thanks. Here is the main.txt and extra.txt from dss

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-05 22:17:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-07-05 14:17:20 UTC - RP1 - 系统检查点


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-05 22:18:44
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\WINLOGON.EXE
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
F:\Rising\Rav\CCenter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
F:\Rising\Rav\RavMonD.exe
C:\WINDOWS\explorer.exe
F:\Rising\Rav\RavStub.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
F:\Rising\Rav\RavTask.exe
C:\Program Files\Windows Live\家庭安全设置\fssui.exe
F:\Rising\Rav\RavMon.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\agentsvr.exe
C:\Program Files\Windows Live\家庭安全设置\fsssvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\Documents and Settings\Administrator\桌面\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\conime.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tb.9533.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 链接
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\Web\index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: tisqatyu.dll - {18093456-9012-4568-9076-908765467181} - C:\WINDOWS\system32\tisqatyu.dll
O2 - BHO: detxbiua.dll - {20618412-C528-C784-C056-C164D1F7C502} - C:\WINDOWS\system32\detxbiua.dll
O2 - BHO: erxybloe.dll - {20909876-4567-3908-4056-909834565102} - C:\WINDOWS\system32\erxybloe.dll
O2 - BHO: opshbbty.dll - {22596546-2036-9451-6058-658402589722} - C:\WINDOWS\system32\opshbbty.dll
O2 - BHO: ijdybpaw.dll - {2A698452-C5D8-C584-C256-C264C987C5A2} - C:\WINDOWS\system32\ijdybpaw.dll
O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} - C:\WINDOWS\system32\skqncbib.dll
O2 - BHO: opshcbty.dll - {32596546-2036-9451-6058-658402589723} - C:\WINDOWS\system32\opshcbty.dll
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} - C:\WINDOWS\system32\nhmxcjkl.dll
O2 - BHO: tisqctyu.dll - {38093456-9012-4568-9076-908765467183} - C:\WINDOWS\system32\tisqctyu.dll
O2 - BHO: akjsckaq.dll - {3A908760-8000-4000-A000-9000322145A3} - C:\WINDOWS\system32\akjsckaq.dll
O2 - BHO: oswxdttb.dll - {43512378-9874-5641-1025-985420368734} - C:\WINDOWS\system32\oswxdttb.dll
O2 - BHO: lofsdjbo.dll - {470165F1-9F65-569F-F895-F14F58F41074} - C:\WINDOWS\system32\lofsdjbo.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\家庭安全设置\fssbho.dll
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll
O2 - BHO: skqnebib.dll - {52023698-6984-8541-9654-698745012525} - C:\WINDOWS\system32\skqnebib.dll
O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - C:\WINDOWS\system32\ptjhehlp.dll
O2 - BHO: pjjxedwd.dll - {54FAE856-AD58-20CB-A025-CD4895FA6E45} - C:\WINDOWS\system32\pjjxedwd.dll
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll
O2 - BHO: tysqbkol.dll - {5D098345-6785-1098-5413-678067AE03D5} - C:\WINDOWS\system32\tysqbkol.dll
O2 - BHO: mpmyfapi.dll - {6629FF4F-ACDB-5C90-A098-FACB3456A266} - C:\WINDOWS\system32\mpmyfapi.dll
O2 - BHO: mndhfdwd.dll - {6C648541-1025-9650-9057-6541258720C6} - C:\WINDOWS\system32\mndhfdwd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: apsggjba.dll - {7FD45A54-9875-698F-E56E-65102358FDF7} - C:\WINDOWS\system32\apsggjba.dll
O2 - BHO: yxfhcjpg.dll - {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} - C:\WINDOWS\system32\yxfhcjpg.dll
O2 - BHO: mndshsrv.dll - {87FD640A-158F-48AC-FD14-1597F14A9778} - C:\WINDOWS\system32\mndshsrv.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live 登录帮助程序 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: yzztjmsn.dll - {A490415F-65F8-B5C5-D8BA-9405FB12054A} - C:\WINDOWS\system32\yzztjmsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: yzztlmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:\WINDOWS\system32\yzztlmsn.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: 快捷工具条3.21 - {BE830FD4-E393-417F-9F4B-CC70ABB3384C} - C:\WINDOWS\system32\IETool.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [switch] c:\windows\system32\壁纸自动换.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [RavTask] "F:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\家庭安全设置\fssui.exe" -autorun
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint打印 - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint添加到打印列表 - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint预览 - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint高速打印 - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O15 - Trusted Zone: http://rising.com.cn (HKCU)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcv...2007/OL2006.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{E9D166A5-4F76-4922-846E-7907CD6C320A}: NameServer = 202.99.96.68 202.99.104.68
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: yzztjmsn.dll,akjsckaq.dll,tisqatyu.dll,nhmxcjkl.dll,skqncbib.dll,msosdrop00.dll,ieprot.dll,yzztlmsn.dll,skqnebib.dll,tisqctyu.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - F:\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\Rising\Rav\RavMonD.exe


--
End of file - 11559 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 JRAID - c:\windows\system32\drivers\jraid.sys <Not Verified; JMicron Technology Corp.; JMicron JR036X RAID Driver>
R0 RsAntiSpyware - c:\windows\system32\drivers\rsboot.sys <Not Verified; Beijing Rising Technology Co., Ltd.; Rising KaKa>
R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys <Not Verified; ; ATK0110 ACPI Utility>

S3 Atixeve21343 - c:\docume~1\admini~1\locals~1\temp\~wxp2ins.218.tmp (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-05 06:38:34 270 --a------ C:\WINDOWS\Tasks\查看 Windows Live Toolbar 更新.job


-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-05 22:09:09 128 --ah----- C:\aaw7boot.cmd
2008-07-04 22:19:45 0 d-------- C:\Program Files\Lavasoft
2008-07-04 21:57:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-04 21:52:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-04 17:26:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-07-04 16:47:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-04 16:45:07 163840 --a------ C:\WINDOWS\system32\vmnc.dll <Not Verified; VMware, Inc.; VMware Workstation>
2008-07-04 16:45:07 76800 --a------ C:\WINDOWS\system32\VDODEC32.dll <Not Verified; VDOnet Corp.; Vdodec32.dll>
2008-07-04 16:45:07 204800 --a------ C:\WINDOWS\system32\lsvxdec.dll <Not Verified; Espre Solutions Inc; Espre Video Codec>
2008-07-04 16:45:07 307200 --a------ C:\WINDOWS\system32\icmw_32.dll <Not Verified; Aware Inc.; MotionWavelets by Aware>
2008-07-04 16:45:07 40960 --a------ C:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2008-07-04 16:45:07 88464 --a------ C:\WINDOWS\system32\DECVW_32.DLL <Not Verified; VDOnet Corp.; Decvw_32.dll>
2008-07-04 16:45:07 135168 --a------ C:\WINDOWS\system32\clrviddd.dll <Not Verified; Iterated Systems, Inc.; ClearVideo>
2008-07-04 16:45:07 312832 --a------ C:\WINDOWS\system32\CLRVIDDC.DLL <Not Verified; eMajix.com, Inc.; ClearVideo Decoder DLL>
2008-07-04 16:45:07 155648 --a------ C:\WINDOWS\system32\avidavicodec.dll <Not Verified; Avid Technology, Inc; Avid AVI Codec Version 2.0d2>
2008-07-04 16:45:07 150016 --a------ C:\WINDOWS\system32\ativcr2.dll <Not Verified; ATI Technologies, Inc.; Xpression TV>
2008-07-04 16:45:07 92672 --a------ C:\WINDOWS\system32\asusasv2.dll
2008-07-04 16:45:07 71680 --a------ C:\WINDOWS\system32\asusasv1.dll
2008-07-04 16:45:07 24064 --a------ C:\WINDOWS\system32\aasc32.dll <Not Verified; Autodesk, Inc.; Autodesk Animation Studio>
2008-07-04 16:45:06 630784 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-07-04 16:45:06 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-07-04 16:45:06 102400 --a------ C:\WINDOWS\system32\tsccvid.dll <Not Verified; TechSmith Corporation; TechSmith Screen Capture Codec>
2008-07-04 16:45:06 75264 --a------ C:\WINDOWS\system32\MACDec.dll <Not Verified; Matthew T. Ashland; Monkey's Audio>
2008-07-04 16:45:04 761856 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-04 16:45:04 480 --a------ C:\WINDOWS\system32\keys.dat
2008-07-04 16:45:04 0 d-------- C:\Program Files\Common Files\Real
2008-07-02 23:05:01 222208 -----n--- C:\WINDOWS\system32\jfdses.dll
2008-07-02 23:04:30 258048 -----n--- C:\WINDOWS\system32\rfdswc.dll
2008-07-02 23:04:02 225792 -----n--- C:\WINDOWS\system32\zgrjdx.dll
2008-07-02 23:03:53 240128 -----n--- C:\WINDOWS\system32\hhrdxd.dll
2008-07-02 23:03:44 24 --a------ C:\WINDOWS\system32\ijsgajba.sys
2008-07-02 23:03:35 0 d--hs---- C:\NBA_Temp
2008-07-02 23:03:15 236544 -----n--- C:\WINDOWS\system32\mfdesy.dll
2008-07-01 00:55:40 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-06-22 21:48:39 222208 -----n--- C:\WINDOWS\system32\sjhrdh.dll
2008-06-22 21:47:17 222208 -----n--- C:\WINDOWS\system32\jdsaex.dll
2008-06-18 07:51:34 222208 -----n--- C:\WINDOWS\system32\tfsdmz.dll
2008-06-18 07:51:25 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-06-18 07:51:16 225792 -----n--- C:\WINDOWS\system32\jggtsr.dll
2008-06-18 07:51:07 12036 -----n--- C:\WINDOWS\system32\msosdrop00.dll
2008-06-18 07:51:07 256 --a------ C:\WINDOWS\system32\msosdrop.dat
2008-06-18 07:50:30 218624 -----n--- C:\WINDOWS\system32\tdggrz.dll
2008-06-18 07:50:21 218624 -----n--- C:\WINDOWS\system32\fsrgeb.dll
2008-06-18 07:50:12 24 --a------ C:\WINDOWS\system32\toqnabib.sys
2008-06-18 07:49:54 218624 -----n--- C:\WINDOWS\system32\sgrefg.dll
2008-06-18 07:49:35 24 --a------ C:\WINDOWS\system32\wymxajkl.sys
2008-06-18 07:49:26 24 --a------ C:\WINDOWS\system32\tiwxattb.sys
2008-06-18 07:48:40 24 --a------ C:\WINDOWS\system32\sqjsakaq.sys
2008-06-18 07:48:03 236544 -----n--- C:\WINDOWS\system32\wklsdd.dll
2008-06-18 07:47:44 275968 -----n--- C:\WINDOWS\system32\mtewdh.dll
2008-06-18 07:47:25 0 d--h----- C:\WINDOWS\Down_Temp


-- Find3M Report ---------------------------------------------------------------

2008-07-04 21:52:38 2050 --a------ C:\WINDOWS\system32\cid_store.dat
2008-06-02 20:32:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-02 20:30:50 0 d-------- C:\Program Files\Java
2008-06-02 20:24:12 0 d-------- C:\Program Files\Common Files\Java
2008-05-15 14:44:58 122880 --a------ C:\WINDOWS\system32\ieprot.dll <Not Verified; Beijing Rising Technology Co., Ltd.; IE Protector>
2008-05-11 21:27:10 112 --a------ C:\WINDOWS\popcinfo.dat
2008-04-30 21:25:28 720896 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18093456-9012-4568-9076-908765467181}]
2004-08-09 07:49 533512 --------- C:\WINDOWS\system32\tisqatyu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20618412-C528-C784-C056-C164D1F7C502}]
2004-08-08 23:06 535048 --------- C:\WINDOWS\system32\detxbiua.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20909876-4567-3908-4056-909834565102}]
2004-08-09 07:51 536584 --------- C:\WINDOWS\system32\erxybloe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22596546-2036-9451-6058-658402589722}]
2004-08-09 07:49 534024 --------- C:\WINDOWS\system32\opshbbty.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A698452-C5D8-C584-C256-C264C987C5A2}]
2004-08-08 23:07 535048 --------- C:\WINDOWS\system32\ijdybpaw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32023698-6984-8541-9654-698745012523}]
2004-08-09 07:50 535048 --------- C:\WINDOWS\system32\skqncbib.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32596546-2036-9451-6058-658402589723}]
2004-08-08 23:05 534024 --------- C:\WINDOWS\system32\opshcbty.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35671234-7890-ABCD-CDEF-567801237653}]
2004-08-09 07:49 534024 --------- C:\WINDOWS\system32\yxcschlp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37AC9076-C898-B098-D098-A18319080973}]
2004-08-09 07:49 536072 --------- C:\WINDOWS\system32\nhmxcjkl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38093456-9012-4568-9076-908765467183}]
2004-08-08 23:06 533512 --------- C:\WINDOWS\system32\tisqctyu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A908760-8000-4000-A000-9000322145A3}]
2004-08-09 07:48 535560 --------- C:\WINDOWS\system32\akjsckaq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43512378-9874-5641-1025-985420368734}]
2004-08-09 07:49 535560 --------- C:\WINDOWS\system32\oswxdttb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{470165F1-9F65-569F-F895-F14F58F41074}]
2004-08-08 23:06 534024 --------- C:\WINDOWS\system32\lofsdjbo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-10-17 13:53 57384 --a------ C:\Program Files\Windows Live\家庭安全设置\fssbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50940F85-F015-14F1-A05F-F69858AC6D05}]
2004-08-08 23:03 536072 --------- C:\WINDOWS\system32\zptlcsys.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52023698-6984-8541-9654-698745012525}]
2004-08-08 23:06 535048 --------- C:\WINDOWS\system32\skqnebib.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{528DF602-9541-A985-210A-984A698C6F25}]
2004-08-09 07:49 535560 --------- C:\WINDOWS\system32\ptjhehlp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54FAE856-AD58-20CB-A025-CD4895FA6E45}]
2004-08-09 07:48 535560 --------- C:\WINDOWS\system32\pjjxedwd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A069845-2036-6084-9054-6087502480A5}]
2004-08-09 07:51 534024 --------- C:\WINDOWS\system32\ozfyebyt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D098345-6785-1098-5413-678067AE03D5}]
2004-08-08 23:05 535560 --------- C:\WINDOWS\system32\tysqbkol.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6629FF4F-ACDB-5C90-A098-FACB3456A266}]
2004-08-09 07:47 537096 --------- C:\WINDOWS\system32\mpmyfapi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C648541-1025-9650-9057-6541258720C6}]
2004-08-09 07:48 536072 --------- C:\WINDOWS\system32\mndhfdwd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FD45A54-9875-698F-E56E-65102358FDF7}]
2004-08-08 23:03 537608 --------- C:\WINDOWS\system32\apsggjba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38}]
2004-08-09 07:50 534024 --------- C:\WINDOWS\system32\yxfhcjpg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87FD640A-158F-48AC-FD14-1597F14A9778}]
2004-08-08 23:06 534024 --------- C:\WINDOWS\system32\mndshsrv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A490415F-65F8-B5C5-D8BA-9405FB12054A}]
2004-08-09 07:48 536072 --------- C:\WINDOWS\system32\yzztjmsn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B490415F-65F8-B5C5-D8BA-9405FB12054B}]
2004-08-08 23:04 536584 --------- C:\WINDOWS\system32\yzztlmsn.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BE830FD4-E393-417F-9F4B-CC70ABB3384C}"= C:\WINDOWS\system32\IETool.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{BE830FD4-E393-417F-9F4B-CC70ABB3384C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"switch"="c:\windows\system32\壁纸自动换.exe" [2004-02-22 16:01]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 13:19]
"nwiz"="nwiz.exe" [2006-07-12 13:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 13:19]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 21:34]
"runeip"="C:\Program Files\Rising\AntiSpyware\runiep.exe" [2008-03-25 21:49]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 09:10]
"RavTask"="F:\Rising\Rav\RavTask.exe" [2008-01-28 20:45]
"fssui"="C:\Program Files\Windows Live\家庭安全设置\fssui.exe" [2007-10-17 13:53]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2005-02-28 17:53]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 12:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-12-20 20:39]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"KKDelay"=C:\Program Files\Rising\AntiSpyware\RunOnce.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}"= C:\WINDOWS\system32\shlhook.dll [2005-12-09 21:06 65536]
"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"= C:\WINDOWS\system32\RavExt.dll [2008-01-28 20:44 113264]
"{189F087F-4378-405F-85FA-37D955AD7A8C}"= C:\WINDOWS\system32\mtewdh.dll [2008-07-02 23:02 275968]
"{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}"= C:\WINDOWS\system32\wklsdd.dll [2008-07-02 23:02 236544]
"{C3D16072-2E1B-450B-B843-50EADDC8EB63}"= C:\WINDOWS\system32\bnmhggo0.dll [2007-06-13 21:21 110592]
"{6629FF4F-ACDB-5C90-A098-FACB3456A266}"= C:\WINDOWS\system32\mpmyfapi.dll [2004-08-09 07:47 537096]
"{A490415F-65F8-B5C5-D8BA-9405FB12054A}"= C:\WINDOWS\system32\yzztjmsn.dll [2004-08-09 07:48 536072]
"{6C648541-1025-9650-9057-6541258720C6}"= C:\WINDOWS\system32\mndhfdwd.dll [2004-08-09 07:48 536072]
"{3A908760-8000-4000-A000-9000322145A3}"= C:\WINDOWS\system32\akjsckaq.dll [2004-08-09 07:48 535560]
"{54FAE856-AD58-20CB-A025-CD4895FA6E45}"= C:\WINDOWS\system32\pjjxedwd.dll [2004-08-09 07:48 535560]
"{35671234-7890-ABCD-CDEF-567801237653}"= C:\WINDOWS\system32\yxcschlp.dll [2004-08-09 07:49 534024]
"{18093456-9012-4568-9076-908765467181}"= C:\WINDOWS\system32\tisqatyu.dll [2004-08-09 07:49 533512]
"{22596546-2036-9451-6058-658402589722}"= C:\WINDOWS\system32\opshbbty.dll [2004-08-09 07:49 534024]
"{43512378-9874-5641-1025-985420368734}"= C:\WINDOWS\system32\oswxdttb.dll [2004-08-09 07:49 535560]
"{37AC9076-C898-B098-D098-A18319080973}"= C:\WINDOWS\system32\nhmxcjkl.dll [2004-08-09 07:49 536072]
"{528DF602-9541-A985-210A-984A698C6F25}"= C:\WINDOWS\system32\ptjhehlp.dll [2004-08-09 07:49 535560]
"{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}"= C:\WINDOWS\system32\hhrdxd.dll [2008-07-02 23:03 240128]
"{32023698-6984-8541-9654-698745012523}"= C:\WINDOWS\system32\skqncbib.dll [2004-08-09 07:50 535048]
"{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}"= C:\WINDOWS\system32\fsrgeb.dll [2008-06-22 21:47 218624]
"{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}"= C:\WINDOWS\system32\tdggrz.dll [2008-07-02 23:05 218624]
"{83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38}"= C:\WINDOWS\system32\yxfhcjpg.dll [2004-08-09 07:50 534024]
"{5A069845-2036-6084-9054-6087502480A5}"= C:\WINDOWS\system32\ozfyebyt.dll [2004-08-09 07:51 534024]
"{CAED0F3B-DF8B-4DBF-BB20-8DFBC3199068}"= C:\WINDOWS\system32\jggtsr.dll [2008-07-02 23:04 225792]
"{875E07B1-0614-43D9-A76E-D76A28AB3D7B}"= C:\WINDOWS\system32\tfsdmz.dll [2008-06-18 07:51 222208]
"{20909876-4567-3908-4056-909834565102}"= C:\WINDOWS\system32\erxybloe.dll [2004-08-09 07:51 536584]
"{DC3D30AE-0380-4151-8934-EE98A34B0370}"= C:\WINDOWS\system32\mfdesy.dll [2008-07-02 23:03 236544]
"{B29583D8-033A-4B9F-8553-7C5458F3FB8E}"= C:\WINDOWS\system32\jdsaex.dll [2008-07-02 23:06 222208]
"{031B7024-4FC5-49B3-98EF-6B810FF12678}"= C:\WINDOWS\system32\sjhrdh.dll [2008-06-22 21:48 222208]
"{50940F85-F015-14F1-A05F-F69858AC6D05}"= C:\WINDOWS\system32\zptlcsys.dll [2004-08-08 23:03 536072]
"{7FD45A54-9875-698F-E56E-65102358FDF7}"= C:\WINDOWS\system32\apsggjba.dll [2004-08-08 23:03 537608]
"{461D2AB4-29A5-45C2-9134-D52272D3DE38}"= C:\WINDOWS\system32\rfdswc.dll [2008-07-02 23:04 258048]
"{B490415F-65F8-B5C5-D8BA-9405FB12054B}"= C:\WINDOWS\system32\yzztlmsn.dll [2004-08-08 23:04 536584]
"{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}"= C:\WINDOWS\system32\jfdses.dll [2008-07-02 23:05 222208]
"{5D098345-6785-1098-5413-678067AE03D5}"= C:\WINDOWS\system32\tysqbkol.dll [2004-08-08 23:05 535560]
"{32596546-2036-9451-6058-658402589723}"= C:\WINDOWS\system32\opshcbty.dll [2004-08-08 23:05 534024]
"{52023698-6984-8541-9654-698745012525}"= C:\WINDOWS\system32\skqnebib.dll [2004-08-08 23:06 535048]
"{38093456-9012-4568-9076-908765467183}"= C:\WINDOWS\system32\tisqctyu.dll [2004-08-08 23:06 533512]
"{87FD640A-158F-48AC-FD14-1597F14A9778}"= C:\WINDOWS\system32\mndshsrv.dll [2004-08-08 23:06 534024]
"{470165F1-9F65-569F-F895-F14F58F41074}"= C:\WINDOWS\system32\lofsdjbo.dll [2004-08-08 23:06 534024]
"{20618412-C528-C784-C056-C164D1F7C502}"= C:\WINDOWS\system32\detxbiua.dll [2004-08-08 23:06 535048]
"{2A698452-C5D8-C584-C256-C264C987C5A2}"= C:\WINDOWS\system32\ijdybpaw.dll [2004-08-08 23:07 535048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=yzztjmsn.dll,akjsckaq.dll,tisqatyu.dll,nhmxcjkl.dll,skqncbib.dll,msosdrop00.dll,ieprot.dll,yzztlmsn.dll,skqnebib.dll,tisqctyu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safebox.exe]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ati2evxx.exe]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\egui.exe]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\esafe.exe]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\idag.exe]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kaccore.exe]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPPMain.exe]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVFW.EXE]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OllyDBG.EXE]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OllyICE.EXE]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procexp.exe]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qqsc.exe]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravtool.exe]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regtool.exe]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwproxy.exeFYFireWall.exe]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwstub.exe]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safebank.exe]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WinDbg.exe]
Debugger=C:\WINDOWS\system32\
h9/鹏t泤%+狑踦

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7727741-1529-11dd-b479-0017316ebbe3}]
Auto\command- H:\tel.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d55c5b64-c1b9-11dc-b3c6-0017316ebbe3}]
Auto\command- H:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec162232-e139-11dc-b416-0017316ebbe3}]
Auto\command- H:\tel.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe




-- End of Deckard's System Scanner: finished at 2008-07-05 22:19:38 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Chinese

CPU 0: Intel® Core™2 CPU 6300 @ 1.86GHz
CPU 1: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1023.17 MiB / 612.7 MiB
Pagefile Memory (total/avail): 2460.48 MiB / 2006.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1898.25 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 19.52 GiB total, 14.28 GiB free.
D: is Fixed (NTFS) - 39.07 GiB total, 36.05 GiB free.
E: is Fixed (NTFS) - 43.95 GiB total, 43.72 GiB free.
F: is Fixed (NTFS) - 46.5 GiB total, 44.45 GiB free.
G: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST3160811AS - 149.05 GiB - 4 partitions
\PARTITION0 (bootable) - Unknown - 19.53 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 129.51 GiB - D: - E: - F:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.
FirewallOverride is set.

AV: 瑞星杀毒软件下载版 v (Beijing Rising Tech. Co. Ltd.) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Thunder\\Program\\Thunder5.exe"="C:\\Program Files\\Thunder\\Program\\Thunder5.exe:*:Disabled:Thunder"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPS网络电视"
"D:\\Program Files\\Tencent\\QQ\\QQ.exe"="D:\\Program Files\\Tencent\\QQ\\QQ.exe:*:Enabled:腾讯QQ"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\GlobalLink\\Game\\Share\\GLDClient.exe"="C:\\Program Files\\GlobalLink\\Game\\Share\\GLDClient.exe:*:Enabled:GLDClient"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=6CDC587045DE4AF
ComSpec=C:\WINDOWS\system32\cmd.exe
DEVMGR_SHOW_NONPRESENT_DEVICES=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\6CDC587045DE4AF
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
Rav=C:\Documents and Settings\All Users\Application Data\Rising\Rav
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=6CDC587045DE4AF
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 5.0.1 PowerPack --> MsiExec.exe /I{5058B085-AA79-41E5-A726-681B4C4B846E}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Canon PhotoRecord --> MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP1500 --> C:\WINDOWS\system32\CNMCP5y.exe "-PRINTERNAMECanon PIXMA iP1500" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmi0804.dll"
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities Easy-PrintToolBox --> C:\WINDOWS\BJPSUNST.EXE
CGoban 3 --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://files.gokgs.com/javaBin/cgoban.jnlp"
Easy-WebPrint --> C:\WINDOWS\IsUn0804.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.094\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
lord_skin_1 --> C:\WINDOWS\system32\GLSetup2.exe /Uninstall:lord_skin_1.xml
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110804-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PlayerPlus --> C:\WINDOWS\system32\GLSetup2.exe /Uninstall:PlayerPlus.xml
PPS网络电视 --> C:\Program Files\PPStream\uninst.exe
RoomPlus --> C:\WINDOWS\system32\GLSetup2.exe /Uninstall:RoomPlus.xml
SkinPlus --> C:\WINDOWS\system32\GLSetup2.exe /Uninstall:SkinPlus.xml
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{75F9C7CC-1EF0-4E03-BCD5-DF715CD7AFD1}
Windows Live Mail --> MsiExec.exe /I{C8E74146-A052-499A-9125-3ECB52EE831A}
Windows Live Messenger --> MsiExec.exe /X{3DD5CE10-6673-499D-8FC0-66C953121B1D}
Windows Live OneCare 家庭安全设置 --> MsiExec.exe /X{9C0B9A42-60C2-47AD-8CB0-F4BE05DFF297}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {A721CEE2-E9B3-44F6-8835-36CCF34E5197}
Windows Live Toolbar --> MsiExec.exe /X{A721CEE2-E9B3-44F6-8835-36CCF34E5197}
Windows Live Toolbar 扩展 (Windows Live Toolbar) --> MsiExec.exe /X{E7CBA934-3B15-45E7-AAA3-2680C3456756}
Windows Live 登录助手 --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live 照片库 --> MsiExec.exe /X{3A8A06D6-AE0B-42AC-8D59-F09F4B3D10D4}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows XP (KB923689) 安全更新 -->
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB917537) --> "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB921503) -->
Windows XP 安全更新 (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB923694) -->
Windows XP 安全更新 (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Windows XP 安全更新 (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB925454) -->
Windows XP 安全更新 (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB926255) -->
Windows XP 安全更新 (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB929123) -->
Windows XP 安全更新 (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB933566) -->
Windows XP 安全更新 (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB935839) -->
Windows XP 安全更新 (KB935840) -->
Windows XP 安全更新 (KB936021) -->
Windows XP 安全更新 (KB937143) -->
Windows XP 安全更新 (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB938127) -->
Windows XP 安全更新 (KB938829) -->
Windows XP 安全更新 (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB947864) --> "C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Windows XP 更新 (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Windows XP 更新 (KB896256) --> "C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Windows XP 更新 (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Windows XP 更新 (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Windows XP 更新 (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Windows XP 更新 (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Windows XP 更新 (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Windows XP 更新 (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Windows XP 更新 (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Windows XP 更新 (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Windows XP 更新 (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Windows XP 更新 (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Windows XP 更新 (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Windows XP 更新 (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Windows XP 更新 (KB933360) -->
Windows XP 更新 (KB936357) -->
Windows XP 更新 (KB938828) -->
Windows XP 修补程序 (KB924441) --> "C:\WINDOWS\$NtUninstallKB924441$\spuninst\spuninst.exe"
Windows XP 修补程序 (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Windows XP 修补程序 (KB935843) --> "C:\WINDOWS\$NtUninstallKB935843$\spuninst\spuninst.exe"
Windows XP 修补程序包 - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB885626 --> C:\WINDOWS\$NtUninstallKB885626$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB886677 --> C:\WINDOWS\$NtUninstallKB886677$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP 修补程序包 - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinRAR 压缩文件管理器 --> C:\Program Files\WinRAR\uninstall.exe
矮人DOS工具箱 5.0+ --> C:\WINDOWS\iun6002.exe "C:\ADOS\\irunin.ini"
暴风影音2 --> C:\Program Files\StormII\uninst.exe
幻想游戏 3.1 --> C:\WINDOWS\iun6002.exe "F:\irunin.ini"
卡卡上网安全助手 --> C:\Program Files\Rising\AntiSpyware\KKUninst.exe
连连看3简体中文完全版 --> F:\连连看3简体中文完全版\unins000.exe
联众斗地主 --> C:\WINDOWS\system32\GLSetup2.exe /Uninstall:LordInstall.xml
联众拱猪 --> C:\WINDOWS\system32\GLSetup2.exe /Uninstall:HeartsInstall.xml
联众军旗 --> C:\WINDOWS\system32\GLSetup2.exe /Uninstall:JunQiInstall.1.31.3.6.xml
联众世界 --> C:\WINDOWS\system32\GLSetup2.exe /Uninstall:GLWORLD.xml
联众世界扩展组件 --> C:\WINDOWS\system32\GLSetup2.exe /Uninstall:ShareExInstall.1.0.0.3.xml
联众围棋 --> C:\WINDOWS\system32\GLSetup2.exe /Uninstall:GoInstall.xml
联众中国象棋 --> C:\WINDOWS\system32\GLSetup2.exe /Uninstall:ZGXQ_1.40.3.4.xml
绿色浏览器 4.3.1011 --> C:\Program Files\GreenBrowser\uninst.exe
面向 Windows Live Toolbar 的 Windows Live Favorites --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
千千静听 5.01 正式版 --> "C:\Program Files\TTPlayer\uninst.exe"
瑞星杀毒软件下载版 --> F:\Rising\Rav\Update\setup.exe /UNINSTALL
瑞星杀毒软件在线杀毒 --> C:\Program Files\Rising\RavWeb\Update\websetup.exe /UNINSTALL
瑞星在线杀毒 --> C:\Program Files\Rising\RavOL\OLUninst.exe
搜狗拼音输入法 3.0 正式版 (3.0.3.0177) --> "C:\Program Files\SogouInput\Uninstall.exe"
腾讯 QQ 2007 正式版 --> "d:\Program Files\Tencent\QQ\unins000.exe"
突出显示查看器 (Windows Live Toolbar) --> MsiExec.exe /X{9694CB9E-1403-4C3C-A906-C558B09A0664}
迅雷 5.7.4.401 --> C:\Program Files\Thunder\uninst.exe
智能菜单 (Windows Live Toolbar) --> MsiExec.exe /X{FE3FC078-47DD-472C-BAEF-77B42D61A817}


-- Application Event Log -------------------------------------------------------

Event Record #/Type773 / Warning
Event Submitted/Written: 07/01/2008 01:36:47 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows 不能卸载您的类注册文件 - 还有别的应用程序或服务在使用它。此文件将在不再被使用时卸载。



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7288 / Error
Event Submitted/Written: 07/05/2008 10:03:09 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
IPSEC Services 服务因下列错误而停止:
%%2148074295

Event Record #/Type7287 / Warning
Event Submitted/Written: 07/05/2008 10:02:53 PM
Event ID/Source: 1007 / Dhcp
Event Description:
计算机已自动配置网络地址为 0017316EBBE3 的网卡的 IP 地址。
使用的 IP 地址是 169.254.29.221。

Event Record #/Type7268 / Error
Event Submitted/Written: 07/05/2008 05:55:24 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
IPSEC Services 服务因下列错误而停止:
%%2148074295

Event Record #/Type7267 / Warning
Event Submitted/Written: 07/05/2008 05:55:07 AM
Event ID/Source: 1007 / Dhcp
Event Description:
计算机已自动配置网络地址为 0017316EBBE3 的网卡的 IP 地址。
使用的 IP 地址是 169.254.29.221。

Event Record #/Type7247 / Error
Event Submitted/Written: 07/04/2008 10:30:38 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
IPSEC Services 服务因下列错误而停止:
%%2148074295



-- End of Deckard's System Scanner: finished at 2008-07-05 22:19:38 ------------

BC AdBot (Login to Remove)

 


#2 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 26 July 2008 - 05:03 PM

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

I am sorry that we were unable to reply to your post sooner. The forums have been very busy.


I'm afraid I have unpleasant news for you. There is evidence of several infections on your computer.
One or more is a Password Stealer

It allows outsiders to monitor your Internet activity and private information. It then sends the stolen data to a hacker site.

If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
  • Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
    Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for an attempted identity theft.
I am sorry to be the bearer of bad news, but it is best that you know the full impact of this infection :thumbsup:

Please read this for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?


If you are still in need of assistance, please scan again with HijackThis and post a fresh log.

Also, please make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image

#3 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 02 August 2008 - 05:14 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users